I have problems with a policy where I include an application control where I block access to facebook, youtube and others, one of the applications that I allow within the control is whatsapp but it has presented problems since yesterday, the attached files are not They send and the messages are sent several minutes later, the same as when receiving. I have been doing tests and by allowing the known applications the whatsapp starts working correctly, someone could help me know what the problem is if everything was working well until yesterday that I present this inconvenient.
My device is a Fortigate 90D The only categories that I have blocked in the control of applications are: Botnet, Game, P2P, Social.Media, Update, Video/Audio and Unknown applications (now in monitor mode for whatsapp work)
The other categories are in monitor mode
Solved! Go to Solution.
Hi Discus,
I received the below feedback earlier today on my ticket I logged with Fortinet;
We have released improved WhatsApp signature in IPS definition version 12.315, please update the IPS definition to latest version and test again.
If the traffic about WhatsApp still detected as Facebook-Web in Forward Traffic log , please provide us a full packet capture which include the traffic, thanks.
I upgraded our IPS definition package to the latest version (12.315) and customer has confirmed it is working again with no issues. I've checked the logs, and the destinations where we were getting blocked (e6.whatsapp.net, e14.whatsapp.net, etc) which was classified as 'Facebook-Web' application traffic in the 'Unknown Applications' category, is now being seen as 'WhatsApp' application traffic within the 'Collaboration' category, which is correct.
Will continue to monitor and will revert if we pick up any issues.
i am having the same issue with a policy where I include an application control where one of the applications that I allow is whatsapp but it has presented problems since yesterday, the attached files are not sent and the messages are sent several minutes later, the same as when receiving. I have been doing tests and by allowing the unknown applications the whatsapp starts working correctly, someone could help me know what the problem is if everything was working well until yesterday. My device is a Fortigate 400D
As of Now the Unknown applications is Monitor Mode for Whatsapp to work, which i believe is not the correct way to have in the system
I'm seeing similar problems.
WhatsApp traffic that is not correctly assigned to WhatsApp can be categorised as:
[ul]Obviously, allowing unknown things is a bad idea...
Sadly, my 500E is also preventing me adding custom app signatures :\
This all manifests as WhatsApp being "broken" or "slow" depending on the user that's trying it. Mine is "slow" - crazily so.
We're not doing full SSL inspection, only certificate inspection. We're in proxy, not flow mode. FortiOS 5.6.3 Maybe that's a factor?
It certainly *was* working before last weekend, so either WhatsApp changed something, or Fortigate did (or both!).
Hi all,
Has anyone had any feedback from Fortinet regarding this issue?
I've logged a case with them to investigate as we picking up the same issue as Discuss stated above. Destination ranges from e6.whatsapp.net all the way up to e14.whatsapp.net, which is classified as a 'Facebook-Web' application within the 'Unknown' application category.
@Shaun - I also have an open case, and nothing yet beyond "we're looking into it"... :\
If *I* considered it enterprise traffic, I'd be fuming now, but it's something that people have adopted themselves (users may consider it critical...). Our official comms channels don't include it - but customers have become used to using it to contact our staff - and our staff have embraced it, despite all the goodies in GSuite etc. :\
However, it's been nearly a week now, so I expect some management push-back to come our way soon... :\
I suspect some newer definitions have been pushed - it seems to be working a little better today. Will keep an eye on it.
No feedback in my open ticket though. :\
Hi Discus,
I received the below feedback earlier today on my ticket I logged with Fortinet;
We have released improved WhatsApp signature in IPS definition version 12.315, please update the IPS definition to latest version and test again.
If the traffic about WhatsApp still detected as Facebook-Web in Forward Traffic log , please provide us a full packet capture which include the traffic, thanks.
I upgraded our IPS definition package to the latest version (12.315) and customer has confirmed it is working again with no issues. I've checked the logs, and the destinations where we were getting blocked (e6.whatsapp.net, e14.whatsapp.net, etc) which was classified as 'Facebook-Web' application traffic in the 'Unknown Applications' category, is now being seen as 'WhatsApp' application traffic within the 'Collaboration' category, which is correct.
Will continue to monitor and will revert if we pick up any issues.
Thanks Shaun. :)
Same problem.
so is there any solution?
i have followed this sol. but no luck. whatsapp not working.
https://kb.fortinet.com/kb/documentLink.do?externalID=FD37625
v6.2.1 build0932 (GA)
Application Control Signatures Version 14.00705Device & OS Identification Version 1.00084 Internet Service Database Definitions Version 7.00143AV Definitions Version 72.00388 AV Engine Version 6.00132 Mobile Malware Version 72.00388Security Rating Package Version 2.00027
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.