dezso wrote:

Hi,

 

I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.

 

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/misc_utm_chapter.15...

https://forum.fortinet.com/tm.aspx?m=97017

 

From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.

I also had this problem with SSL deep inspection activated in the rule, Cloud app deep inspection activated in the application profile and fortinet certificate installed in the mobile phone. I found this KB, but before trying it, I tried adding *.whatsapp.net (from what I saw in the logs) in the deep inspection exception list and it seems to work.

Charrlleess wrote:

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

 

Hi

I'm having the same problem. I've tried quite a lot of different things. I exempted from SSL inspection *whatsapp* and it didn't work for me. I added *apple*, it also made no difference. At last I unchecked the exemption from Banking so it would inspect Banking. This worked for me for WhatsApp on iPhone.

However, people with iPhone complain also that they are unable to download / update apps from the appstore, even though I've excluded from SSL-inspection *apple*, *store*, and all those names.

Did someone maybe experience the same issue?

thx

I had the same issue. Turned out this was the Web Filter 'blocking' it.

For the 'unrated' websites I have a policy with action 'warning', so in your browser you'll get a portal of the FortiGate and you can click continue after you got the warning the site was blocked. This portal uses a self-singed certificate. The WhatsApp application obviously cannot understand this portal.

As an workaround you can add them manually, using the Web Rating Overrides and add the IP's WhatsApp is using as URL's. The ranges I've seen so far are:

inetnum: 169.55.235.160-169.55.235.191 inetnum: 169.54.222.128-169.54.222.159

 

I also asked FortiGuard to add the WhatsApp ranged to a category instead of unreated. Unfortunatally they only at one IP at the time I use the update URL catecory on http://www.fortiguard.com/static/webfiltering.html

any solution for this, i have a the same problem in Whatsapp pictures are not downloaded when enabling SSL..even the fortinet certificate is installed on the mobile.

but the problem in Whatsapp

Charrlleess wrote:

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

look above dude. if u don't read nobody can help u.

Try to add whatsapp.net as a FQDN on the ssl inspection certificate profile, it works for me.