Hi All,
I want to allow WhatsApp and WhatsApp file transfer through application control, I blocked all categories under Application control and under application overrides allowed DNS,WhatsApp and Whatsapp_File.Transfer, I am able to send text messages but not able to send images. Any idea?
-Saim
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
If you create a test firewall policy above the one you're working on, filtering for only your one testing source IP, and add an application control sensor in that monitors all signatures, what shows up?
Does it detect the image transfer as another known signature, or is there nothing at all?
Regards, Chris McMullan Fortinet Ottawa
Hi,
I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.
https://forum.fortinet.com/tm.aspx?m=97017
From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.
- FortiFr34k11
dezso wrote:I also had this problem with SSL deep inspection activated in the rule, Cloud app deep inspection activated in the application profile and fortinet certificate installed in the mobile phone. I found this KB, but before trying it, I tried adding *.whatsapp.net (from what I saw in the logs) in the deep inspection exception list and it seems to work.Hi,
I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.
https://forum.fortinet.com/tm.aspx?m=97017
From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.
Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Charrlleess wrote:Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Hi
I'm having the same problem. I've tried quite a lot of different things. I exempted from SSL inspection *whatsapp* and it didn't work for me. I added *apple*, it also made no difference. At last I unchecked the exemption from Banking so it would inspect Banking. This worked for me for WhatsApp on iPhone.
However, people with iPhone complain also that they are unable to download / update apps from the appstore, even though I've excluded from SSL-inspection *apple*, *store*, and all those names.
Did someone maybe experience the same issue?
thx
I had the same issue. Turned out this was the Web Filter 'blocking' it.
For the 'unrated' websites I have a policy with action 'warning', so in your browser you'll get a portal of the FortiGate and you can click continue after you got the warning the site was blocked. This portal uses a self-singed certificate. The WhatsApp application obviously cannot understand this portal.
As an workaround you can add them manually, using the Web Rating Overrides and add the IP's WhatsApp is using as URL's. The ranges I've seen so far are:
inetnum: 169.55.235.160-169.55.235.191 inetnum: 169.54.222.128-169.54.222.159
I also asked FortiGuard to add the WhatsApp ranged to a category instead of unreated. Unfortunatally they only at one IP at the time I use the update URL catecory on http://www.fortiguard.com/static/webfiltering.html
any solution for this, i have a the same problem in Whatsapp pictures are not downloaded when enabling SSL..even the fortinet certificate is installed on the mobile.
but the problem in Whatsapp
Charrlleess wrote:look above dude. if u don't read nobody can help u.Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Try to add whatsapp.net as a FQDN on the ssl inspection certificate profile, it works for me.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.