FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ahernandez_FTNT
Description

When SSL “Full Inspection” is applied in the firewall policies for internal user’s traffic, users may report issues to transfer files/pictures using WhatsApp.


Solution

The best solution is creating a firewall policy on top allowing access to traffic with “WhatsApp” IP addresses as destination. This can be applied following the next steps:

1)      1) Copy the content of the attached script

2)      2) Paste it in the FortiGate CLI

3)      3) Verify that one address-group named “WhatsApp_grp” has been created in the FortiGate

           Untitled.jpg

4)     4) Create a firewall policy (over general policies) from Internal -> WAN with source IP “ALL” and destination “WhatsApp_grp” without applying SSL inspection.   

           NovemberKB(2).jpg

5)     5) Verify WhatsApp works properly after the changes.


Contributors