When SSL “Full Inspection” is applied in the firewall policies for internal user’s traffic, users may report issues to transfer files/pictures using WhatsApp.
The best solution is creating a firewall policy on top allowing access to traffic with “WhatsApp” IP addresses as destination. This can be applied following the next steps:
1) 1) Copy the content of the attached script
2) 2) Paste it in the FortiGate CLI
3) 3) Verify that one address-group named “WhatsApp_grp” has been created in the FortiGate
4) 4) Create a firewall policy (over general policies) from Internal -> WAN with source IP “ALL” and destination “WhatsApp_grp” without applying SSL inspection.
5) 5) Verify WhatsApp works properly after the changes.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.