When SSL “Full Inspection” is applied in
the firewall policies for internal user’s traffic, users may report issues to
transfer files/pictures using WhatsApp.
The best solution is creating a firewall
policy on top allowing access to traffic with “WhatsApp” IP addresses as
destination. This can be applied following the next steps:
1) 1) Copy the content of the
2) 2) Paste it in the FortiGate CLI
3) 3) Verify that one address-group
named “WhatsApp_grp” has been created in the FortiGate
4) 4) Create a firewall policy (over
general policies) from Internal -> WAN with source IP “ALL” and destination
“WhatsApp_grp” without applying SSL inspection.
5) 5) Verify WhatsApp works properly
after the changes.