FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 195035

When SSL “Full Inspection” is applied in the firewall policies for internal user’s traffic, users may report issues to transfer files/pictures using WhatsApp.


The best solution is creating a firewall policy on top allowing access to traffic with “WhatsApp” IP addresses as destination. This can be applied following the next steps:

1)      1) Copy the content of the attached script

2)      2) Paste it in the FortiGate CLI

3)      3) Verify that one address-group named “WhatsApp_grp” has been created in the FortiGate


4)     4) Create a firewall policy (over general policies) from Internal -> WAN with source IP “ALL” and destination “WhatsApp_grp” without applying SSL inspection.   


5)     5) Verify WhatsApp works properly after the changes.