Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
saimsaiyed
New Contributor

WhatsApp filetransfer not working

Hi All,

 

I want to allow WhatsApp and WhatsApp file transfer through application control, I blocked all categories under Application control and under application overrides allowed DNS,WhatsApp and Whatsapp_File.Transfer, I am able to send text messages but not able to send images. Any idea?

 

-Saim

Categories

1 Solution
Charrlleess
New Contributor

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

View solution in original post

10 REPLIES 10
Christopher_McMullan

If you create a test firewall policy above the one you're working on, filtering for only your one testing source IP, and add an application control sensor in that monitors all signatures, what shows up?

 

Does it detect the image transfer as another known signature, or is there nothing at all?

Regards, Chris McMullan Fortinet Ottawa

Fr34k11
New Contributor

Hi,

 

I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.

 

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/misc_utm_chapter.15...

https://forum.fortinet.com/tm.aspx?m=97017

 

From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.

- FortiFr34k11

jim3cantos
New Contributor III

dezso wrote:

Hi,

 

I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.

 

http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/misc_utm_chapter.15...

https://forum.fortinet.com/tm.aspx?m=97017

 

From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.

I also had this problem with SSL deep inspection activated in the rule, Cloud app deep inspection activated in the application profile and fortinet certificate installed in the mobile phone. I found this KB, but before trying it, I tried adding *.whatsapp.net (from what I saw in the logs) in the deep inspection exception list and it seems to work.

José Ignacio Martín Jiménez
Charrlleess
New Contributor

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

josibu

Charrlleess wrote:

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

 

Hi

I'm having the same problem. I've tried quite a lot of different things. I exempted from SSL inspection *whatsapp* and it didn't work for me. I added *apple*, it also made no difference. At last I unchecked the exemption from Banking so it would inspect Banking. This worked for me for WhatsApp on iPhone.

However, people with iPhone complain also that they are unable to download / update apps from the appstore, even though I've excluded from SSL-inspection *apple*, *store*, and all those names.

Did someone maybe experience the same issue?

thx

petertavenier

I had the same issue. Turned out this was the Web Filter 'blocking' it.

For the 'unrated' websites I have a policy with action 'warning', so in your browser you'll get a portal of the FortiGate and you can click continue after you got the warning the site was blocked. This portal uses a self-singed certificate. The WhatsApp application obviously cannot understand this portal.

As an workaround you can add them manually, using the Web Rating Overrides and add the IP's WhatsApp is using as URL's. The ranges I've seen so far are:

inetnum: 169.55.235.160-169.55.235.191 inetnum: 169.54.222.128-169.54.222.159

 

I also asked FortiGuard to add the WhatsApp ranged to a category instead of unreated. Unfortunatally they only at one IP at the time I use the update URL catecory on http://www.fortiguard.com/static/webfiltering.html

Engineer

any solution for this, i have a the same problem in Whatsapp pictures are not downloaded when enabling SSL..even the fortinet certificate is installed on the mobile.

but the problem in Whatsapp

NikkiBella

Charrlleess wrote:

Hi,

 

Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I  could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.

 

You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.

 

That worked for me.

 

Best Regards

look above dude. if u don't read nobody can help u.

arturoleala

Try to add whatsapp.net as a FQDN on the ssl inspection certificate profile, it works for me.