- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: WhatsApp filetransfer not working
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
WhatsApp filetransfer not working
Hi All,
I want to allow WhatsApp and WhatsApp file transfer through application control, I blocked all categories under Application control and under application overrides allowed DNS,WhatsApp and Whatsapp_File.Transfer, I am able to send text messages but not able to send images. Any idea?
-Saim
Categories
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you create a test firewall policy above the one you're working on, filtering for only your one testing source IP, and add an application control sensor in that monitors all signatures, what shows up?
Does it detect the image transfer as another known signature, or is there nothing at all?
Regards, Chris McMullan Fortinet Ottawa
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.
https://forum.fortinet.com/tm.aspx?m=97017
From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.
- FortiFr34k11
- FortiFr34k11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
dezso wrote:I also had this problem with SSL deep inspection activated in the rule, Cloud app deep inspection activated in the application profile and fortinet certificate installed in the mobile phone. I found this KB, but before trying it, I tried adding *.whatsapp.net (from what I saw in the logs) in the deep inspection exception list and it seems to work.Hi,
I have this exact problem, my guess is that you have SSL inspection on. In a nutshell the problem is that the servers do not "trust" the re-encrypted traffic. For a more technical explanation you can check a similar issue with Dropbox application.
https://forum.fortinet.com/tm.aspx?m=97017
From that, the solution is exemption. Now this can be very tricky with Whatsapp. There is no URL list (at least not what I can find, so if you find one PLEASE post it here) there is no IP list either and from what I read it is dynamic so it changes often so looking for it in the logs wont help you much.
José Ignacio Martín Jiménez
José Ignacio Martín Jiménez
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Charrlleess wrote:Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Hi
I'm having the same problem. I've tried quite a lot of different things. I exempted from SSL inspection *whatsapp* and it didn't work for me. I added *apple*, it also made no difference. At last I unchecked the exemption from Banking so it would inspect Banking. This worked for me for WhatsApp on iPhone.
However, people with iPhone complain also that they are unable to download / update apps from the appstore, even though I've excluded from SSL-inspection *apple*, *store*, and all those names.
Did someone maybe experience the same issue?
thx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I had the same issue. Turned out this was the Web Filter 'blocking' it.
For the 'unrated' websites I have a policy with action 'warning', so in your browser you'll get a portal of the FortiGate and you can click continue after you got the warning the site was blocked. This portal uses a self-singed certificate. The WhatsApp application obviously cannot understand this portal.
As an workaround you can add them manually, using the Web Rating Overrides and add the IP's WhatsApp is using as URL's. The ranges I've seen so far are:
inetnum: 169.55.235.160-169.55.235.191 inetnum: 169.54.222.128-169.54.222.159
I also asked FortiGuard to add the WhatsApp ranged to a category instead of unreated. Unfortunatally they only at one IP at the time I use the update URL catecory on http://www.fortiguard.com/static/webfiltering.html
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
any solution for this, i have a the same problem in Whatsapp pictures are not downloaded when enabling SSL..even the fortinet certificate is installed on the mobile.
but the problem in Whatsapp
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Charrlleess wrote:look above dude. if u don't read nobody can help u.Hi,
Even after allowing the WhatsApp on the application control, file transfering is not possible. Searching through log files I could identify that file transfer is being blocked on Webfilter profiles under the categories of Instant Messaging.
You could either allow this category or just create a url filter allowing the domain *whatsapp.net on the profile you are using in the policy.
That worked for me.
Best Regards
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Try to add whatsapp.net as a FQDN on the ssl inspection certificate profile, it works for me.
Related Posts
- Whatsapp File Transfer 478 Views
- Blocking whatsapp web fortigate 459 Views
- Fortigate SSL VPN Client Unable to... 1250 Views
- Wrong categorization 1672 Views
- Web Filter - Wrong categorization 2512 Views
Labels
-
FortiGate
6,457 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.