Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 12 replies
  • Subscribers 29 subscribers
  • Views 4764 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos is blocking whatsapp even though there is no webfilter or application filter is applied

Alumco SAL

We just upgraded our hardware device from Cyberoam to Sophos XG 106(SFOS 18.0.3 MR-3), everything seems to work except that Sophos is blocking Whatsapp. I tried everything from disabling https scanning & disabling pharming protection. I even created a custom rule to allow Whatsapp based on URL and IP address but still no success. The log viewer doesn't show any blocked traffic because i enabled all the traffic. The website opens without issue but the QR code keeps loading and the desktop version doesn't work.



This thread was automatically locked due to age.
Parents
  • 0

    Hello Alumco,

    Thank you for contacting the Sophos Community!

    I am moving this thread to the XG Group as it was posted in the UTM Firewall Group.

    Please clarify what is being blocked? It is the application itself on the cellphones or the website?

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel,

    It's not working on any device, i even created a plain firewall from Any source to Any destination and still didnt work. 

  • 0 in reply to Alumco SAL

    Hi Alumco,

    please create a firewalll at the top of your firewall list

    source LAN, network any, destination WAN, network any, service any, allow, log, web use proxy also all application allow all.

    This assumes you have only 1 NAT rule at that is the default?

    Then connect to the application and review the logviewer files for web, application, IPS as well as the firewall tab?

    Then please post a copy of the error the users are receiving when attempting to connect.

    Ian

  • 0 in reply to rfcat_vk

    Hello,

    I created the rule as you requested, everything is working except whatsapp. The log doesnt show any denied traffic all green.

    Time Log comp Log subtype Firewall rule NAT rule Message Message ID Rule type Live PCAP Src IP Src port Dst IP Dst port In interface  Out interface  Protocol Username IPS policy ID Application
    04/12/2020 9:44 Firewall Rule Allowed 10 2 1 1 Open PCAP 192.168.10.191  64136 157.240.196.60 443 Port1 TCP salim.zeidan@alumcogroup.com 0 WhatsApp Web
    04/12/2020 9:44 Firewall Rule Allowed 10 2 1 1 Open PCAP 192.168.10.191  64135 157.240.196.60 443 Port1 TCP salim.zeidan@alumcogroup.com 0 WhatsApp Web
    04/12/2020 9:44 Firewall Rule Allowed 10 2 1 1 Open PCAP 192.168.10.191  64133 157.240.196.60 443 Port1 TCP salim.zeidan@alumcogroup.com 0 WhatsApp Web
  • 0 in reply to Alumco SAL

    Hi,

    what about the web and application logs. Does the GUI ips show any values?
    ian

    sounds to me more like you are using dpi instead of the web proxy?

Reply Children