Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
Table of Contents
Overview
This is the guide to block application like what’s app video call feature via application protection. You can similarly block many applications like drop box, or any other VoIP, zoom, applications etc.
Step 1: Create an Application Policy
Navigate to application > application filter and click add. Creating an application Policy, use the smart filter to filter out the application and select the action as deny:
Under the custom application policy, you can add various application you want to allow or deny.
Step 2: Firewall Rule settings
Leave the following settings under the Firewall rule
Step 3: IPS Service running
Ensure the IPS service is running [Under the System services > Services]
Step 4: Pattern IPS
Check the pattern IPS and application signatures – ensure they are up2date
[Path – backup & firmware > Pattern updates]
Step 5: Using log viewer to confirm traffic is being blocked
Open Log viewer > on the right down menu click Application filter and initiate a what’s app video call – You’ll be able to see the following results below:
When you hover the mouse on the Red icon of application filter, you’ll be able to see the information below, we can see here the what’s app uses the dst_port 3478 to communicate.
Note – Please delete the conntrack for the source IP who is initiating the what’s app video call On the CLI, select option 5. Device Management, then option 3. Advanced Shell Command – #conntrack -D -s <SRC IP> [use this command until “0 flow entries have been deleted”]
I hope this article has helped achieve your requirement!
Updated Disclaimer
[edited by: Erick Jan at 9:09 AM (GMT -7) on 17 Apr 2023]