How do I allow WhatsApp in Guardian filtering?

Article #: Product Castle
1813 / KB-90 Guardian All


Allowing the WhatsApp application in Guardian and via the Firewall.


The WhatsApp application does not work through a transparent proxy.


The WhatsApp application sends non-SSL data over SSL port 443. This causes the SSL handshake to fail between the server and the Smoothwall. In WhatsApp's case, the destination server does not return any error but just closes the "Client Hello" (sent as a part of SSL handshake). As a result the Smoothwall is unable to tunnel this transaction.

You will need to open outgoing ports on your firewall, as well as adding Guardian destination exceptions:

  1. Open the following ports (both TCP and UDP) on your firewall for outgoing traffic:
    • 80
    • 443
    • 5222
    • 5223
    • 5228
  2. Go to Guardian > Web filter > Exceptions > Manage destination exceptions.
  3. Change the Destination exception IP addresses to full-text mode.
  4. Download the whatsapp_destination_exceptions.txt file, and copy the IP addresses and URLs to Destination exception IP addresses.
    (updated server list 17-Dec-2015)
    (updated URL list 24-Oct-2016)


Last updated: Author: Contributions by:
13th March 2017