How do I allow WhatsApp in Guardian filtering?

Article #:

Product

Castle

1813 / KB-90

Guardian

All

Summary

Allowing the WhatsApp application in Guardian and via the Firewall.

Problem

The WhatsApp application does not work through a transparent proxy.

Solution

The WhatsApp application sends non-SSL data over SSL port 443. This causes the SSL handshake to fail between the server and the Smoothwall. In WhatsApp's case, the destination server does not return any error but just closes the "Client Hello" (sent as a part of SSL handshake). As a result the Smoothwall is unable to tunnel this transaction.

You will need to open outgoing ports on your firewall, as well as adding Guardian destination exceptions:

1. Open the following ports (both TCP and UDP) on your firewall for outgoing traffic:
80
443
5222
5223
5228
2. Go to Guardian > Web filter > Exceptions > Manage destination exceptions.
3. Change the Destination exception IP addresses to full-text mode.
4. Download the whatsapp_destination_exceptions.txt file, and copy the IP addresses and URLs to Destination exception IP addresses.

(updated server list 17-Dec-2015)

(updated URL list 24-Oct-2016)

Attribution:

Last updated:

Author:

Contributions by:

13th March 2017

 

DMT

SN

 

Copyright © 2000-2016 Smoothwall All rights reserved.