Problem
Applications on mobile phones, tablets and desktops are failing to work when going through the filter.
This is because HTTPS inspection causes the application to fail. Some applications use certificate pinning or embed the public key of their server certificates into the app for security, and when apps do this, the HTTPS inspection can cause the application to fail.
Solution
To get them to work, please try to open the service in a normal browser.
Apps like WhatsApp and Dropbox also have webpages that can be accessed to perform the same service the app is capable off. If the service works when using a web browser, the issue will likely be HTTPS inspection.
The most immediate solution is to bypass HTTPS inspection for the application domain. Some applications have defined categories that can be used for this purpose. They can be found in the "IT and Technical" category and the "Software" category contained in "IT and Technical".
Example
After a software update, the DPD app failed to connect, but the DPD website loads fine. Adding the domain "dpd.com" to a "Do not inspect policy" should address the issue.
Warning: Be aware that if an application domain is excluded, content cannot be inspected.
Workaround: Sometimes HTTPS inspection is needed for an application domain and in those cases, HTTPS inspection has to be retained and users will have to use the webpage in their browser to access the services, rather than using a dedicated application.
It might be that there are multiple domains that need to be excluded to get an app to work. If the app doesn't have a category already defined in the Smoothwall blocklist, the real-time log is a good place to find any other domains the app may be trying to access. Go to the real-time web filter log viewer located in Reports - Realtime - Web filter and fill in the IP address in the source IP address field. Also put the word "Denied" in the category field. This limits the viewer to show only results from your testing IP address and show what is blocked.
Open the app and follow what happens in the real-time log viewer and look for lines that have no category in them, like this image shows:
In the example, the URL is an IP address but that is rare. You'll likely see domain name instead of IP addresses. The main thing to look for are blocked requests that have no category listed. The red background shows that the request was blocked.
Add the domain to a "do not inspect" policy and then try refreshing the app. Repeat until all domains have been found.
Note: A domain can be abbreviated to just "domain.com". If there are multiple entries with the same top-level domain, add the top level domain only.
We recommend that you read our article Knowing When You Should Bypass the Web Filter and How.