If the WhatsApp application doesn't work through a Smoothwall Filter and Firewall that's Decrypting & Inspecting, you need to configure the Smoothwall Filter and Firewall to allow access to it.
WhatsApp needs to communicate over certain ports, so the relevant Firewall Rules need to be put in place as well as a Guardian and HTTPS Policy.
Note: Since decrypt and inspect will be disabled for WhatsApp, there will be no web filtering applied to WhatsApp traffic. A more securely monitored method, but less convenient, is to have users access WhatsApp features by logging on the WhatsApp web site and use the interface there instead.
Procedure
- Create a new category, see Creating custom categories:
- Name: WhatsApp
- Domain/URL Filtering: whatsapp.net
- Create a new allow web filter policy with these settings, see Creating web filter policies:
- Who: Everyone*
- What: WhatsApp
- Where: Everywhere*
- When: Always*
- Action: Allow
- Make sure the WhatsApp Allow Web Filter policy is above any Block web filter policies for Social Networking Sites and Instant Messaging, VoIP & Web Conferencing.
- Create a HTTPS Inspection policy with these settings, see Creating HTTPS inspection policies:
- Who: Everyone*
- What: WhatsApp Allow
- Where: Everywhere*
- When: Always*
- Action: Do Not Inspect
- Make sure this Do Not Inspect policy is above any Decrypt and Inspect policies in the HTTPS Inspection Policy table.
- Create a WhatsApp service object with these settings, see Creating service objects or groups.
- Name: WhatsApp
- Add new service: TCP
- Port Number: 5222
- Add new service: TCP
- Port Number: 5223
- Add new service: UDP
- Port Number: 3478
- Create a new firewall rule with these settings, see Adding new Firewall rules:
- Name: WhatsApp
- Source IP Addresses: Any*
- Inbound Interfaces: Any*
- Destination IP Addresses: Any*
- Outbound Interfaces: Any*
- Services: The WhatsApp service object that you created.
- Groups: Any*
- Action: Accept
- To capture logs for your firewall rule, select the Log option.*
* These options should be amended as required on your setup.
You should now be able to use Text chat/Voice chat/Video chat & file transfer over WhatsApp through the Smoothwall.
For troubleshooting, see: Bypassing HTTPS Inspection When Apps like WhatsApp and Dropbox Aren't Working.