Configuring the Smoothwall Filter and Firewall to Allow Access to WhatsApp

If the WhatsApp application doesn't work through a Smoothwall Filter and Firewall that's Decrypting & Inspecting, you need to configure the Smoothwall Filter and Firewall to allow access to it.

WhatsApp needs to communicate over certain ports, so the relevant Firewall Rules need to be put in place as well as a Guardian and HTTPS Policy.

Note: Since decrypt and inspect will be disabled for WhatsApp, there will be no web filtering applied to WhatsApp traffic. A more securely monitored method, but less convenient, is to have users access WhatsApp features by logging on the WhatsApp web site and use the interface there instead.

Procedure

  1. Create a new category, see our help topic, Creating custom categories:
    • Name: WhatsApp
    • Domain/URL Filtering: whatsapp.net
  2. Create a new allow web filter policy with these settings, see our help topic, Creating web filter policies:
    •  Who: Everyone*
    • What: WhatsApp
    • Where: Everywhere*
    • When: Always*
    • Action: Allow
  3. Make sure the WhatsApp Allow Web Filter policy is above any Block web filter policies for Social Networking Sites and Instant Messaging, VoIP & Web Conferencing, see our help topic, Managing web filter policies.
  4. Create a HTTPS Inspection policy with these settings, see our help topic, Creating HTTPS inspection policies:
    • Who: Everyone*
    • What: WhatsApp Allow
    • Where: Everywhere*
    • When: Always*
    • Action: Do Not Inspect
  5. Make sure this Do Not Inspect policy is above any Decrypt and Inspect policies in the HTTPS Inspection Policy table, see our help topic, Managing HTTPS inspection policies.
  6. Create a WhatsApp service object with these settings, see our help topic, Creating service objects or groups.
    • Name: WhatsApp
    • Add new service: TCP
    • Port Number: 5222
    • Add new service: TCP
    • Port Number: 5223
    • Add new service: UDP
    • Port Number: 3478
  7. Create a new firewall rule with these settings, see help topic, Adding new Firewall rules
    • Name: WhatsApp
    • Source IP Addresses: Any*
    • Inbound Interfaces: Any*
    • Destination IP Addresses: Any*
    • Outbound Interfaces: Any*
    • Services: The WhatsApp service object that you created.
    • Groups: Any*
    • Action: Accept
    • To capture logs for your firewall rule, select the Log option.*
      * These options should be amended as required on your setup.

You should now be able to use Text chat/Voice chat/Video chat & file transfer over WhatsApp through the Smoothwall.

Also, see our knowledge base article, Bypassing HTTPS Inspection When Apps like WhatsApp and Dropbox Aren't Working.