Solved: Issues blocking WhatsApp

Blannier

Hi everyone,

I’m trying to block WhatsApp on my network using Check Point. I have applied the relevant policies and added the WhatsApp application categories/tags within Application Control.

The partial result is that images and audio are successfully blocked, but text messages are still being delivered without restriction.

Has anyone experienced the same issue? Is there any additional configuration required to fully block WhatsApp (including text messages) and not only multimedia files?

HadiFrohar

Hi Don,

:path need to be a complete URL of a directory that contains in it urls.txt and Version (optional).

In your case, you should change whatsapp.txt filename to urls.txt and use the following configuration file:

(
:dynamic_urls_lists (
  : (
    :name (WhatsApp_URLs)  # Must be the same as the name of the Custom Application/Site object in SmartConsole
    :path (http://192.168.12.101/urls)
    :regex (true)
  )
)
:update_interval (300)
)

Let me know if it works for you

View solution in original post

the_rock

What I always do is add custom category to block and simply add *whatsapp*, thats it. Works best if you have ssl inspection enabled.

Andy

Don_Paterson

Hey Andy,

What about the popup, thought?

I am also wondering if HTTPS Inspection is needed to fully control WA?

Regards,

Don

the_rock

Hey Don,

I never worry about that pop up and I will tell you why. Not to make fun or make this sound like a silly thing, but I cant even count how many hours I spent with one customer back in 2020 with TAC on the phone worrying about that message you posted and we finally realized after I tested this in the lab that doing *domain* was best way to fix those problems.

And yes, https inspection was indeed needed.

Andy

Don_Paterson

Thanks for that.

What about performance?

I see this in the HCP report. See attached

Is that he same config you recommended?

Cheers,

Don

the_rock

I had seen that many times, its expected in hcp report. Personally, I dont even pay attention now if I ever see that.

Andy

the_rock

Forgot to answer about performance...I had NEVER seen that cause any performance issues, either with any customer or in my lab.

Andy

Don_Paterson

Thanks.

We need a WhatsApp Updatable Object 🙂

Just been looking at the new feature in the latest JHFA (details below), and wondering if it can make it any better, but also just exploring the new feature.

... And also regex-style options to maybe optimize it. File attached.

I don't need it but was just curious to look into it. Will test it if I get a chance later.

https://sc1.checkpoint.com/documents/Jumbo_HFA/R82/R82.00/Take_41.htm?tocpath=_____6

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont...

PRJ-60279,
PMTR-114156

Application Control

NEW: This Take introduces the Dynamic URL List feature is an enhancement to the Custom Applications / Sites object (sk165094), allowing to maintain a dynamic list of URLs based on a feed file.

Refer to R82 Security Management Administration Guide > Topic "Creating Application Control and URL Filtering Rules".

the_rock

There are some 🙂

Andy

Don_Paterson

But no Updatable Object 😉

the_rock

Yea, true that :). But, keep in mind, as others have stated before, CP, as Im sure is the case with any other vendor, would only show certain updatable objects if updated from 3rd party companies. Im fairly certain fw vendors dont control those things.

Andy

the_rock

Good day Don,

Im super curious to see how this works out for you, in regards to whatsapp. Please keep us posted.

Andy

Don_Paterson

Hi Andy,

I tried it yesterday but unfortunately could not get it working.

I think that I tried everything (Regex tick box and removing underscores from the app name etc.) but no luck.

Let me know if you can spot any mistakes in the attached.

One thing that is confusing me is this:

:path (https://172.16.4.191/urls) # Must be the same as configured in the file "urls.txt" and in the Custom Application/Site object

Cheers,

Don

the_rock

Hey Steve,

All I did was add *whatsapp* and do NOT check regular expressions, thats it. Rule looks right.

Andy

Don_Paterson

Steve? Who's Steve 😉

It's early morning over there ☕ ☕

I am giving you feedback on testing the new R82 JHFA 41 Dynamic URLs feature.

I want to see that working internally and can then look at the git reference (external) after I see it working with a simple config.

Regards,

Don

the_rock

Geesh, sorry Don...I was responding to Steve on another post and just typed that here too lol, my bad mate.

For what is worth, you can call me Larry, thats name I got ages ago when my ex's mother could never remember my name haha

Anyway, I tested this in R82 jumbo 41, works fine.

I will attach some screenshots later.

Andy

the_rock

@Don_Paterson

There you go : - ). Btw, happy to do remote and help if you guys allow that.

Andy (aka Larry)

Don_Paterson

Thanks Larry 😉

Is that related to the new R82 JHFA 41 feature or a custom App with just *whatsapp*?

I am wondering if there is confusion here. I am trying the new feature and failing.

Did you try that yet?

Using Dynamic URL Lists for Application Control and URL Filtering

https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

https://sc1.checkpoint.com/documents/Jumbo_HFA/R82/R82.00/Take_41.htm?tocpath=_____6

RJ-60279,
PMTR-114156

Application Control

NEW: This Take introduces the Dynamic URL List feature is an enhancement to the Custom Applications / Sites object (sk165094), allowing to maintain a dynamic list of URLs based on a feed file.

Refer to R82 Security Management Administration Guide > Topic "Creating Application Control and URL Filtering Rules".

the_rock

Ah...confused Larry, would not be first OR last time haha

Anyway, no, I did not test that feature, but will do so, give me some time.

Andy

Don_Paterson

Cool, no worries.

You can check my message attachments to see if they match the recommended method, which has to be followed to set it up.

I just customised that for whatsapp, rather then example.com 🙃

the_rock

Larry is on it boss 😉

Andy

the_rock

So I tried, that method fails, but if I add bunch of those domains in excel spreadsheet and upload in custom object, works fine, as attached.

Andy

the_rock

File I used,

Andy

Don_Paterson

Same here.

Works first time. Attached for my test details.

I'll try the Dynamic URL feature again later, but I am not confident it will work after all the testing and checking I already did

Maybe @PhoneBoy can leave an email in the right inbox for some help on Sunday, assuming I haven't missed something and been silly.

the_rock

Fair enough! CP/Community authority/legend/evangelist @PhoneBoy to the rescue.

Andy

PhoneBoy

I flagged R&D on this.

Don_Paterson

Thanks 🙂

the_rock

Hey Don,

Any luck with this?

Andy

Don_Paterson

No, unfortunately not.

I tried everything but did not see it working.

Hopefully R&D will have some advice soon.

The custom App/site worked fine (basic testing to WhatsApp sites ) but the new dynamic list did not.

Standing by..

the_rock

K, sounds good.

Are you a member of CheckMates?

Issues blocking WhatsApp

Using Dynamic URL Lists for Application Control and URL Filtering