Solved: Issues blocking WhatsApp - Page 2

Blannier

Hi everyone,

I’m trying to block WhatsApp on my network using Check Point. I have applied the relevant policies and added the WhatsApp application categories/tags within Application Control.

The partial result is that images and audio are successfully blocked, but text messages are still being delivered without restriction.

Has anyone experienced the same issue? Is there any additional configuration required to fully block WhatsApp (including text messages) and not only multimedia files?

the_rock

Hey Don (aka Steve),

I just did some more tests in my lab and was able to block whatsapp using that dynamic url list method, just worked for me. Im on R82 jumbo 41.

Andy (aka Larry)

Don_Paterson

Hey Larry,

Nice one.

Now I need to know where I went wrong. Any change you can share the files you used?

Cheers,

Steve

the_rock

Or LP for short (aka Larry Portokalo, that comes from good old movie "My big fat Greek wedding" classic lol)

Anywho, I used exact same things you posted in one of the previous responses, just copied them in excel and imported that into custom app object, will send screenshot later.

On another note, thats name I adopted when scammers call me, Lawrence Senior Portokalo, takes forever to spell it, plus, wasting scammers' time is so NOT a waste of time!

Best,

LP

Don_Paterson

Cool. 🙂 Thanks LP 😉

Enjoy the rest of the AI (Lakera) session.

the_rock

I WAS enjoying it until I mistaknly hit to reboot (doh)...Im sure there will be recording.

Andy

the_rock

Here it is.

Andy

the_rock

Hi Don,

Just wanted to let you know if you need anything tested in the lab, since I have it working, happy to do it. By the way, my mgmt is R82 jumbo 41 and cluster is R81.20 jumbo 115 (all latest ones). I also have dedicated smart event server, but thats not super relevant here, but in case we need any additional logging.

Best,

Andy

Don_Paterson

Hi Andy,

I just got around to catching up on this thread properly.

I thought that you were testing the all-new feature, Dynamic URL List, only available in R82 JHFA Take 41 and R81.20 JHFA Take 115, but it looks like you tested a standard custom Application/Site with the list as Regular Expressions. and not the new feature.

Where I was focusing my attention ,and what I was testing was, Dynamic URL List and that testing involves creating the custom Application/Site but that only contains a single url (the link to the external feed).

When you are working with dynamic_urls_lists.C in $FWDIR/appi/update/ then you are working with the new Dynamic URL List feature.

If you look at the collection of files I attached before you will see all of that and my configuration.

Using Dynamic URL Lists for Application Control and URL Filtering

Starting from R82 Jumbo Hotfix Accumulator Take 41, you can create a Dynamic URL List for Application Control and URL Filtering. The Dynamic URL List allows automatic update of the URL list based on a feed file, without requiring a policy installation for each URL change. Policy installation is only needed when modifying the configuration of the URL list itself (such as adding a new Dynamic URL List object or changing feed location). This feature provides greater flexibility and efficiency when managing allow lists and block lists.

https://sc1.checkpoint.com/documents/R82/WebAdminGuides/EN/CP_R82_SecurityManagement_AdminGuide/Cont...

ID	Product	Description
Take 41 Released on 03 September 2025
Take 41 - New Functionality
PRJ-62356	Security Management	NEW: Web SmartConsole now supports Quantum Spark Gateways and Security Gateways with a Dynamic IP Address (DAIP).
PRJ-60279, PMTR-114156	Application Control	NEW: This Take introduces the Dynamic URL List feature is an enhancement to the Custom Applications / Sites object (sk165094), allowing to maintain a dynamic list of URLs based on a feed file. Refer to R82 Security Management Administration Guide > Topic "Creating Application Control and URL Filtering Rules".

the_rock

You are absolutely right. I will test that in the lab tomorrow and update you.

Andy

Don_Paterson

Great. Thanks.

the_rock

LP got this, dont worry ; )

Andy

the_rock

Hey Don,

I thought my brain was going to be "clearer" after long bike ride, but, no joy, sorry mate : - (. I tried exactly what was mentioned in that link, verified everything 3 times, but randomly, page may work, then it would not work, BUT, even when it does not work, it NEVER shows block page.

Andy

the_rock

Got little further now...got block page once, ended up rebooting both cluster nodes, but after that, again, worked one time, but then exact same behavior as before, its super random.

Any news from TAC, Don?

Andy

Don_Paterson

Hi Andy LP,

Strange results..

I don't have a TAC case open. I had put it to Phoneboy to bump someone in RnD to double check the documentation and/or my config and maybe re-test their side.

Not sure when I will get a chance to test again but will let you know when I do.

Cheers,

Don

the_rock

I will definitely keep working at it myself as well.

Andy

the_rock

I may try this on R82 as well, since so far I tested R81.20

the_rock

Hey Don,

I had not forgotten about this. I have to go tomorrow to customer's site for some wireless stuff, but will check this further Thursday. I feel Im getting close to making it fully work.

Andy

HadiFrohar

Hi Don,

:path need to be a complete URL of a directory that contains in it urls.txt and Version (optional).

In your case, you should change whatsapp.txt filename to urls.txt and use the following configuration file:

(
:dynamic_urls_lists (
  : (
    :name (WhatsApp_URLs)  # Must be the same as the name of the Custom Application/Site object in SmartConsole
    :path (http://192.168.12.101/urls)
    :regex (true)
  )
)
:update_interval (300)
)

Let me know if it works for you

Don_Paterson

Hi Hadi,

Thanks for this.

Will test ASAP and get back to you.

the_rock

Hey Hadi,

I will also test it shortly and update.

Andy

the_rock

Thats it, just tried R82, worked!

the_rock

Hey guys,

Tried in R81.20, sadly, could not make it work, so I guess its only available in R82. @HadiFrohar is that correct?

Andy

HadiFrohar

Hey @the_rock

Its available in R81.20 jumbo T115+

the_rock

Hm...wondering why it did not work for me in the lab, since I am on jumbo 115. I used exact same method.

Andy

Don_Paterson

Check the directory (where the .C file is). Each time you install policy some files are touched or modified. Check the timestamps and see if they offer a clue.

the_rock

Did that too, I verified everything, looks exactly like in R82, but no luck...I even installed policy, but same issue. Let me reboot both cluster members : - )

Andy

the_rock

@Don_Paterson

And sure enough, like in good old days of Microsoft, if you rebooted 3 times, all magically worked...well, I only did it once in my lab lol

Andy

PhoneBoy

That's a great find!

the_rock

Hey Don,

I did bit more checking on this and stumbled upon below, which lists IP ranges fore whatsapp.

Andy

https://raw.githubusercontent.com/HybridNetworks/whatsapp-cidr/main/WhatsApp/whatsapp_cidr_ipv4.txt

the_rock

Also, forgot to mention, make sure there is no any rule in bypass policy that would allow this.

Andy

Are you a member of CheckMates?

Issues blocking WhatsApp

Using Dynamic URL Lists for Application Control and URL Filtering