This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Alan-Heleno
Participant
‎2022-05-03 12:01 PM

WhatsApp Web

After updating a member of the cluster from R80.30 to R80.40 take 156, ~the~WhatsApp Web access using browsers stopped working. It doesn't load the QRCode.

I added the regex \.whatsapp\.com and \.whatsapp\.net in the appControl, and the QRCode loaded, but reading this code with WhatsApp on smartphone, the browser informs that the computer is disconnected.

The same regex added in HTTPS Inspection, enabling bypass, solves the issue.

Is this a known problem in the R80.40 version? Does anybody else have this problem? Is there any solution to this problem, except bypass and regex (high CPU consumption)?

Thank you.

whatsapp regex.png
Preview file
9 KB
0 Kudos
3 Replies
Chris_Atkinson
Employee Employee
Employee
‎2022-05-03 05:47 PM

If it's reproducible please raise it with TAC for investigation so they can compare the behavior & perform the necessary analysis.

Note similar has been discussed here previously but not in the context of an upgrade, please refer:

https://community.checkpoint.com/t5/Security-Gateways/Block-WhatsApp-Uploads-Downloads/m-p/143992 

CCSM R77/R80/ELITE
0 Kudos
Alan-Heleno
Participant
‎2022-05-05 12:43 PM
In response to Chris_Atkinson

Hi Chris, how are you?

I'm suspecting a malfunction of https inspection. As has always been a delicate feature of Check Point, I'm reviewing the rules, looking for a possible resolution.
I thought it was something at the general level of the R80.40 version.
If I manage to solve it, I'll write it here for everyone.
Thanks.

0 Kudos
Sorin_Gogean
Advisor
‎2022-05-05 10:36 PM
In response to Alan-Heleno

Hello Alan,

 

I'm a bit confused, trying to understand your problem :).

So in 80.30 with HTTPS Inspection enabled, and no bypass for the WhatsApp , all was good.

Now in 80.40 you get the data/webpage on the client, but the QR is invalid.

If you skip/bypass the WhatApp in the HTTPS Inspection (R80.40) all works fine.

- did you tried to compare -the QR picture- between those 2, I doubt it that they will differ based on your HTTPS inspection as the picture is already generated, but you never know.

 

PS: in some documents, checkpoint recommends not to use regexp due to CPU intensive processes, maybe you can better use SNI matching to categories - see TIP 17 from <https://community.checkpoint.com/t5/General-Topics/R81-Top-25-Gateway-Tuning-Tips/m-p/66380>  

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top