Meraki

Community

Blocking WhatsApp Traffic Using MX84

Solved
rob1986b
Conversationalist
‎Feb 21 2018 8:06 AM
‎Feb 21 2018 8:06 AM

Blocking WhatsApp Traffic Using MX84

Perhaps someone can help.

Is it possible to block WhatApp traffic on our MX84?

WhatsApp is not listed on the layer7 firewall pre-difned applications, so how would go about this?

 

Thanks,

Rob

0 Kudos
1 Accepted Solution
In response to Uberseehandel
rob1986b
Conversationalist
‎Mar 12 2018 3:30 AM
‎Mar 12 2018 3:30 AM

Ok so I have tried blocking all the dns names on git hub to no avail.

I have also tried using the packet capture to work out the ip addresses one by on, then block them. Sadly it appears there are simply to many as each time I block one it moves to another ip.

Looks like this one is more tricky than it sounds. If anyone from Meraki are reading this I would be grateful if WhatsApp could be added to the category. It appears other appliances such as Sophos already do this.

Thanks,

Rob

View solution in original post

10 Replies 10
Adam
Kind of a big deal
‎Feb 21 2018 1:18 PM
‎Feb 21 2018 1:18 PM

You'll likely need to use layer 7 firewall rules to block the IP ranges or DNS names the service uses.  There isn't a predefined category for that type of service since the "Internet Communication" category includes Gmail and Facebook messengers. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Feb 21 2018 1:31 PM
‎Feb 21 2018 1:31 PM

I believe WhatsApp uses the below domain to login, so blocking this using content filtering will probably do it.

c.whatsapp.net

 

Or go more aggressive, and just block:

whatsapp.net

whatsapp.com

0 Kudos
In response to PhilipDAth
rob1986b
Conversationalist
‎Feb 23 2018 4:17 AM
‎Feb 23 2018 4:17 AM

Thanks for the ideas, unfortunately no joy just yet.

So far I have tried adding a L7 http hostname block on whatsapp.net and WhatsApp.com.

 

Any other ideas?

0 Kudos
In response to rob1986b
Uberseehandel
Kind of a big deal
‎Feb 23 2018 5:08 AM
‎Feb 23 2018 5:08 AM

@rob1986b wrote:

Thanks for the ideas, unfortunately no joy just yet.

So far I have tried adding a L7 http hostname block on whatsapp.net and WhatsApp.com.

 

Any other ideas?

Quite a lot of information on github and Sophos

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
In response to Uberseehandel
rob1986b
Conversationalist
‎Mar 12 2018 3:30 AM
‎Mar 12 2018 3:30 AM

Ok so I have tried blocking all the dns names on git hub to no avail.

I have also tried using the packet capture to work out the ip addresses one by on, then block them. Sadly it appears there are simply to many as each time I block one it moves to another ip.

Looks like this one is more tricky than it sounds. If anyone from Meraki are reading this I would be grateful if WhatsApp could be added to the category. It appears other appliances such as Sophos already do this.

Thanks,

Rob

In response to rob1986b
Uberseehandel
Kind of a big deal
‎Mar 12 2018 3:42 AM
‎Mar 12 2018 3:42 AM

Somebody received this notification - 

 

Dear partners,
Please note that we have migrated the latest IP pools of WhatsApp to Facebook Mobile Partner Portal.

Feel free to browse to the Settings page of the portal and download the latest WhatsApp IP 
pool: https://fb.me/mpp_support

Further IP pool updates are also done through the portal and are no longer distributed via email or through 
WhatsApp web site. If you have not yet registered on the Mobile Partner Portal or have difficulties 
accessing it - please request access through the following form and we'll be happy to assist: 
https://fb.me/mpp_access

For any technical requests please contact us through the Support section of the 
portal: https://fb.me/mpp_support

WhatsApp team

You could get creative with QOS.

 

Or have you tried using "bundle IDs" - e.g. - net.whatsapp.WhatsApp

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
0 Kudos
Meraki_Customer
Here to help
‎Jul 30 2018 3:15 PM
‎Jul 30 2018 3:15 PM

Why does it say solved, when there is no solution posted so far? Did anyone had luck getting Whatsapp blocked on Meraki?
0 Kudos
GiacomoS
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Jul 30 2018 11:57 PM
‎Jul 30 2018 11:57 PM

Hey,

 

Has anybody tried with a Layer 7 firewall rule with a Deny Social web & photo sharing > Facebook ? 

Since Whatsapp has been acquired, I'm wondering if they may be sharing the same space as FB now. 

 

 

Thanks.


Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
0 Kudos
Sanderan
Here to help
‎Jun 29 2020 7:05 AM
‎Jun 29 2020 7:05 AM

Hi,

 

Are you trying to block the WhatsApp Desktop App, if so

 

Try blocking the following under firewall host names:

mmg-fna.whatsapp.net 

Whatsapp.com

Whatsapp.net

 

S

0 Kudos
Obrez
Here to help
‎Aug 18 2023 10:20 AM
‎Aug 18 2023 10:20 AM

I posted this in another thread, but I am going to add my two cents here as well.  

For anyone dealing with this issue, Meraki and Umbrella were unable to provide a complete solution, due to whatsapp heavy integration with Facebook.  Umbrella and Meraki can block the web and desktop app, but the mobile app continued to work.  I had to use a layer 3 firewall rule to block the Facebook IP ranges associated with Whatsapp.  You can find them here: https://developers.facebook.com/docs/whatsapp/guides/network-requirements/

under the IP addresses section.  It was a complete pain to create 230 objects and 2 object groups (remember object groups only be 150 objects max) but I have successfully blocked whatsapp completely.  I know that the ip addresses may change in the future, but that is something I will just have to deal with when it comes along.

Back to the top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.