Blocking WhatsApp Traffic Using MX84

SOLVED
rob1986b
Conversationalist

Blocking WhatsApp Traffic Using MX84

Perhaps someone can help.

Is it possible to block WhatApp traffic on our MX84?

WhatsApp is not listed on the layer7 firewall pre-difned applications, so how would go about this?

 

Thanks,

Rob

1 ACCEPTED SOLUTION

Ok so I have tried blocking all the dns names on git hub to no avail.

I have also tried using the packet capture to work out the ip addresses one by on, then block them. Sadly it appears there are simply to many as each time I block one it moves to another ip.

Looks like this one is more tricky than it sounds. If anyone from Meraki are reading this I would be grateful if WhatsApp could be added to the category. It appears other appliances such as Sophos already do this.

Thanks,

Rob

View solution in original post

10 REPLIES 10
Adam
Kind of a big deal

You'll likely need to use layer 7 firewall rules to block the IP ranges or DNS names the service uses.  There isn't a predefined category for that type of service since the "Internet Communication" category includes Gmail and Facebook messengers. 

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
PhilipDAth
Kind of a big deal
Kind of a big deal

I believe WhatsApp uses the below domain to login, so blocking this using content filtering will probably do it.

c.whatsapp.net

 

Or go more aggressive, and just block:

whatsapp.net

whatsapp.com

Thanks for the ideas, unfortunately no joy just yet.

So far I have tried adding a L7 http hostname block on whatsapp.net and WhatsApp.com.

 

Any other ideas?


@rob1986b wrote:

Thanks for the ideas, unfortunately no joy just yet.

So far I have tried adding a L7 http hostname block on whatsapp.net and WhatsApp.com.

 

Any other ideas?


Quite a lot of information on github and Sophos

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel

Ok so I have tried blocking all the dns names on git hub to no avail.

I have also tried using the packet capture to work out the ip addresses one by on, then block them. Sadly it appears there are simply to many as each time I block one it moves to another ip.

Looks like this one is more tricky than it sounds. If anyone from Meraki are reading this I would be grateful if WhatsApp could be added to the category. It appears other appliances such as Sophos already do this.

Thanks,

Rob

Somebody received this notification - 

 

Dear partners,
Please note that we have migrated the latest IP pools of WhatsApp to Facebook Mobile Partner Portal.

Feel free to browse to the Settings page of the portal and download the latest WhatsApp IP
pool: https://fb.me/mpp_support
Further IP pool updates are also done through the portal and are no longer distributed via email or through
WhatsApp web site. If you have not yet registered on the Mobile Partner Portal or have difficulties
accessing it - please request access through the following form and we'll be happy to assist:
https://fb.me/mpp_access For any technical requests please contact us through the Support section of the
portal: https://fb.me/mpp_support WhatsApp team

You could get creative with QOS.

 

Or have you tried using "bundle IDs" - e.g. - net.whatsapp.WhatsApp

Robin St.Clair | Principal, Caithness Analytics | @uberseehandel
Meraki_Customer
Comes here often

Why does it say solved, when there is no solution posted so far? Did anyone had luck getting Whatsapp blocked on Meraki?
GiacomoS
Meraki Employee
Meraki Employee

Hey,

 

Has anybody tried with a Layer 7 firewall rule with a Deny Social web & photo sharing > Facebook ? 

Since Whatsapp has been acquired, I'm wondering if they may be sharing the same space as FB now. 

 

 

Thanks.


Giacomo

Please keep in mind that what I post here is my personal knowledge and opinion. Don't take anything I say for the Holy Grail, but try and see!
Appreciate who helps and be respectful of every opinion and every solution offered.
Share the love, especially the Meraki one!
Sanderan
Here to help

Hi,

 

Are you trying to block the WhatsApp Desktop App, if so

 

Try blocking the following under firewall host names:

mmg-fna.whatsapp.net 

Whatsapp.com

Whatsapp.net

 

S

Obrez
Here to help

I posted this in another thread, but I am going to add my two cents here as well.  

For anyone dealing with this issue, Meraki and Umbrella were unable to provide a complete solution, due to whatsapp heavy integration with Facebook.  Umbrella and Meraki can block the web and desktop app, but the mobile app continued to work.  I had to use a layer 3 firewall rule to block the Facebook IP ranges associated with Whatsapp.  You can find them here: https://developers.facebook.com/docs/whatsapp/guides/network-requirements/

under the IP addresses section.  It was a complete pain to create 230 objects and 2 object groups (remember object groups only be 150 objects max) but I have successfully blocked whatsapp completely.  I know that the ip addresses may change in the future, but that is something I will just have to deal with when it comes along.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels