I am looking rules block application inside of "Firewall &Shaping " MR option and I cannot see none about Whatsapp application. So, there is a lots of applications group, but anyone mention about whatsapp.
In this case what's the best approach to work in this way? For example block user to use on the specific SSID this application?
I believe to create rules inside name (www) or IP address related destination server is not polite, because there are lots servers. Is there any example using Meraki for this subject?
Unfortunately, it looks like "WhatsApp" is missing from the predefined layer 7 firewall categories. The only way around this would be to create your rule manually via DNS/IP/Port number for the WhatsApp traffic. I don't know the DNS/IP/Port numbers myself however there are numerous articles online which share this information.
Have a read of this article which will help; https://superuser.com/questions/695621/how-to-block-the-whatsapp-android-application-in-a-network
Exactly my point.
I figure out this article and many other explain about block traffic, however there is not polite configure many lines to block it ( port, IP, DNS, etc ), then the best option will have this application inserted in this classification filters, like in "Skype" or other category.
Yeah, i totally agree with you. Unfortunately, there doesn't seem to be a pre-defined rule for "WhatsApp", I'd advise making a wish in dashboard. I'm sure the product team sees numerous of these however it would be great to see what are the reoccurring ones so they know what to prioritize.
I only to advise another problems facing to block this traffic.
1) I cannot use a mask ( like * ) to implement rules inside of Layer 7 FW, so only entire and exactly URL to match which will increase more line in my rules
2) I didn't find way to specific a message regarding this rules when I have match on it ( like hits ) on the line and the same time a message could be informed as default for the user ( when user access by browser saying, maybe " This is not permitted in this environment " )
The only way to block this traffic was defined rules inside of MX ( Outbound Rules - Layer 3 ) on the specific VLAN using only a mask on the begin of URL ( *.whatsapp ), again cannot use a mask ( like * ) on the finish of this address.
Then, I will make wish on the portal in order to ask more attention.