Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
902
Views
1
Helpful
6
Replies

Blocking upload and download from Whatsapp Web on SSE

Harels
Level 1
Level 1

‎02-12-2025 02:00 AM

Hey,
I'm trying to setup Access Policy on SSE that allows access to Whatsapp Web but blocks uploading and downloading files from Whatsapp Web.
I have created an Access Policy rule that allows from any source to the Whatsapp destination, Advanced Application Control is also enabled in this rule and blocks upload to Whatsapp, also, a Security Profile in configured in this rule that has File Type Blocking enabled.

I'm testing this configuration with a computer that is configured with a PAC file and the rules doesn't seem affect the traffic, I can still upload and download from Whatsapp Web (I have QUIC disabled in the Microsoft Edge browser).
What am I doing wrong?

Labels:
accesspolicyrule.png
Preview file
61 KB
accesspolicyrule2.png
Preview file
69 KB
advancedapplicationcontrols.png
Preview file
36 KB
securityprofile.png
Preview file
34 KB
whatsappwebdownload.png
Preview file
8 KB
whatsappwebupload.png
Preview file
34 KB
0 Helpful
6 Replies 6

nbogdaje
Cisco Employee
Cisco Employee

‎02-21-2025 06:19 AM - edited ‎02-21-2025 06:19 AM

From a quick glance it looks like you have decryption disabled in your security profile. This needs to be enabled.

https://docs.sse.cisco.com/sse-user-guide/docs/advanced-application-controls

 

 
 
Troubleshooting

If advanced application control is not working as expected, check the following:

  • Decryption must be enabled in the security profile selected in the rule.
  • The site must not be on the Do Not Decrypt list selected in the security profile.
  • The domain—for example, dropbox.com—is not configured for Bypass Web Proxy on the Connect > End User Connectivity> Internet Security page. Any domains or IPs on this list will bypass Secure Access and be routed by your local DNS server. This list applies to PAC file and AnyConnect deployments.
  • When an application is blocked, a web notification page will not be displayed. Instead, an error message will be displayed in the application.

 

 

Harels
Level 1
Level 1

‎02-24-2025 02:20 AM

Thank you for your response,

I have enabled Decryption in my Security Profile and now uploads are being blocked as expected, but, I also have enabled File Type Blocking and it does not block files that I download from Whatsapp Web conversations.

0 Helpful

Darkmatter
Level 1
Level 1
In response to Harels

‎02-25-2025 07:41 AM

From the info in the docs, it looks like this granularity about Download is not provided, only Upload

Darkmatter_0-1740497973523.png

 

0 Helpful

Harels
Level 1
Level 1
In response to Darkmatter

‎02-25-2025 07:46 AM

From what I understand, this chart refers to Advanced Application Control and not File Type Blocking.
I am trying to configure File Type Blocking which is different.

0 Helpful

nbogdaje
Cisco Employee
Cisco Employee
In response to Harels

‎02-27-2025 11:28 AM

Are your sure the file type you are downloading matches the file type you are blocking in Secure Access? If so you might want to open a TAC case to further look into the issue.

 

0 Helpful

Harels
Level 1
Level 1
In response to nbogdaje

‎03-09-2025 03:26 AM

Yes, unfortunately, I am sure.

0 Helpful
Customers Also Viewed These Support Documents
Top