Blocking upload and download from Whatsapp Web on SSE
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-12-2025 02:00 AM
Hey,
I'm trying to setup Access Policy on SSE that allows access to Whatsapp Web but blocks uploading and downloading files from Whatsapp Web.
I have created an Access Policy rule that allows from any source to the Whatsapp destination, Advanced Application Control is also enabled in this rule and blocks upload to Whatsapp, also, a Security Profile in configured in this rule that has File Type Blocking enabled.
I'm testing this configuration with a computer that is configured with a PAC file and the rules doesn't seem affect the traffic, I can still upload and download from Whatsapp Web (I have QUIC disabled in the Microsoft Edge browser).
What am I doing wrong?
- Labels:
-
Secure Access
-
Web Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2025 06:19 AM - edited 02-21-2025 06:19 AM
From a quick glance it looks like you have decryption disabled in your security profile. This needs to be enabled.
https://docs.sse.cisco.com/sse-user-guide/docs/advanced-application-controls
If advanced application control is not working as expected, check the following:
- Decryption must be enabled in the security profile selected in the rule.
- The site must not be on the Do Not Decrypt list selected in the security profile.
- The domain—for example, dropbox.com—is not configured for Bypass Web Proxy on the Connect > End User Connectivity> Internet Security page. Any domains or IPs on this list will bypass Secure Access and be routed by your local DNS server. This list applies to PAC file and AnyConnect deployments.
- When an application is blocked, a web notification page will not be displayed. Instead, an error message will be displayed in the application.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2025 02:20 AM
Thank you for your response,
I have enabled Decryption in my Security Profile and now uploads are being blocked as expected, but, I also have enabled File Type Blocking and it does not block files that I download from Whatsapp Web conversations.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2025 07:41 AM
From the info in the docs, it looks like this granularity about Download is not provided, only Upload
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-25-2025 07:46 AM
From what I understand, this chart refers to Advanced Application Control and not File Type Blocking.
I am trying to configure File Type Blocking which is different.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-27-2025 11:28 AM
Are your sure the file type you are downloading matches the file type you are blocking in Secure Access? If so you might want to open a TAC case to further look into the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-09-2025 03:26 AM
Yes, unfortunately, I am sure.
