cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
902
Views
1
Helpful
6
Replies

Blocking upload and download from Whatsapp Web on SSE

Harels
Level 1
Level 1

Hey,
I'm trying to setup Access Policy on SSE that allows access to Whatsapp Web but blocks uploading and downloading files from Whatsapp Web.
I have created an Access Policy rule that allows from any source to the Whatsapp destination, Advanced Application Control is also enabled in this rule and blocks upload to Whatsapp, also, a Security Profile in configured in this rule that has File Type Blocking enabled.

I'm testing this configuration with a computer that is configured with a PAC file and the rules doesn't seem affect the traffic, I can still upload and download from Whatsapp Web (I have QUIC disabled in the Microsoft Edge browser).
What am I doing wrong?

6 Replies 6

nbogdaje
Cisco Employee
Cisco Employee

From a quick glance it looks like you have decryption disabled in your security profile. This needs to be enabled.

https://docs.sse.cisco.com/sse-user-guide/docs/advanced-application-controls

 

 
 
Troubleshooting

If advanced application control is not working as expected, check the following:

  • Decryption must be enabled in the security profile selected in the rule.
  • The site must not be on the Do Not Decrypt list selected in the security profile.
  • The domain—for example, dropbox.com—is not configured for Bypass Web Proxy on the Connect > End User Connectivity> Internet Security page. Any domains or IPs on this list will bypass Secure Access and be routed by your local DNS server. This list applies to PAC file and AnyConnect deployments.
  • When an application is blocked, a web notification page will not be displayed. Instead, an error message will be displayed in the application.

 

 

Harels
Level 1
Level 1

Thank you for your response,

I have enabled Decryption in my Security Profile and now uploads are being blocked as expected, but, I also have enabled File Type Blocking and it does not block files that I download from Whatsapp Web conversations.

From the info in the docs, it looks like this granularity about Download is not provided, only Upload

Darkmatter_0-1740497973523.png

 

From what I understand, this chart refers to Advanced Application Control and not File Type Blocking.
I am trying to configure File Type Blocking which is different.

Are your sure the file type you are downloading matches the file type you are blocking in Secure Access? If so you might want to open a TAC case to further look into the issue.

 

Yes, unfortunately, I am sure.