Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
605
Views
1
Helpful
4
Replies

Cisco Umbrella - how to block what's app?

Go to solution
ziqex
Level 4
Level 4

‎10-24-2024 01:22 AM

Hi everyone,

I wanted to block WhatsApp completely on the network.

Application settings were used to block WhatsApp and destination lists were created and whatsapp.com & whatsapp.net added.

I can still access the pages. I am not seeing events for this traffic in Umbrella dashboard.

Don't have issues with other websites. Connection type IPsec tunnel to UMB DC. There are no exceptions for those domains directly on the tunnel. 

Any suggestions? The case is already with their support but wanted to ask in case someone come across something similar.

Thank you.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
ziqex
Level 4
Level 4
In response to howe

‎10-29-2024 04:55 AM

WhatsApp traffic bypasses SWG if it is coming via IPSec tunnel. This is due to the global exemption in the Cisco backend.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
howe
Level 1
Level 1

‎10-24-2024 02:13 AM - edited ‎10-24-2024 02:18 AM

Hi,

<EDIT: Actually read your question>

Given 'I am not seeing events for this traffic in Umbrella dashboard' it tells me that Umbrella isn't seeing any traffic and is thus unable to block the traffic or otherwise. 

When you say you arent seeing any events, can you confirm if you are seeing any DNS events? And if you do, its possible that these blocks are not applied on your DNS policy.  Im not overly familiar with whatsapp and what protocols its using, but it might be UDP and thus the web policy may be limited in scope.

Wireshark as usual will have the answers...might be worth going to policy-debug.checkumbrella.com and verifying you are hitting the expected policy, but regardlessof policy and block actions, if the traffic isnt in the dashboard, Umbrella isnt servicing those requests...

If you aren't seeing the DNS requests in your dashboard, then either the application isn't making DNS requests, or those DNS requests are being sent elsewhere. 

 

Go to solution
ziqex
Level 4
Level 4
In response to howe

‎10-24-2024 02:17 AM

Umbrella SIG Tunnel as the connection method

 

0 Helpful

Go to solution
ziqex
Level 4
Level 4
In response to howe

‎10-24-2024 06:57 AM

I am not seeing any web or dns events. 

I have used policy tested and it shows that the traffic should be blocked.

Umbrella supports suggests DNS is being hijacked / intercepted by the ISP.

However, the issue is present in various locations therefore contacting various providers will be very challenging

0 Helpful

Go to solution
ziqex
Level 4
Level 4
In response to howe

‎10-29-2024 04:55 AM

WhatsApp traffic bypasses SWG if it is coming via IPSec tunnel. This is due to the global exemption in the Cisco backend.

0 Helpful
Customers Also Viewed These Support Documents