02-25-2015 09:32 AM - edited 03-11-2019 10:33 PM
Hi,
We have a Cisco ASA 5520 SSM 10 with IOS 8.2.4.Now we are wanting to allow whatsApp from our enterprise network.We have tried to allow whatsApp from trend micro proxy server but WhasApp not working through proxy server .
We have decided that we will allow the WhatsApp users ip with dynamic nat with Cisco ASA public IP.
Before finalize need some help from you.
1)what will be the security risk ?
2)Can we allow only WhatsApp trafic from ASA (WhatsApp works on 443 and 5222)?
3)Can we configure any url filter in Cisco ASA ?
Regards
Debabrata
02-28-2015 08:30 AM
Hi,
As per your implementation , you are looking at using the Dynamic NAT on the ASA device so the security risk is minimal.
2) I think this might be possible but you would like to make sure that there is no other port being used by the application.
3) As u ant to allow the traffic , i don't think you need to go with the URL filtering option and also that will not work as the traffic is SSL encrypted.
Thanks and Regards,
Vibhor Amrodia
02-28-2015 09:32 AM
Hi,
Thanks for reply,
As we know that if we allow any user's IP with dynamic NAT ,user can access any thing from internet.
Actualy we want allow whatsApp but at the same time want make sure that user will be safe from the below mentioned threat
like viruses, worms, Trojans, and other threats in SMTP, POP3, HTTP, and FTP network traffic,Block URLs that we do not want employees to access, or URLs that are known to have hidden or malicious purposes.
Is ASA can do this ? if yes then how we will proceed ?
Is there any device or software from cisco security solution to fulfill our requirement ?
03-15-2020 06:47 AM
Dear Debabrata,
In order to allow WahtsApp to pass trough ASA firewall (inside -> outside) you need to:
example: access-list acl_inside line 1 extended permit udp object insidenet any eq 3478
example: access-list acl_inside line 2 extended permit tcp object insidenet any range 5222 5228
Also, I assume you have already allowed:
Regards,
Stefan Rusev
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide