cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
883
Views
0
Helpful
3
Replies
Highlighted
Beginner

whatsapp in expilict mod s170

Hi all  

I have s170 in expilict mod  all apps in the client phone work fine except whatsapp

how can I make it work? Is it WSA issue or ASA?

your help is highly appreciated 

BR,

3 REPLIES 3
Highlighted
Beginner

Hi,

Hi,

Please check https://supportforums.cisco.com/discussion/11778191/allowing-whatsapp-through-proxy which provides a workaround for the issue.

Regards,

Kush

Highlighted
Beginner

thanks kushsriva

thanks kushsriva

thx for your replay

it is not clear for me

feature request  its bug should be fixed 

and by who 

BR,

Highlighted
Cisco Employee

Hi,

Hi,

Regarding WhatsApp traffic using WSA or any web proxy, this will be a big challenge. Below are the main reasons:

1. WhatsApp is not designed to work with any Web Proxy, this statement also confirmed by WhatsApp it self : http://www.whatsapp.com/faq/iphone/22025683 and https://www.whatsapp.com/faq/en/android/24478843
From the above link, this is the statement from WhatsAPP: "WhatsApp is not designed to be used with proxy or VPN services, so we cannot provide support for those configurations."

2. WhatsApp also uses non-HTTP/non-Web socket data channels /HTTPS, which contradicting with WSA which only support HTTP/HTTPS/FTP protocol as per RFC, source: https://www.whatsapp.com/faq/en/s40/22026203

3. For the point 2, WSA does have a feature request in place for WSA (CSCzv18663 - Treat servers that RST our Client Hello as non-SSL) however at this stage this feature request still not being implemented.

4. WhatsApp also uses XMPP protocol in which not supported by WSA since it will only do HTTP/HTTPS/FTP protocol.

For these reasons it would be suggested to control it on the Firewall itself instead of forcing unsupported protocol to work through the Web Security Appliance.

With the above conditions from WhatsApp itself, connection for WhatsAPP using web proxy may not work as it should be.

We would recommend to NOT redirect traffics that WhatsApp uses especially with ports: 5222, 5223, 5228, 4244, 5242 to the WSA (setting action as passthrough in WSA most likely will not help).

Below are some more information gathered from WhatsApp:
## IP addresses that whatsapp might be using for its connections:
https://www.whatsapp.com/cidr.txt