07-31-2023 09:37 PM - edited 07-31-2023 10:41 PM
Recently iPhone users only facing in WhatsApp "connecting" message, User could not send a message and make a call
on corporate wireless network But, working in mobile network.
It was working before, day by day users facing this issue is increasing. Still WhatsApp working for some of the iPhone users on same wireless network.
Tried IOS software update and WhatsApp update as well but no luck.
Same is working for all andriod users even on old version of WhatsApp.
in firewall end, WhatsApp traffic is cannot recognized as whatsapp-base for iphone. it shows as unknown-tcp.
No recent changes in our firewall end.
11-13-2023 08:03 PM
@MichaelJonker can you help me to know the status of the TAC case please
11-16-2023 08:43 AM
Hello CyberEye!
I'm affraid I have no news. I'm also waiting on an update. The latest information I have is that TAC might want to create a policy in our firewall to allow a specific part of the Whatsapp-traffic so they could do another pcap on it. That would be in addition to the captures I already sent. That was end October. But I haven't heard anything since then.
I'll keep you guys posted.
11-22-2023 12:20 AM
Tac closed for us because the problem has been solved with content update.
11-22-2023 12:33 AM
which content version please
11-22-2023 02:22 AM
HI,
my question is if you will have a decrypt policy for this kind of traffic will the application be 'Known'.
the ''unknown-tcp'' is caused by not enough data in the three-way-handshake, so if the firewall will have a decrypt he would be able to see the traffic, further more than the three-way-handshake.
and maybe than will need to create an application override policy
i will do a lab and try this, i will let you know.
11-22-2023 02:39 AM
Whatsapp traffic isn't decrypted by default because there is a predifined SSL decryption Exclusion for this kind of traffic :
It seems, whats app traffic can't be decrypted correctly so Palo Alto made this Exclusion but the App can be recognized and filtered :
11-22-2023 02:52 AM
so there is a problem with decrypting a whatsapp traffic?
i had this question with my team on palo app-id, when you dont have a decryption rule to wich extent the app-id is correct, and what happens if i go to another site in the first site since after the handshake the data is encrypted the palo cant know it.
so my question is if the decrypt will help palo distinguish the app-id better than without or all of the application signatures is made for the traffic without decrypt rule.
11-22-2023 04:00 AM
In my opinion, Palo Alto SSL decryption can't decrypt proprietary protocol like Whatsapp so Palo Alto Team decide to predefined an SSL exclusion.
I tried to disable this exclusion month ago but it was worst. Nothing worked but you can retry to test this on your side and let us know.
But without SSL decryption, App-id works well for us so no problem.
11-22-2023 05:00 AM
where did you find this part?
im searching for it in my lab.
11-22-2023 05:03 AM
Device -> Certificate Management -> SSL Decryption Exclusion
11-23-2023 01:27 AM
Yesterday I learned TAC is still working on our case but they're having technical diffculties replicating this issue. So they're still busy researching this and will update our security-partner and me on progress.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
