12-08-2022 05:48 AM - edited 12-08-2022 06:48 AM
I know this thread seems to be a few months old, but I wanted to add that I had to do this exact thing this morning on one of our FWs and it worked fine.
Whats-app chat and calls are still allowed.
however, file transferring (even voice notes) is not.
The rule I used looks like:
Basically, everything WhatsApp needs to work is allowed in this rule, except the 'whatsapp-file-transfer' application
Our catch-all-block-rule at the end of our security policies will catch the file transfers, which is not explicitly allowed anywhere, and block them.
We don't have any special decryption configured either. Palo Alto correctly classifies all this traffic so we could create this rule without issue.
We are using a PA460, on Firmware 10.2.3 if this helps.
@Thomasevig perhaps check your monitoring on the FW, while doing a file transfer on WhatsApp to see if your traffic is correctly classified. If yes, then this rule should work for you.
tbh - I was trying to get only uploads on WhatsApp blocked, with downloads still working. But I was unable to get this working. It is either a block all file transfer or nothing it seems.
