Hi Thomas,
On the firewall, the application description says, WhatsApp has integrated the TextSecure encryption protocol, which enforces certificate pinning to its most recent update. Due to this we can longer decrypt this application, and it will be added to the SSL exclude list. Policies enforcing "whatsapp-base" will continue to function normally, but policies using "whatsapp-file-transfer" can no longer be enforced.
Unfortunately firewall cannot see what is sent by the client in an encrypted packet (chat/upload, etc). Furthermore, the application does not like to get decrypted as it uses end-to-end encryption. This means that even if we do SSL inspection we won’t be able to see the content of a message.
Although you can block the URLs to which the traffic is traversing provided we have the SNI information, however from my personal experience, these URLs keeps changing from time to time.
Regards
... View more