Web Whatsapp not working through ProxySG/EdgeSWG
search cancel

Web Whatsapp not working through ProxySG/EdgeSWG

book

Article ID: 273198

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS Advanced Secure Gateway Software - ASG

Issue/Introduction

Whatsapp Web is not working through the Proxy. The website does not load the chat window

Environment

TEST ENVIRONMENT:

  • SW: SGOS 7.4.1.1
  • Chrome 115.0.5790.171
  • Proxy mode Explicit/Transparent, default DENY Policy

Cause

DOMAINS/SUBDOMAINS:

  • web.whatsapp.com
  • mmg.whatsapp.com
  • graph.whatsapp.com
  • crashlogs.whatsapp.net
  • cdn.whatsapp.net
  • snr.whatsapp.net
  • wa.me
  • whatsapp.com
  • whatsapp.net
  • crl3.digicert.com
  • crl4.digicert.com
  • digicert.com
  • oscp.digicert.com
  • pps.whatsapp.com
  • fbcdn.net

 

WEB.WHATSAPP DETAILS:

 

 

Resolution

Web Whatsapp application tends to not work properly via Proxy filtering. It is recommended to bypass it's servers or at least disable (detect_protocol, SSL-interception, HTTP/2, server validation)

 

####### EXPLICIT DEPLOYMENT #########

Create a CPL Layer in your VPM Policy and paste the code that contains both domains and Whatsapp IP ranges:

 

; ################# WHATSAPP BYPASS START #################
; Disables authentication via Proxy
<proxy>
condition=WhatsappURLS authenticate(no) ALLOW
; Disables HTTP/2 for Whatsapp Websockets
<proxy>
condition=WhatsappWebsockets http2.client.accept(no) http2.server.request(no)
; Disables protocol detection
<proxy>
condition=WhatsappURLS detect_protocol(none)
; Disables http manipulation
<proxy>
condition=WhatsappURLS http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
; Disables ICAP scanning
<cache>
condition=WhatsappURLS request.icap_service(no) response.icap_service(no)
; Disables CACHE
<cache>
condition=WhatsappURLS pipeline(no) cache(no)
; Disables SSL-Interception, packet inspection
<ssl-intercept>
condition=WhatsappURLS ssl.forward_proxy(no)
; Disables servers SSL certificate validation
<SSL>
condition=WhatsappURLS server.certificate.validate(no)

define condition WhatsappURLS
; domains for the WHATSAPP
url.domain="web.whatsapp.com"
url.domain="mmg.whatsapp.com"
url.domain="graph.whatsapp.com"
url.domain="crashlogs.whatsapp.net"
url.domain="cdn.whatsapp.net"
url.domain="snr.whatsapp.net"
url.domain="wa.me"
url.domain="whatsapp.com"
url.domain="whatsapp.net"
url.domain="crl3.digicert.com"
url.domain="crl4.digicert.com"
url.domain="digicert.com"
url.domain="oscp.digicert.com"
url.domain="pps.whatsapp.net"
url.domain="fbcdn.net"
; IP ranges for the WHATSAPP
url.address=3.33.221.48/32
url.address=3.33.252.61/32
url.address=15.197.206.217/32
url.address=15.197.210.208/32
url.address=31.13.64.60/31
url.address=31.13.65.49/32
url.address=31.13.65.50/32
url.address=31.13.66.51/32
url.address=31.13.66.56/32
url.address=31.13.67.52/31
url.address=31.13.68.60/31
url.address=31.13.69.60/31
url.address=31.13.70.49/32
url.address=31.13.70.50/32
url.address=31.13.71.49/32
url.address=31.13.71.50/32
url.address=31.13.72.48/32
url.address=31.13.72.52/32
url.address=31.13.73.52/31
url.address=31.13.74.52/31
url.address=31.13.75.60/31
url.address=31.13.76.60/31
url.address=31.13.77.60/31
url.address=31.13.78.60/31
url.address=31.13.79.53/32
url.address=31.13.79.54/32
url.address=31.13.80.48/32
url.address=31.13.80.53/32
url.address=31.13.81.48/32
url.address=31.13.81.53/32
url.address=31.13.82.51/32
url.address=31.13.82.55/32
url.address=31.13.83.49/32
url.address=31.13.83.51/32
url.address=31.13.84.49/32
url.address=31.13.84.51/32
url.address=31.13.85.49/32
url.address=31.13.85.51/32
url.address=31.13.86.49/32
url.address=31.13.86.51/32
url.address=31.13.87.48/32
url.address=31.13.87.51/32
url.address=31.13.88.60/31
url.address=31.13.89.53/32
url.address=31.13.89.54/32
url.address=31.13.90.60/31
url.address=31.13.91.60/31
url.address=31.13.92.48/32
url.address=31.13.92.52/32
url.address=31.13.93.53/32
url.address=31.13.93.54/32
url.address=31.13.94.52/32
url.address=31.13.94.54/32
url.address=31.13.95.60/31
url.address=34.192.181.12/32
url.address=34.193.38.112/32
url.address=34.194.71.217/32
url.address=34.194.255.230/32
url.address=69.171.250.60/31
url.address=102.132.96.54/31
url.address=102.132.97.54/31
url.address=102.132.98.60/31
url.address=102.132.99.60/31
url.address=102.132.100.60/31
url.address=102.132.101.60/31
url.address=102.132.102.60/31
url.address=102.132.103.60/31
url.address=102.132.104.60/31
url.address=102.132.105.60/31
url.address=102.132.106.60/31
url.address=102.132.107.60/31
url.address=102.132.108.60/31
url.address=102.132.109.60/31
url.address=102.132.110.60/31
url.address=102.132.111.60/31
url.address=157.240.0.60/31
url.address=157.240.1.60/31
url.address=157.240.2.53/32
url.address=157.240.2.54/32
url.address=157.240.3.54/31
url.address=157.240.4.60/31
url.address=157.240.5.60/31
url.address=157.240.6.53/32
url.address=157.240.6.54/32
url.address=157.240.7.53/32
url.address=157.240.7.54/32
url.address=157.240.8.53/32
url.address=157.240.8.54/32
url.address=157.240.9.53/32
url.address=157.240.9.54/32
url.address=157.240.10.53/32
url.address=157.240.10.54/32
url.address=157.240.11.53/32
url.address=157.240.11.54/32
url.address=157.240.12.53/32
url.address=157.240.12.54/32
url.address=157.240.13.54/31
url.address=157.240.14.52/31
url.address=157.240.15.60/31
url.address=157.240.16.52/31
url.address=157.240.17.60/31
url.address=157.240.18.52/31
url.address=157.240.19.53/32
url.address=157.240.19.54/32
url.address=157.240.20.52/31
url.address=157.240.21.52/31
url.address=157.240.22.53/32
url.address=157.240.22.54/32
url.address=157.240.23.53/32
url.address=157.240.23.54/32
url.address=157.240.24.60/31
url.address=157.240.25.60/31
url.address=157.240.26.54/31
url.address=157.240.27.54/31
url.address=157.240.28.51/32
url.address=157.240.28.55/32
url.address=157.240.29.60/31
url.address=157.240.30.54/31
url.address=157.240.31.60/31
url.address=157.240.192.52/32
url.address=157.240.192.55/32
url.address=157.240.193.60/31
url.address=157.240.194.54/31
url.address=157.240.195.54/32
url.address=157.240.195.56/32
url.address=157.240.196.60/31
url.address=157.240.197.60/31
url.address=157.240.198.60/31
url.address=157.240.199.60/31
url.address=157.240.200.60/31
url.address=157.240.201.60/31
url.address=157.240.202.60/31
url.address=157.240.203.60/31
url.address=157.240.204.60/31
url.address=157.240.205.60/31
url.address=157.240.206.60/31
url.address=157.240.207.60/31
url.address=157.240.208.60/31
url.address=157.240.209.60/31
url.address=157.240.210.60/31
url.address=157.240.211.60/31
url.address=157.240.212.60/31
url.address=157.240.213.60/31
url.address=157.240.214.60/31
url.address=157.240.215.60/31
url.address=157.240.216.60/31
url.address=157.240.217.60/31
url.address=157.240.218.60/31
url.address=157.240.219.60/31
url.address=157.240.220.60/31
url.address=157.240.221.60/31
url.address=157.240.222.60/31
url.address=157.240.223.60/31
url.address=157.240.224.60/31
url.address=157.240.225.60/31
url.address=157.240.226.60/31
url.address=157.240.227.60/31
url.address=157.240.228.60/31
url.address=157.240.229.60/31
url.address=157.240.231.60/31
url.address=157.240.232.60/31
url.address=157.240.233.60/31
url.address=157.240.234.60/31
url.address=157.240.235.60/31
url.address=157.240.236.60/31
url.address=157.240.237.60/31
url.address=157.240.238.60/31
url.address=157.240.239.60/31
url.address=157.240.240.60/31
url.address=157.240.241.60/31
url.address=157.240.242.60/31
url.address=157.240.243.60/31
url.address=157.240.244.60/31
url.address=157.240.245.60/31
url.address=157.240.246.60/31
url.address=157.240.247.60/31
url.address=157.240.248.60/31
url.address=157.240.249.60/31
url.address=157.240.250.60/31
url.address=157.240.251.60/31
url.address=157.240.252.60/31
url.address=157.240.253.60/31
url.address=157.240.254.60/31
url.address=163.70.128.60/31
url.address=163.70.129.60/31
url.address=163.70.130.60/31
url.address=163.70.131.60/31
url.address=163.70.132.60/31
url.address=163.70.133.60/31
url.address=163.70.134.60/31
url.address=163.70.135.60/31
url.address=163.70.136.60/31
url.address=163.70.137.60/31
url.address=163.70.138.60/31
url.address=163.70.139.60/31
url.address=163.70.140.60/31
url.address=163.70.141.60/31
url.address=163.70.142.60/31
url.address=163.70.143.60/31
url.address=163.70.144.60/31
url.address=163.70.145.60/31
url.address=163.70.146.60/31
url.address=163.70.147.60/31
url.address=163.70.148.60/31
url.address=163.70.149.60/31
url.address=163.70.150.60/31
url.address=163.70.151.60/31
url.address=163.70.152.60/31
url.address=163.70.153.60/31
url.address=163.70.154.60/31
url.address=163.70.155.60/31
url.address=163.70.156.60/31
url.address=163.70.157.60/31
url.address=163.70.158.60/31
url.address=163.70.159.60/31
url.address=179.60.192.49/32
url.address=179.60.192.51/32
url.address=179.60.193.60/31
url.address=179.60.194.53/32
url.address=179.60.194.54/32
url.address=179.60.195.49/32
url.address=179.60.195.51/32
url.address=185.60.216.53/32
url.address=185.60.216.54/32
url.address=185.60.217.53/32
url.address=185.60.217.54/32
url.address=185.60.218.53/32
url.address=185.60.218.54/32
url.address=185.60.219.60/31
end condition WhatsappURLS

define condition WhatsappWebsockets
; domains for the websockets
client.connection.ssl_server_name.suffix=.whatsapp.com
client.connection.ssl_server_name.suffix=.whatsapp.net
end condition WhatsappWebsockets

; ################# WHATSAPP BYPASS END #################

 

 

######## TRANSPARENT DEPLOYMENT ############

FROM CONFIGURE TERMINAL IN Edge SWG (ProxySG) CLI Copy all of the below and simply paste- These are all Whatsapp IP ranges.

ProxySG> enable

ProxySG# config t

ProxySG(config)# proxy-services

ProxySG(config proxy-services)# create tcp-tunnel Whatsapp

ProxySG(config proxy-services)# edit Whatsapp

add all 3.33.221.48/32 443

add all 3.33.252.61/32 443

add all 15.197.206.217/32 443

add all 15.197.210.208/32 443

add all 31.13.64.60/31 443

add all 31.13.65.49/32 443

add all 31.13.65.50/32 443

add all 31.13.66.51/32 443

add all 31.13.66.56/32 443

add all 31.13.67.52/31 443

add all 31.13.68.60/31 443

add all 31.13.69.60/31 443

add all 31.13.70.49/32 443

add all 31.13.70.50/32 443

add all 31.13.71.49/32 443

add all 31.13.71.50/32 443

add all 31.13.72.48/32 443

add all 31.13.72.52/32 443

add all 31.13.73.52/31 443

add all 31.13.74.52/31 443

add all 31.13.75.60/31 443

add all 31.13.76.60/31 443

add all 31.13.77.60/31 443

add all 31.13.78.60/31 443

add all 31.13.79.53/32 443

add all 31.13.79.54/32 443

add all 31.13.80.48/32 443

add all 31.13.80.53/32 443

add all 31.13.81.48/32 443

add all 31.13.81.53/32 443

add all 31.13.82.51/32 443

add all 31.13.82.55/32 443

add all 31.13.83.49/32 443

add all 31.13.83.51/32 443

add all 31.13.84.49/32 443

add all 31.13.84.51/32 443

add all 31.13.85.49/32 443

add all 31.13.85.51/32 443

add all 31.13.86.49/32 443

add all 31.13.86.51/32 443

add all 31.13.87.48/32 443

add all 31.13.87.51/32 443

add all 31.13.88.60/31 443

add all 31.13.89.53/32 443

add all 31.13.89.54/32 443

add all 31.13.90.60/31 443

add all 31.13.91.60/31 443

add all 31.13.92.48/32 443

add all 31.13.92.52/32 443

add all 31.13.93.53/32 443

add all 31.13.93.54/32 443

add all 31.13.94.52/32 443

add all 31.13.94.54/32 443

add all 31.13.95.60/31 443

add all 34.192.181.12/32 443

add all 34.193.38.112/32 443

add all 34.194.71.217/32 443

add all 34.194.255.230/32 443

add all 69.171.250.60/31 443

add all 102.132.96.54/31 443

add all 102.132.97.54/31 443

add all 102.132.98.60/31 443

add all 102.132.99.60/31 443

add all 102.132.100.60/31 443

add all 102.132.101.60/31 443

add all 102.132.102.60/31 443

add all 102.132.103.60/31 443

add all 102.132.104.60/31 443

add all 102.132.105.60/31 443

add all 102.132.106.60/31 443

add all 102.132.107.60/31 443

add all 102.132.108.60/31 443

add all 102.132.109.60/31 443

add all 102.132.110.60/31 443

add all 102.132.111.60/31 443

add all 157.240.0.60/31 443

add all 157.240.1.60/31 443

add all 157.240.2.53/32 443

add all 157.240.2.54/32 443

add all 157.240.3.54/31 443

add all 157.240.4.60/31 443

add all 157.240.5.60/31 443

add all 157.240.6.53/32 443

add all 157.240.6.54/32 443

add all 157.240.7.53/32 443

add all 157.240.7.54/32 443

add all 157.240.8.53/32 443

add all 157.240.8.54/32 443

add all 157.240.9.53/32 443

add all 157.240.9.54/32 443

add all 157.240.10.53/32 443

add all 157.240.10.54/32 443

add all 157.240.11.53/32 443

add all 157.240.11.54/32 443

add all 157.240.12.53/32 443

add all 157.240.12.54/32 443

add all 157.240.13.54/31 443

add all 157.240.14.52/31 443

add all 157.240.15.60/31 443

add all 157.240.16.52/31 443

add all 157.240.17.60/31 443

add all 157.240.18.52/31 443

add all 157.240.19.53/32 443

add all 157.240.19.54/32 443

add all 157.240.20.52/31 443

add all 157.240.21.52/31 443

add all 157.240.22.53/32 443

add all 157.240.22.54/32 443

add all 157.240.23.53/32 443

add all 157.240.23.54/32 443

add all 157.240.24.60/31 443

add all 157.240.25.60/31 443

add all 157.240.26.54/31 443

add all 157.240.27.54/31 443

add all 157.240.28.51/32 443

add all 157.240.28.55/32 443

add all 157.240.29.60/31 443

add all 157.240.30.54/31 443

add all 157.240.31.60/31 443

add all 157.240.192.52/32 443

add all 157.240.192.55/32 443

add all 157.240.193.60/31 443

add all 157.240.194.54/31 443

add all 157.240.195.54/32 443

add all 157.240.195.56/32 443

add all 157.240.196.60/31 443

add all 157.240.197.60/31 443

add all 157.240.198.60/31 443

add all 157.240.199.60/31 443

add all 157.240.200.60/31 443

add all 157.240.201.60/31 443

add all 157.240.202.60/31 443

add all 157.240.203.60/31 443

add all 157.240.204.60/31 443

add all 157.240.205.60/31 443

add all 157.240.206.60/31 443

add all 157.240.207.60/31 443

add all 157.240.208.60/31 443

add all 157.240.209.60/31 443

add all 157.240.210.60/31 443

add all 157.240.211.60/31 443

add all 157.240.212.60/31 443

add all 157.240.213.60/31 443

add all 157.240.214.60/31 443

add all 157.240.215.60/31 443

add all 157.240.216.60/31 443

add all 157.240.217.60/31 443

add all 157.240.218.60/31 443

add all 157.240.219.60/31 443

add all 157.240.220.60/31 443

add all 157.240.221.60/31 443

add all 157.240.222.60/31 443

add all 157.240.223.60/31 443

add all 157.240.224.60/31 443

add all 157.240.225.60/31 443

add all 157.240.226.60/31 443

add all 157.240.227.60/31 443

add all 157.240.228.60/31 443

add all 157.240.229.60/31 443

add all 157.240.231.60/31 443

add all 157.240.232.60/31 443

add all 157.240.233.60/31 443

add all 157.240.234.60/31 443

add all 157.240.235.60/31 443

add all 157.240.236.60/31 443

add all 157.240.237.60/31 443

add all 157.240.238.60/31 443

add all 157.240.239.60/31 443

add all 157.240.240.60/31 443

add all 157.240.241.60/31 443

add all 157.240.242.60/31 443

add all 157.240.243.60/31 443

add all 157.240.244.60/31 443

add all 157.240.245.60/31 443

add all 157.240.246.60/31 443

add all 157.240.247.60/31 443

add all 157.240.248.60/31 443

add all 157.240.249.60/31 443

add all 157.240.250.60/31 443

add all 157.240.251.60/31 443

add all 157.240.252.60/31 443

add all 157.240.253.60/31 443

add all 157.240.254.60/31 443

add all 163.70.128.60/31 443

add all 163.70.129.60/31 443

add all 163.70.130.60/31 443

add all 163.70.131.60/31 443

add all 163.70.132.60/31 443

add all 163.70.133.60/31 443

add all 163.70.134.60/31 443

add all 163.70.135.60/31 443

add all 163.70.136.60/31 443

add all 163.70.137.60/31 443

add all 163.70.138.60/31 443

add all 163.70.139.60/31 443

add all 163.70.140.60/31 443

add all 163.70.141.60/31 443

add all 163.70.142.60/31 443

add all 163.70.143.60/31 443

add all 163.70.144.60/31 443

add all 163.70.145.60/31 443

add all 163.70.146.60/31 443

add all 163.70.147.60/31 443

add all 163.70.148.60/31 443

add all 163.70.149.60/31 443

add all 163.70.150.60/31 443

add all 163.70.151.60/31 443

add all 163.70.152.60/31 443

add all 163.70.153.60/31 443

add all 163.70.154.60/31 443

add all 163.70.155.60/31 443

add all 163.70.156.60/31 443

add all 163.70.157.60/31 443

add all 163.70.158.60/31 443

add all 163.70.159.60/31 443

add all 179.60.192.49/32 443

add all 179.60.192.51/32 443

add all 179.60.193.60/31 443

add all 179.60.194.53/32 443

add all 179.60.194.54/32 443

add all 179.60.195.49/32 443

add all 179.60.195.51/32 443

add all 185.60.216.53/32 443

add all 185.60.216.54/32 443

add all 185.60.217.53/32 443

add all 185.60.217.54/32 443

add all 185.60.218.53/32 443

add all 185.60.218.54/32 443

add all 185.60.219.60/31 443

add all 3.33.221.48/32 5222

add all 3.33.252.61/32 5222

add all 15.197.206.217/32 5222

add all 15.197.210.208/32 5222

add all 31.13.64.60/31 5222

add all 31.13.65.49/32 5222

add all 31.13.65.50/32 5222

add all 31.13.66.51/32 5222

add all 31.13.66.56/32 5222

add all 31.13.67.52/31 5222

add all 31.13.68.60/31 5222

add all 31.13.69.60/31 5222

add all 31.13.70.49/32 5222

add all 31.13.70.50/32 5222

add all 31.13.71.49/32 5222

add all 31.13.71.50/32 5222

add all 31.13.72.48/32 5222

add all 31.13.72.52/32 5222

add all 31.13.73.52/31 5222

add all 31.13.74.52/31 5222

add all 31.13.75.60/31 5222

add all 31.13.76.60/31 5222

add all 31.13.77.60/31 5222

add all 31.13.78.60/31 5222

add all 31.13.79.53/32 5222

add all 31.13.79.54/32 5222

add all 31.13.80.48/32 5222

add all 31.13.80.53/32 5222

add all 31.13.81.48/32 5222

add all 31.13.81.53/32 5222

add all 31.13.82.51/32 5222

add all 31.13.82.55/32 5222

add all 31.13.83.49/32 5222

add all 31.13.83.51/32 5222

add all 31.13.84.49/32 5222

add all 31.13.84.51/32 5222

add all 31.13.85.49/32 5222

add all 31.13.85.51/32 5222

add all 31.13.86.49/32 5222

add all 31.13.86.51/32 5222

add all 31.13.87.48/32 5222

add all 31.13.87.51/32 5222

add all 31.13.88.60/31 5222

add all 31.13.89.53/32 5222

add all 31.13.89.54/32 5222

add all 31.13.90.60/31 5222

add all 31.13.91.60/31 5222

add all 31.13.92.48/32 5222

add all 31.13.92.52/32 5222

add all 31.13.93.53/32 5222

add all 31.13.93.54/32 5222

add all 31.13.94.52/32 5222

add all 31.13.94.54/32 5222

add all 31.13.95.60/31 5222

add all 34.192.181.12/32 5222

add all 34.193.38.112/32 5222

add all 34.194.71.217/32 5222

add all 34.194.255.230/32 5222

add all 69.171.250.60/31 5222

add all 102.132.96.54/31 5222

add all 102.132.97.54/31 5222

add all 102.132.98.60/31 5222

add all 102.132.99.60/31 5222

add all 102.132.100.60/31 5222

add all 102.132.101.60/31 5222

add all 102.132.102.60/31 5222

add all 102.132.103.60/31 5222

add all 102.132.104.60/31 5222

add all 102.132.105.60/31 5222

add all 102.132.106.60/31 5222

add all 102.132.107.60/31 5222

add all 102.132.108.60/31 5222

add all 102.132.109.60/31 5222

add all 102.132.110.60/31 5222

add all 102.132.111.60/31 5222

add all 157.240.0.60/31 5222

add all 157.240.1.60/31 5222

add all 157.240.2.53/32 5222

add all 157.240.2.54/32 5222

add all 157.240.3.54/31 5222

add all 157.240.4.60/31 5222

add all 157.240.5.60/31 5222

add all 157.240.6.53/32 5222

add all 157.240.6.54/32 5222

add all 157.240.7.53/32 5222

add all 157.240.7.54/32 5222

add all 157.240.8.53/32 5222

add all 157.240.8.54/32 5222

add all 157.240.9.53/32 5222

add all 157.240.9.54/32 5222

add all 157.240.10.53/32 5222

add all 157.240.10.54/32 5222

add all 157.240.11.53/32 5222

add all 157.240.11.54/32 5222

add all 157.240.12.53/32 5222

add all 157.240.12.54/32 5222

add all 157.240.13.54/31 5222

add all 157.240.14.52/31 5222

add all 157.240.15.60/31 5222

add all 157.240.16.52/31 5222

add all 157.240.17.60/31 5222

add all 157.240.18.52/31 5222

add all 157.240.19.53/32 5222

add all 157.240.19.54/32 5222

add all 157.240.20.52/31 5222

add all 157.240.21.52/31 5222

add all 157.240.22.53/32 5222

add all 157.240.22.54/32 5222

add all 157.240.23.53/32 5222

add all 157.240.23.54/32 5222

add all 157.240.24.60/31 5222

add all 157.240.25.60/31 5222

add all 157.240.26.54/31 5222

add all 157.240.27.54/31 5222

add all 157.240.28.51/32 5222

add all 157.240.28.55/32 5222

add all 157.240.29.60/31 5222

add all 157.240.30.54/31 5222

add all 157.240.31.60/31 5222

add all 157.240.192.52/32 5222

add all 157.240.192.55/32 5222

add all 157.240.193.60/31 5222

add all 157.240.194.54/31 5222

add all 157.240.195.54/32 5222

add all 157.240.195.56/32 5222

add all 157.240.196.60/31 5222

add all 157.240.197.60/31 5222

add all 157.240.198.60/31 5222

add all 157.240.199.60/31 5222

add all 157.240.200.60/31 5222

add all 157.240.201.60/31 5222

add all 157.240.202.60/31 5222

add all 157.240.203.60/31 5222

add all 157.240.204.60/31 5222

add all 157.240.205.60/31 5222

add all 157.240.206.60/31 5222

add all 157.240.207.60/31 5222

add all 157.240.208.60/31 5222

add all 157.240.209.60/31 5222

add all 157.240.210.60/31 5222

add all 157.240.211.60/31 5222

add all 157.240.212.60/31 5222

add all 157.240.213.60/31 5222

add all 157.240.214.60/31 5222

add all 157.240.215.60/31 5222

add all 157.240.216.60/31 5222

add all 157.240.217.60/31 5222

add all 157.240.218.60/31 5222

add all 157.240.219.60/31 5222

add all 157.240.220.60/31 5222

add all 157.240.221.60/31 5222

add all 157.240.222.60/31 5222

add all 157.240.223.60/31 5222

add all 157.240.224.60/31 5222

add all 157.240.225.60/31 5222

add all 157.240.226.60/31 5222

add all 157.240.227.60/31 5222

add all 157.240.228.60/31 5222

add all 157.240.229.60/31 5222

add all 157.240.231.60/31 5222

add all 157.240.232.60/31 5222

add all 157.240.233.60/31 5222

add all 157.240.234.60/31 5222

add all 157.240.235.60/31 5222

add all 157.240.236.60/31 5222

add all 157.240.237.60/31 5222

add all 157.240.238.60/31 5222

add all 157.240.239.60/31 5222

add all 157.240.240.60/31 5222

add all 157.240.241.60/31 5222

add all 157.240.242.60/31 5222

add all 157.240.243.60/31 5222

add all 157.240.244.60/31 5222

add all 157.240.245.60/31 5222

add all 157.240.246.60/31 5222

add all 157.240.247.60/31 5222

add all 157.240.248.60/31 5222

add all 157.240.249.60/31 5222

add all 157.240.250.60/31 5222

add all 157.240.251.60/31 5222

add all 157.240.252.60/31 5222

add all 157.240.253.60/31 5222

add all 157.240.254.60/31 5222

add all 163.70.128.60/31 5222

add all 163.70.129.60/31 5222

add all 163.70.130.60/31 5222

add all 163.70.131.60/31 5222

add all 163.70.132.60/31 5222

add all 163.70.133.60/31 5222

add all 163.70.134.60/31 5222

add all 163.70.135.60/31 5222

add all 163.70.136.60/31 5222

add all 163.70.137.60/31 5222

add all 163.70.138.60/31 5222

add all 163.70.139.60/31 5222

add all 163.70.140.60/31 5222

add all 163.70.141.60/31 5222

add all 163.70.142.60/31 5222

add all 163.70.143.60/31 5222

add all 163.70.144.60/31 5222

add all 163.70.145.60/31 5222

add all 163.70.146.60/31 5222

add all 163.70.147.60/31 5222

add all 163.70.148.60/31 5222

add all 163.70.149.60/31 5222

add all 163.70.150.60/31 5222

add all 163.70.151.60/31 5222

add all 163.70.152.60/31 5222

add all 163.70.153.60/31 5222

add all 163.70.154.60/31 5222

add all 163.70.155.60/31 5222

add all 163.70.156.60/31 5222

add all 163.70.157.60/31 5222

add all 163.70.158.60/31 5222

add all 163.70.159.60/31 5222

add all 179.60.192.49/32 5222

add all 179.60.192.51/32 5222

add all 179.60.193.60/31 5222

add all 179.60.194.53/32 5222

add all 179.60.194.54/32 5222

add all 179.60.195.49/32 5222

add all 179.60.195.51/32 5222

add all 185.60.216.53/32 5222

add all 185.60.216.54/32 5222

add all 185.60.217.53/32 5222

add all 185.60.217.54/32 5222

add all 185.60.218.53/32 5222

add all 185.60.218.54/32 5222

add all 185.60.219.60/31 5222

ProxySG(config proxy-services)# exit

 

Then create a CPL Layer in your VPM Policy and paste the code:

 

; ################# WHATSAPP BYPASS START #################
; Allow Whatsapp TCP tunnel
<Proxy>
service.name="Whatsapp" authenticate(no) ALLOW
; Disables authentication via Proxy
<proxy>
condition=WhatsappURLS authenticate(no) ALLOW
; Disables HTTP/2 for Whatsapp Websockets
<proxy>
condition=WhatsappWebsockets http2.client.accept(no) http2.server.request(no)
; Disables protocol detection
<proxy>
condition=WhatsappURLS detect_protocol(none)
; Disables http manipulation
<proxy>
condition=WhatsappURLS http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
; Disables ICAP scanning
<cache>
condition=WhatsappURLS request.icap_service(no) response.icap_service(no)
; Disables CACHE
<cache>
condition=WhatsappURLS pipeline(no) cache(no)
; Disables SSL-Interception, packet inspection
<ssl-intercept>
condition=WhatsappURLS ssl.forward_proxy(no)
; Disables servers SSL certificate validation
<SSL>
condition=WhatsappURLS server.certificate.validate(no)

define condition WhatsappURLS
; domains for the WHATSAPP
url.domain="web.whatsapp.com"
url.domain="mmg.whatsapp.com"
url.domain="graph.whatsapp.com"
url.domain="crashlogs.whatsapp.net"
url.domain="cdn.whatsapp.net"
url.domain="snr.whatsapp.net"
url.domain="wa.me"
url.domain="whatsapp.com"
url.domain="whatsapp.net"
url.domain="crl3.digicert.com"
url.domain="crl4.digicert.com"
url.domain="digicert.com"
url.domain="oscp.digicert.com"
url.domain="pps.whatsapp.net"
url.domain="fbcdn.net"
end condition WhatsappURLS

define condition WhatsappWebsockets
; domains for the websockets
client.connection.ssl_server_name.suffix=.whatsapp.com
client.connection.ssl_server_name.suffix=.whatsapp.net
end condition WhatsappWebsockets

; ################# WHATSAPP BYPASS END #################

Additional Information

PLEASE NOTE! If required on Transparent mode, please also enable outgoing traffic on port 5222 as Facebook recommends - https://developers.facebook.com/docs/whatsapp/guides/network-requirements/ 

 

If you want to link the CPL code to existing combined object (ex.Whatsapp-users) for the users IP that are allowed to access Whatsapp, you'll need to add additional line to CPL:

<Proxy>
client.address=Whatsapp-users service.name="Whatsapp" authenticate(no) ALLOW
; Disables authentication via Proxy
<proxy>
client.address=Whatsapp-users condition=WhatsappURLS authenticate(no) ALLOW

[...]

If the above settings does not work: 

  • please create a static route to the Whatsapp IP ranges on intermediary devices so the traffic won't go via Proxy
  • If running EXPLICIT mode the IP ranges or urls can be bypassed in PAC file

 

KB articles: