Web Whatsapp not working through ProxySG/EdgeSWG
Article ID: 273198
Updated On:
Products
Issue/Introduction
Whatsapp Web is not working through the Proxy. The website does not load the chat window
Environment
TEST ENVIRONMENT:
- SW: SGOS 7.4.1.1
- Chrome 115.0.5790.171
- Proxy mode Explicit/Transparent, default DENY Policy
Cause
DOMAINS/SUBDOMAINS:
- web.whatsapp.com
- mmg.whatsapp.com
- graph.whatsapp.com
- crashlogs.whatsapp.net
- cdn.whatsapp.net
- snr.whatsapp.net
- wa.me
- whatsapp.com
- whatsapp.net
- crl3.digicert.com
- crl4.digicert.com
- digicert.com
- oscp.digicert.com
- pps.whatsapp.com
- fbcdn.net
WEB.WHATSAPP DETAILS:
- SITEREVIEW CATEGORY: Chat (IM)/SMS
- TLS: TLS 1.2/1.3 supported
- HSTS: yes
- Websockets: yes
- HTTP/2 supported: yes (at the moment it is recommended to disable HTTP/2 for the Whatsapp)
- Whatsapp Application: Subnets: WhatsApp - Domains, IPs and App Information (netify.ai)
- Official Whatsapp IP ranges: https://developers.facebook.com/docs/whatsapp/guides/network-requirements/ (updated July 26, 2022, applicable beginning July 26, 2022)
- PORTS: 443 , 5222
Resolution
Web Whatsapp application tends to not work properly via Proxy filtering. It is recommended to bypass it's servers or at least disable (detect_protocol, SSL-interception, HTTP/2, server validation)
####### EXPLICIT DEPLOYMENT #########
Create a CPL Layer in your VPM Policy and paste the code that contains both domains and Whatsapp IP ranges:
; ################# WHATSAPP BYPASS START #################
; Disables authentication via Proxy
<proxy>
condition=WhatsappURLS authenticate(no) ALLOW
; Disables HTTP/2 for Whatsapp Websockets
<proxy>
condition=WhatsappWebsockets http2.client.accept(no) http2.server.request(no)
; Disables protocol detection
<proxy>
condition=WhatsappURLS detect_protocol(none)
; Disables http manipulation
<proxy>
condition=WhatsappURLS http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
; Disables ICAP scanning
<cache>
condition=WhatsappURLS request.icap_service(no) response.icap_service(no)
; Disables CACHE
<cache>
condition=WhatsappURLS pipeline(no) cache(no)
; Disables SSL-Interception, packet inspection
<ssl-intercept>
condition=WhatsappURLS ssl.forward_proxy(no)
; Disables servers SSL certificate validation
<SSL>
condition=WhatsappURLS server.certificate.validate(no)
define condition WhatsappURLS
; domains for the WHATSAPP
url.domain="web.whatsapp.com"
url.domain="mmg.whatsapp.com"
url.domain="graph.whatsapp.com"
url.domain="crashlogs.whatsapp.net"
url.domain="cdn.whatsapp.net"
url.domain="snr.whatsapp.net"
url.domain="wa.me"
url.domain="whatsapp.com"
url.domain="whatsapp.net"
url.domain="crl3.digicert.com"
url.domain="crl4.digicert.com"
url.domain="digicert.com"
url.domain="oscp.digicert.com"
url.domain="pps.whatsapp.net"
url.domain="fbcdn.net"
; IP ranges for the WHATSAPP
url.address=3.33.221.48/32
url.address=3.33.252.61/32
url.address=15.197.206.217/32
url.address=15.197.210.208/32
url.address=31.13.64.60/31
url.address=31.13.65.49/32
url.address=31.13.65.50/32
url.address=31.13.66.51/32
url.address=31.13.66.56/32
url.address=31.13.67.52/31
url.address=31.13.68.60/31
url.address=31.13.69.60/31
url.address=31.13.70.49/32
url.address=31.13.70.50/32
url.address=31.13.71.49/32
url.address=31.13.71.50/32
url.address=31.13.72.48/32
url.address=31.13.72.52/32
url.address=31.13.73.52/31
url.address=31.13.74.52/31
url.address=31.13.75.60/31
url.address=31.13.76.60/31
url.address=31.13.77.60/31
url.address=31.13.78.60/31
url.address=31.13.79.53/32
url.address=31.13.79.54/32
url.address=31.13.80.48/32
url.address=31.13.80.53/32
url.address=31.13.81.48/32
url.address=31.13.81.53/32
url.address=31.13.82.51/32
url.address=31.13.82.55/32
url.address=31.13.83.49/32
url.address=31.13.83.51/32
url.address=31.13.84.49/32
url.address=31.13.84.51/32
url.address=31.13.85.49/32
url.address=31.13.85.51/32
url.address=31.13.86.49/32
url.address=31.13.86.51/32
url.address=31.13.87.48/32
url.address=31.13.87.51/32
url.address=31.13.88.60/31
url.address=31.13.89.53/32
url.address=31.13.89.54/32
url.address=31.13.90.60/31
url.address=31.13.91.60/31
url.address=31.13.92.48/32
url.address=31.13.92.52/32
url.address=31.13.93.53/32
url.address=31.13.93.54/32
url.address=31.13.94.52/32
url.address=31.13.94.54/32
url.address=31.13.95.60/31
url.address=34.192.181.12/32
url.address=34.193.38.112/32
url.address=34.194.71.217/32
url.address=34.194.255.230/32
url.address=69.171.250.60/31
url.address=102.132.96.54/31
url.address=102.132.97.54/31
url.address=102.132.98.60/31
url.address=102.132.99.60/31
url.address=102.132.100.60/31
url.address=102.132.101.60/31
url.address=102.132.102.60/31
url.address=102.132.103.60/31
url.address=102.132.104.60/31
url.address=102.132.105.60/31
url.address=102.132.106.60/31
url.address=102.132.107.60/31
url.address=102.132.108.60/31
url.address=102.132.109.60/31
url.address=102.132.110.60/31
url.address=102.132.111.60/31
url.address=157.240.0.60/31
url.address=157.240.1.60/31
url.address=157.240.2.53/32
url.address=157.240.2.54/32
url.address=157.240.3.54/31
url.address=157.240.4.60/31
url.address=157.240.5.60/31
url.address=157.240.6.53/32
url.address=157.240.6.54/32
url.address=157.240.7.53/32
url.address=157.240.7.54/32
url.address=157.240.8.53/32
url.address=157.240.8.54/32
url.address=157.240.9.53/32
url.address=157.240.9.54/32
url.address=157.240.10.53/32
url.address=157.240.10.54/32
url.address=157.240.11.53/32
url.address=157.240.11.54/32
url.address=157.240.12.53/32
url.address=157.240.12.54/32
url.address=157.240.13.54/31
url.address=157.240.14.52/31
url.address=157.240.15.60/31
url.address=157.240.16.52/31
url.address=157.240.17.60/31
url.address=157.240.18.52/31
url.address=157.240.19.53/32
url.address=157.240.19.54/32
url.address=157.240.20.52/31
url.address=157.240.21.52/31
url.address=157.240.22.53/32
url.address=157.240.22.54/32
url.address=157.240.23.53/32
url.address=157.240.23.54/32
url.address=157.240.24.60/31
url.address=157.240.25.60/31
url.address=157.240.26.54/31
url.address=157.240.27.54/31
url.address=157.240.28.51/32
url.address=157.240.28.55/32
url.address=157.240.29.60/31
url.address=157.240.30.54/31
url.address=157.240.31.60/31
url.address=157.240.192.52/32
url.address=157.240.192.55/32
url.address=157.240.193.60/31
url.address=157.240.194.54/31
url.address=157.240.195.54/32
url.address=157.240.195.56/32
url.address=157.240.196.60/31
url.address=157.240.197.60/31
url.address=157.240.198.60/31
url.address=157.240.199.60/31
url.address=157.240.200.60/31
url.address=157.240.201.60/31
url.address=157.240.202.60/31
url.address=157.240.203.60/31
url.address=157.240.204.60/31
url.address=157.240.205.60/31
url.address=157.240.206.60/31
url.address=157.240.207.60/31
url.address=157.240.208.60/31
url.address=157.240.209.60/31
url.address=157.240.210.60/31
url.address=157.240.211.60/31
url.address=157.240.212.60/31
url.address=157.240.213.60/31
url.address=157.240.214.60/31
url.address=157.240.215.60/31
url.address=157.240.216.60/31
url.address=157.240.217.60/31
url.address=157.240.218.60/31
url.address=157.240.219.60/31
url.address=157.240.220.60/31
url.address=157.240.221.60/31
url.address=157.240.222.60/31
url.address=157.240.223.60/31
url.address=157.240.224.60/31
url.address=157.240.225.60/31
url.address=157.240.226.60/31
url.address=157.240.227.60/31
url.address=157.240.228.60/31
url.address=157.240.229.60/31
url.address=157.240.231.60/31
url.address=157.240.232.60/31
url.address=157.240.233.60/31
url.address=157.240.234.60/31
url.address=157.240.235.60/31
url.address=157.240.236.60/31
url.address=157.240.237.60/31
url.address=157.240.238.60/31
url.address=157.240.239.60/31
url.address=157.240.240.60/31
url.address=157.240.241.60/31
url.address=157.240.242.60/31
url.address=157.240.243.60/31
url.address=157.240.244.60/31
url.address=157.240.245.60/31
url.address=157.240.246.60/31
url.address=157.240.247.60/31
url.address=157.240.248.60/31
url.address=157.240.249.60/31
url.address=157.240.250.60/31
url.address=157.240.251.60/31
url.address=157.240.252.60/31
url.address=157.240.253.60/31
url.address=157.240.254.60/31
url.address=163.70.128.60/31
url.address=163.70.129.60/31
url.address=163.70.130.60/31
url.address=163.70.131.60/31
url.address=163.70.132.60/31
url.address=163.70.133.60/31
url.address=163.70.134.60/31
url.address=163.70.135.60/31
url.address=163.70.136.60/31
url.address=163.70.137.60/31
url.address=163.70.138.60/31
url.address=163.70.139.60/31
url.address=163.70.140.60/31
url.address=163.70.141.60/31
url.address=163.70.142.60/31
url.address=163.70.143.60/31
url.address=163.70.144.60/31
url.address=163.70.145.60/31
url.address=163.70.146.60/31
url.address=163.70.147.60/31
url.address=163.70.148.60/31
url.address=163.70.149.60/31
url.address=163.70.150.60/31
url.address=163.70.151.60/31
url.address=163.70.152.60/31
url.address=163.70.153.60/31
url.address=163.70.154.60/31
url.address=163.70.155.60/31
url.address=163.70.156.60/31
url.address=163.70.157.60/31
url.address=163.70.158.60/31
url.address=163.70.159.60/31
url.address=179.60.192.49/32
url.address=179.60.192.51/32
url.address=179.60.193.60/31
url.address=179.60.194.53/32
url.address=179.60.194.54/32
url.address=179.60.195.49/32
url.address=179.60.195.51/32
url.address=185.60.216.53/32
url.address=185.60.216.54/32
url.address=185.60.217.53/32
url.address=185.60.217.54/32
url.address=185.60.218.53/32
url.address=185.60.218.54/32
url.address=185.60.219.60/31
end condition WhatsappURLS
define condition WhatsappWebsockets
; domains for the websockets
client.connection.ssl_server_name.suffix=.whatsapp.com
client.connection.ssl_server_name.suffix=.whatsapp.net
end condition WhatsappWebsockets
; ################# WHATSAPP BYPASS END #################
######## TRANSPARENT DEPLOYMENT ############
FROM CONFIGURE TERMINAL IN Edge SWG (ProxySG) CLI Copy all of the below and simply paste- These are all Whatsapp IP ranges.
ProxySG> enable
ProxySG# config t
ProxySG(config)# proxy-services
ProxySG(config proxy-services)# create tcp-tunnel Whatsapp
ProxySG(config proxy-services)# edit Whatsapp
add all 3.33.221.48/32 443
add all 3.33.252.61/32 443
add all 15.197.206.217/32 443
add all 15.197.210.208/32 443
add all 31.13.64.60/31 443
add all 31.13.65.49/32 443
add all 31.13.65.50/32 443
add all 31.13.66.51/32 443
add all 31.13.66.56/32 443
add all 31.13.67.52/31 443
add all 31.13.68.60/31 443
add all 31.13.69.60/31 443
add all 31.13.70.49/32 443
add all 31.13.70.50/32 443
add all 31.13.71.49/32 443
add all 31.13.71.50/32 443
add all 31.13.72.48/32 443
add all 31.13.72.52/32 443
add all 31.13.73.52/31 443
add all 31.13.74.52/31 443
add all 31.13.75.60/31 443
add all 31.13.76.60/31 443
add all 31.13.77.60/31 443
add all 31.13.78.60/31 443
add all 31.13.79.53/32 443
add all 31.13.79.54/32 443
add all 31.13.80.48/32 443
add all 31.13.80.53/32 443
add all 31.13.81.48/32 443
add all 31.13.81.53/32 443
add all 31.13.82.51/32 443
add all 31.13.82.55/32 443
add all 31.13.83.49/32 443
add all 31.13.83.51/32 443
add all 31.13.84.49/32 443
add all 31.13.84.51/32 443
add all 31.13.85.49/32 443
add all 31.13.85.51/32 443
add all 31.13.86.49/32 443
add all 31.13.86.51/32 443
add all 31.13.87.48/32 443
add all 31.13.87.51/32 443
add all 31.13.88.60/31 443
add all 31.13.89.53/32 443
add all 31.13.89.54/32 443
add all 31.13.90.60/31 443
add all 31.13.91.60/31 443
add all 31.13.92.48/32 443
add all 31.13.92.52/32 443
add all 31.13.93.53/32 443
add all 31.13.93.54/32 443
add all 31.13.94.52/32 443
add all 31.13.94.54/32 443
add all 31.13.95.60/31 443
add all 34.192.181.12/32 443
add all 34.193.38.112/32 443
add all 34.194.71.217/32 443
add all 34.194.255.230/32 443
add all 69.171.250.60/31 443
add all 102.132.96.54/31 443
add all 102.132.97.54/31 443
add all 102.132.98.60/31 443
add all 102.132.99.60/31 443
add all 102.132.100.60/31 443
add all 102.132.101.60/31 443
add all 102.132.102.60/31 443
add all 102.132.103.60/31 443
add all 102.132.104.60/31 443
add all 102.132.105.60/31 443
add all 102.132.106.60/31 443
add all 102.132.107.60/31 443
add all 102.132.108.60/31 443
add all 102.132.109.60/31 443
add all 102.132.110.60/31 443
add all 102.132.111.60/31 443
add all 157.240.0.60/31 443
add all 157.240.1.60/31 443
add all 157.240.2.53/32 443
add all 157.240.2.54/32 443
add all 157.240.3.54/31 443
add all 157.240.4.60/31 443
add all 157.240.5.60/31 443
add all 157.240.6.53/32 443
add all 157.240.6.54/32 443
add all 157.240.7.53/32 443
add all 157.240.7.54/32 443
add all 157.240.8.53/32 443
add all 157.240.8.54/32 443
add all 157.240.9.53/32 443
add all 157.240.9.54/32 443
add all 157.240.10.53/32 443
add all 157.240.10.54/32 443
add all 157.240.11.53/32 443
add all 157.240.11.54/32 443
add all 157.240.12.53/32 443
add all 157.240.12.54/32 443
add all 157.240.13.54/31 443
add all 157.240.14.52/31 443
add all 157.240.15.60/31 443
add all 157.240.16.52/31 443
add all 157.240.17.60/31 443
add all 157.240.18.52/31 443
add all 157.240.19.53/32 443
add all 157.240.19.54/32 443
add all 157.240.20.52/31 443
add all 157.240.21.52/31 443
add all 157.240.22.53/32 443
add all 157.240.22.54/32 443
add all 157.240.23.53/32 443
add all 157.240.23.54/32 443
add all 157.240.24.60/31 443
add all 157.240.25.60/31 443
add all 157.240.26.54/31 443
add all 157.240.27.54/31 443
add all 157.240.28.51/32 443
add all 157.240.28.55/32 443
add all 157.240.29.60/31 443
add all 157.240.30.54/31 443
add all 157.240.31.60/31 443
add all 157.240.192.52/32 443
add all 157.240.192.55/32 443
add all 157.240.193.60/31 443
add all 157.240.194.54/31 443
add all 157.240.195.54/32 443
add all 157.240.195.56/32 443
add all 157.240.196.60/31 443
add all 157.240.197.60/31 443
add all 157.240.198.60/31 443
add all 157.240.199.60/31 443
add all 157.240.200.60/31 443
add all 157.240.201.60/31 443
add all 157.240.202.60/31 443
add all 157.240.203.60/31 443
add all 157.240.204.60/31 443
add all 157.240.205.60/31 443
add all 157.240.206.60/31 443
add all 157.240.207.60/31 443
add all 157.240.208.60/31 443
add all 157.240.209.60/31 443
add all 157.240.210.60/31 443
add all 157.240.211.60/31 443
add all 157.240.212.60/31 443
add all 157.240.213.60/31 443
add all 157.240.214.60/31 443
add all 157.240.215.60/31 443
add all 157.240.216.60/31 443
add all 157.240.217.60/31 443
add all 157.240.218.60/31 443
add all 157.240.219.60/31 443
add all 157.240.220.60/31 443
add all 157.240.221.60/31 443
add all 157.240.222.60/31 443
add all 157.240.223.60/31 443
add all 157.240.224.60/31 443
add all 157.240.225.60/31 443
add all 157.240.226.60/31 443
add all 157.240.227.60/31 443
add all 157.240.228.60/31 443
add all 157.240.229.60/31 443
add all 157.240.231.60/31 443
add all 157.240.232.60/31 443
add all 157.240.233.60/31 443
add all 157.240.234.60/31 443
add all 157.240.235.60/31 443
add all 157.240.236.60/31 443
add all 157.240.237.60/31 443
add all 157.240.238.60/31 443
add all 157.240.239.60/31 443
add all 157.240.240.60/31 443
add all 157.240.241.60/31 443
add all 157.240.242.60/31 443
add all 157.240.243.60/31 443
add all 157.240.244.60/31 443
add all 157.240.245.60/31 443
add all 157.240.246.60/31 443
add all 157.240.247.60/31 443
add all 157.240.248.60/31 443
add all 157.240.249.60/31 443
add all 157.240.250.60/31 443
add all 157.240.251.60/31 443
add all 157.240.252.60/31 443
add all 157.240.253.60/31 443
add all 157.240.254.60/31 443
add all 163.70.128.60/31 443
add all 163.70.129.60/31 443
add all 163.70.130.60/31 443
add all 163.70.131.60/31 443
add all 163.70.132.60/31 443
add all 163.70.133.60/31 443
add all 163.70.134.60/31 443
add all 163.70.135.60/31 443
add all 163.70.136.60/31 443
add all 163.70.137.60/31 443
add all 163.70.138.60/31 443
add all 163.70.139.60/31 443
add all 163.70.140.60/31 443
add all 163.70.141.60/31 443
add all 163.70.142.60/31 443
add all 163.70.143.60/31 443
add all 163.70.144.60/31 443
add all 163.70.145.60/31 443
add all 163.70.146.60/31 443
add all 163.70.147.60/31 443
add all 163.70.148.60/31 443
add all 163.70.149.60/31 443
add all 163.70.150.60/31 443
add all 163.70.151.60/31 443
add all 163.70.152.60/31 443
add all 163.70.153.60/31 443
add all 163.70.154.60/31 443
add all 163.70.155.60/31 443
add all 163.70.156.60/31 443
add all 163.70.157.60/31 443
add all 163.70.158.60/31 443
add all 163.70.159.60/31 443
add all 179.60.192.49/32 443
add all 179.60.192.51/32 443
add all 179.60.193.60/31 443
add all 179.60.194.53/32 443
add all 179.60.194.54/32 443
add all 179.60.195.49/32 443
add all 179.60.195.51/32 443
add all 185.60.216.53/32 443
add all 185.60.216.54/32 443
add all 185.60.217.53/32 443
add all 185.60.217.54/32 443
add all 185.60.218.53/32 443
add all 185.60.218.54/32 443
add all 185.60.219.60/31 443
add all 3.33.221.48/32 5222
add all 3.33.252.61/32 5222
add all 15.197.206.217/32 5222
add all 15.197.210.208/32 5222
add all 31.13.64.60/31 5222
add all 31.13.65.49/32 5222
add all 31.13.65.50/32 5222
add all 31.13.66.51/32 5222
add all 31.13.66.56/32 5222
add all 31.13.67.52/31 5222
add all 31.13.68.60/31 5222
add all 31.13.69.60/31 5222
add all 31.13.70.49/32 5222
add all 31.13.70.50/32 5222
add all 31.13.71.49/32 5222
add all 31.13.71.50/32 5222
add all 31.13.72.48/32 5222
add all 31.13.72.52/32 5222
add all 31.13.73.52/31 5222
add all 31.13.74.52/31 5222
add all 31.13.75.60/31 5222
add all 31.13.76.60/31 5222
add all 31.13.77.60/31 5222
add all 31.13.78.60/31 5222
add all 31.13.79.53/32 5222
add all 31.13.79.54/32 5222
add all 31.13.80.48/32 5222
add all 31.13.80.53/32 5222
add all 31.13.81.48/32 5222
add all 31.13.81.53/32 5222
add all 31.13.82.51/32 5222
add all 31.13.82.55/32 5222
add all 31.13.83.49/32 5222
add all 31.13.83.51/32 5222
add all 31.13.84.49/32 5222
add all 31.13.84.51/32 5222
add all 31.13.85.49/32 5222
add all 31.13.85.51/32 5222
add all 31.13.86.49/32 5222
add all 31.13.86.51/32 5222
add all 31.13.87.48/32 5222
add all 31.13.87.51/32 5222
add all 31.13.88.60/31 5222
add all 31.13.89.53/32 5222
add all 31.13.89.54/32 5222
add all 31.13.90.60/31 5222
add all 31.13.91.60/31 5222
add all 31.13.92.48/32 5222
add all 31.13.92.52/32 5222
add all 31.13.93.53/32 5222
add all 31.13.93.54/32 5222
add all 31.13.94.52/32 5222
add all 31.13.94.54/32 5222
add all 31.13.95.60/31 5222
add all 34.192.181.12/32 5222
add all 34.193.38.112/32 5222
add all 34.194.71.217/32 5222
add all 34.194.255.230/32 5222
add all 69.171.250.60/31 5222
add all 102.132.96.54/31 5222
add all 102.132.97.54/31 5222
add all 102.132.98.60/31 5222
add all 102.132.99.60/31 5222
add all 102.132.100.60/31 5222
add all 102.132.101.60/31 5222
add all 102.132.102.60/31 5222
add all 102.132.103.60/31 5222
add all 102.132.104.60/31 5222
add all 102.132.105.60/31 5222
add all 102.132.106.60/31 5222
add all 102.132.107.60/31 5222
add all 102.132.108.60/31 5222
add all 102.132.109.60/31 5222
add all 102.132.110.60/31 5222
add all 102.132.111.60/31 5222
add all 157.240.0.60/31 5222
add all 157.240.1.60/31 5222
add all 157.240.2.53/32 5222
add all 157.240.2.54/32 5222
add all 157.240.3.54/31 5222
add all 157.240.4.60/31 5222
add all 157.240.5.60/31 5222
add all 157.240.6.53/32 5222
add all 157.240.6.54/32 5222
add all 157.240.7.53/32 5222
add all 157.240.7.54/32 5222
add all 157.240.8.53/32 5222
add all 157.240.8.54/32 5222
add all 157.240.9.53/32 5222
add all 157.240.9.54/32 5222
add all 157.240.10.53/32 5222
add all 157.240.10.54/32 5222
add all 157.240.11.53/32 5222
add all 157.240.11.54/32 5222
add all 157.240.12.53/32 5222
add all 157.240.12.54/32 5222
add all 157.240.13.54/31 5222
add all 157.240.14.52/31 5222
add all 157.240.15.60/31 5222
add all 157.240.16.52/31 5222
add all 157.240.17.60/31 5222
add all 157.240.18.52/31 5222
add all 157.240.19.53/32 5222
add all 157.240.19.54/32 5222
add all 157.240.20.52/31 5222
add all 157.240.21.52/31 5222
add all 157.240.22.53/32 5222
add all 157.240.22.54/32 5222
add all 157.240.23.53/32 5222
add all 157.240.23.54/32 5222
add all 157.240.24.60/31 5222
add all 157.240.25.60/31 5222
add all 157.240.26.54/31 5222
add all 157.240.27.54/31 5222
add all 157.240.28.51/32 5222
add all 157.240.28.55/32 5222
add all 157.240.29.60/31 5222
add all 157.240.30.54/31 5222
add all 157.240.31.60/31 5222
add all 157.240.192.52/32 5222
add all 157.240.192.55/32 5222
add all 157.240.193.60/31 5222
add all 157.240.194.54/31 5222
add all 157.240.195.54/32 5222
add all 157.240.195.56/32 5222
add all 157.240.196.60/31 5222
add all 157.240.197.60/31 5222
add all 157.240.198.60/31 5222
add all 157.240.199.60/31 5222
add all 157.240.200.60/31 5222
add all 157.240.201.60/31 5222
add all 157.240.202.60/31 5222
add all 157.240.203.60/31 5222
add all 157.240.204.60/31 5222
add all 157.240.205.60/31 5222
add all 157.240.206.60/31 5222
add all 157.240.207.60/31 5222
add all 157.240.208.60/31 5222
add all 157.240.209.60/31 5222
add all 157.240.210.60/31 5222
add all 157.240.211.60/31 5222
add all 157.240.212.60/31 5222
add all 157.240.213.60/31 5222
add all 157.240.214.60/31 5222
add all 157.240.215.60/31 5222
add all 157.240.216.60/31 5222
add all 157.240.217.60/31 5222
add all 157.240.218.60/31 5222
add all 157.240.219.60/31 5222
add all 157.240.220.60/31 5222
add all 157.240.221.60/31 5222
add all 157.240.222.60/31 5222
add all 157.240.223.60/31 5222
add all 157.240.224.60/31 5222
add all 157.240.225.60/31 5222
add all 157.240.226.60/31 5222
add all 157.240.227.60/31 5222
add all 157.240.228.60/31 5222
add all 157.240.229.60/31 5222
add all 157.240.231.60/31 5222
add all 157.240.232.60/31 5222
add all 157.240.233.60/31 5222
add all 157.240.234.60/31 5222
add all 157.240.235.60/31 5222
add all 157.240.236.60/31 5222
add all 157.240.237.60/31 5222
add all 157.240.238.60/31 5222
add all 157.240.239.60/31 5222
add all 157.240.240.60/31 5222
add all 157.240.241.60/31 5222
add all 157.240.242.60/31 5222
add all 157.240.243.60/31 5222
add all 157.240.244.60/31 5222
add all 157.240.245.60/31 5222
add all 157.240.246.60/31 5222
add all 157.240.247.60/31 5222
add all 157.240.248.60/31 5222
add all 157.240.249.60/31 5222
add all 157.240.250.60/31 5222
add all 157.240.251.60/31 5222
add all 157.240.252.60/31 5222
add all 157.240.253.60/31 5222
add all 157.240.254.60/31 5222
add all 163.70.128.60/31 5222
add all 163.70.129.60/31 5222
add all 163.70.130.60/31 5222
add all 163.70.131.60/31 5222
add all 163.70.132.60/31 5222
add all 163.70.133.60/31 5222
add all 163.70.134.60/31 5222
add all 163.70.135.60/31 5222
add all 163.70.136.60/31 5222
add all 163.70.137.60/31 5222
add all 163.70.138.60/31 5222
add all 163.70.139.60/31 5222
add all 163.70.140.60/31 5222
add all 163.70.141.60/31 5222
add all 163.70.142.60/31 5222
add all 163.70.143.60/31 5222
add all 163.70.144.60/31 5222
add all 163.70.145.60/31 5222
add all 163.70.146.60/31 5222
add all 163.70.147.60/31 5222
add all 163.70.148.60/31 5222
add all 163.70.149.60/31 5222
add all 163.70.150.60/31 5222
add all 163.70.151.60/31 5222
add all 163.70.152.60/31 5222
add all 163.70.153.60/31 5222
add all 163.70.154.60/31 5222
add all 163.70.155.60/31 5222
add all 163.70.156.60/31 5222
add all 163.70.157.60/31 5222
add all 163.70.158.60/31 5222
add all 163.70.159.60/31 5222
add all 179.60.192.49/32 5222
add all 179.60.192.51/32 5222
add all 179.60.193.60/31 5222
add all 179.60.194.53/32 5222
add all 179.60.194.54/32 5222
add all 179.60.195.49/32 5222
add all 179.60.195.51/32 5222
add all 185.60.216.53/32 5222
add all 185.60.216.54/32 5222
add all 185.60.217.53/32 5222
add all 185.60.217.54/32 5222
add all 185.60.218.53/32 5222
add all 185.60.218.54/32 5222
add all 185.60.219.60/31 5222
ProxySG(config proxy-services)# exit
Then create a CPL Layer in your VPM Policy and paste the code:
; ################# WHATSAPP BYPASS START #################
; Allow Whatsapp TCP tunnel
<Proxy>
service.name="Whatsapp" authenticate(no) ALLOW
; Disables authentication via Proxy
<proxy>
condition=WhatsappURLS authenticate(no) ALLOW
; Disables HTTP/2 for Whatsapp Websockets
<proxy>
condition=WhatsappWebsockets http2.client.accept(no) http2.server.request(no)
; Disables protocol detection
<proxy>
condition=WhatsappURLS detect_protocol(none)
; Disables http manipulation
<proxy>
condition=WhatsappURLS http.client.persistence(no) http.server.persistence(no) bypass_cache(yes) http.request.version(1.0) http.response.version(1.0) server_url.dns_lookup(ipv4-only)
; Disables ICAP scanning
<cache>
condition=WhatsappURLS request.icap_service(no) response.icap_service(no)
; Disables CACHE
<cache>
condition=WhatsappURLS pipeline(no) cache(no)
; Disables SSL-Interception, packet inspection
<ssl-intercept>
condition=WhatsappURLS ssl.forward_proxy(no)
; Disables servers SSL certificate validation
<SSL>
condition=WhatsappURLS server.certificate.validate(no)
define condition WhatsappURLS
; domains for the WHATSAPP
url.domain="web.whatsapp.com"
url.domain="mmg.whatsapp.com"
url.domain="graph.whatsapp.com"
url.domain="crashlogs.whatsapp.net"
url.domain="cdn.whatsapp.net"
url.domain="snr.whatsapp.net"
url.domain="wa.me"
url.domain="whatsapp.com"
url.domain="whatsapp.net"
url.domain="crl3.digicert.com"
url.domain="crl4.digicert.com"
url.domain="digicert.com"
url.domain="oscp.digicert.com"
url.domain="pps.whatsapp.net"
url.domain="fbcdn.net"
end condition WhatsappURLS
define condition WhatsappWebsockets
; domains for the websockets
client.connection.ssl_server_name.suffix=.whatsapp.com
client.connection.ssl_server_name.suffix=.whatsapp.net
end condition WhatsappWebsockets
; ################# WHATSAPP BYPASS END #################
Additional Information
PLEASE NOTE! If required on Transparent mode, please also enable outgoing traffic on port 5222 as Facebook recommends - https://developers.facebook.com/docs/whatsapp/guides/network-requirements/
If required, disable HTTP2 on the client browser
If you want to link the CPL code to existing combined object (ex.Whatsapp-users) for the users IP that are allowed to access Whatsapp, you'll need to add additional line to CPL:
<Proxy>client.address=Whatsapp-users service.name="Whatsapp" authenticate(no) ALLOW; Disables authentication via Proxy<proxy>client.address=Whatsapp-users condition=WhatsappURLS authenticate(no) ALLOW
[...]
If the above settings does not work:
- please create a static route to the Whatsapp IP ranges on intermediary devices so the traffic won't go via Proxy
- If running EXPLICIT mode the IP ranges or urls can be bypassed in PAC file
KB articles:
- WhatsApp Web Not working in SGOS version 7.3.6.1 and above - https://knowledge.broadcom.com/external/article?articleId=238579
- Websocket support - https://knowledge.broadcom.com/external/article/234070/websocket-support-on-edge-swg-formerly-p.html
- Whatsapp IP ranges: https://developers.facebook.com/docs/whatsapp/guides/network-requirements/ (Update 09/14/2023)
- PAC file reference: https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/cloud-swg/help/conn-matrix/conn-about-explicit/ref-sample-pac.html
Feedback
