Skip to main content
Skip table of contents

How To: Use Filtering to Restrict WhatsApp Traffic

Keywords: EdgeOS, WhatsApp, Restrict WhatsApp, Traffic Policy

Objective

This How To Guide explains the user through the steps required to Restrict WhatsApp Traffic by Policy Rules using IP/Ports on the Edge Device.

1 Only WhatsApp Text Messaging Functionality

Only text messages will be allowed by this rule set.

1.1 Allow Only TCP Port 5222:

Create a rule to allow only TCP port 5222 for WhatsApp text messaging.

image-20240308-075847.png

1.2 Allow WhatsApp Domain Rule:

Configure a rule to allow traffic from WhatsApp domain i.e., (www.whatsapp.com).

image-20240308-080002.png

1.3 Allow Port 80 for HTTP Probing:

Add a rule to allow port 80 at lower data rates for HTTP probing (0.0.0.0/0:80).

image-20240308-080131.png

1.4 Implicit Deny:

Ensure there's an implicit deny rule at the end to block any unspecified traffic.

Note: Please follow the same order while configuring the rules.

image-20240308-080254.png

2 WhatsApp Messaging Functionality

It includes text, voice note and picture messages.

2.1 Allow WhatsApp Application Rule:

Configure a rule to allow traffic from WhatsApp domain i.e., (www.whatsapp.com).

image-20240308-080436.png

2.2 Allow Port 80 for HTTP Probing:

Add a rule to allow port 80 at lower data rates for HTTP probing (0.0.0.0/0:80)

image-20240308-080529.png

2.3 Implicit Deny:

Ensure there's an implicit deny rule at the end to block any unspecified traffic.

Note: Please follow the same order while configuring the rules.

image-20240308-080640.png

3 WhatsApp Voice Call Functionality

This rule set only allows voice calls, but currently the system can only specify port, not protocol (e.g. UDP exclusively). As a result, text messages are also functioning but not photo or audio messages.

3.1 Allow Only Port 3478:

Create a rule to allow only port 3478 for WhatsApp voice calls.

image-20240308-080805.png

3.2 Allow WhatsApp Domain Rule:

Configure a rule to allow traffic from WhatsApp domain.

image-20240308-080849.png

3.3 Allow Port 80 for HTTP Probing:

Add a rule to allow port 80 at lower data rates for HTTP probing (0.0.0.0/0:80).

image-20240308-080942.png

3.4 Implicit Deny:

Ensure there's an implicit deny rule at the end to block any unspecified traffic.

Note: Please follow the same order while configuring the rules.

image-20240308-081102.png

4 Full WhatsApp Functionality

All features of the WhatsApp will operate.

4.1 Allow WhatsApp Domain Rule:

Configure a rule to allow traffic from WhatsApp domain i.e., (www.whatsapp.com).

image-20240308-081259.png

4.2 Allow Specific Ports:

Create rules to allow the following ports:
TCP: 4244, 5222, 5223, 5228, 5242
TCP/UDP: 59234, 50318
UDP: 3478, 45395

image-20240308-081335.png

4.3 Allow Port 80 for HTTP Probing:

Add a rule to allow port 80 at lower data rates for HTTP probing (0.0.0.0/0:80)

image-20240308-081508.png

4.4 Implicit Deny:

Ensure there's an implicit deny rule at the end to block any unspecified traffic.

Note: Please follow the same order while configuring the rules.

image-20240308-081606.png

Conclusion

By following the above steps, you have successfully configured policy rules on the Edge device to restrict WhatsApp traffic based on different functionalities while allowing HTTP probing on port 80 to prevent “No Internet” alert on the user device.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close