WhatsApp changed to use end-to-end encryption and the ProxySG appliance does not support the end-to-end encryption because WhatsApp does not run on standard SSL traffic. Please refer to the WhatsApp Security article which describes on security it used and as well on how the end-to-end encryption method works.
Although phones can be configured explicitly to use a proxy, WhatsApp does not use these settings and should be considered a transparent application only. Since that's the case, your only choice is to use Transparent Proxy to bypass WhatsApp traffic or configure the proxy to tunnel protocol errors.
You can configure the ProxySG appliance to allow WhatsApp traffic to pass through the appliance. To configure the appliance to allow WhatsApp traffic to pass though:
Create a service tunnel using TCP Tunnel on WhatsApp port 5222 and 5223
Configure the service tunnel to bypass decryption by the ProxySG appliance.
Note: Configuring the service tunnel to bypass encryption allows you to see the amount of WhatsApp traffic flowing through the appliance, but the ProxySG appliance cannot decrypt this traffic.
Alternatively, you can configure your ProxySG appliance to automatically bypass the next connection when the first attempt to establish a connection fails. To automatically bypass the next connection, click Configuration > Proxy Settings > General and select the Tunnel on Protocol Error box.
Imported Document ID: 000016859
Subscribing will provide email updates when this Article is updated. Login is required.