TABLE OF CONTENTS

  • Product Details
  • Issue/ Problem
  • Impact
  • Solution
  • Best Practise
  • Summary


Product : Zscaler Internet Access

Component : Access Control

Version : 2.8.17  Build No. : 152.2



Issue/ Problem :


User cannot send/receive images when using Whatsapp Client downloaded from MS Store. The reason because the Whatsapp MS Store client using certificate pinning and it resolved to certain IP ranges which from Zscaler side, it resolved to different predefined category such as Professional Service, Internet Service, Social Networking etc. This is going to be issue if the customer enforce strict policy in the URL Filtering and SSL Inspection


Impact :

User cannot download or send images related to work and this disrupt daily work.


Solution : 


1. Create custom category for Whatsapp. Inside ZIA Portal. Go to Administration -> Custom Category -> Add URL Category

2. Add the Custom URL and Custom IP range as attached below[Whatsapp URL IP Whitelisting.txt]. NOTE: If there is no Custom IP Range feature, kindly open case and request to Zscaler for provisioning 

3. Click Save and Activate the changes.

4. Next, to create policy for SSL Bypass, go to Administration -> SSL Inspection. You may use one of the existing SSL Bypass policy and add the custom category Whatsapp under URL category criteria. in it. Example as below;


 


5. Click Save. Then Activate the changes.

6. Test to download and send images. By right user able to send/receive images now.