Wireless Access

Hi, we have configure captiveportal authentication with user are able to login successfully and assign role as guest by controller but with this role user are using whatsapp.

 

cistomer want to block this application.

 

 

Kindly help to configure firewall policy in 3600 controller version 6.4.2.2

 

Regards,

 

Jayesh

#3600

You need to do the following :

- First enabled dns lookup

(MASTER-CONTROLLER) (config) #ip domain lookup

- Add a DNS server

(MASTER-CONTROLLER) (config) #ip name-server 192.168.1.103

 

"This will require a reboot to take effect"

 

- Then create a netdestination for whatsapp

(MASTER-CONTROLLER) (config) #netdestination WHATSAPP
(MASTER-CONTROLLER) (config-dest) #name *.whatsapp.com
(MASTER-CONTROLLER) (config-dest) #name *.whatsapp.net

 

- Create an ACL to block all traffic to that netdestination

(MASTER-CONTROLLER) (config) #ip access-list session WHATSAPP-ACL

(MASTER-CONTROLLER) (config-sess-WHATSAPP-ACL)#user alias WHATSAPP any deny

- Then apply this to your user-role

(MASTER-CONTROLLER) (config) #user-role guest

(MASTER-CONTROLLER) (config-role) #access-list session WHATSAPP-ACL position 1

 

 

 

 

we tried the same ACL but not working as we expect

 

Regards,

 

Jayesh

It is very difficult to block without deep packet inspection. They have designed it to get through most networks because of places like China.