This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Websocket with WAF (Reverse Proxy) - since WSS protocol is not supported - how to setup infrastructure?

Hello,

I am a bit disoriented after some searching around and I some guidance as how to setup my infrastructure.

My UTM sits on the edge of a private LAN, which houses my (web)servers. I wanted to run "mattermost" from that LAN and as they use Websockets or wss protocol for "real-time" communication to the clients I ran into the wall that WAF (ReverseProxying) provides right now.

Goal:

I do not want to put it on any other port than 443.

 

DNATing it means that all traffic for 443 is captured and WAF is "dead" this very moment.

To have that working I will need a second IP to just serve this service/server.

 

So is there any other way?

I cant get my head around at having a Proxy Server like HAProxy (which can be made WSS aware) in front of the UTM with WAF.

 

Can anyone confirm that, Proxy in front of UTM, is a possible way to do it?

Or is their another way?

 

I appreciate your input.

Best

Sven



This thread was automatically locked due to age.