I have an internal application, and more specifically MeshCentral and I am using UTM9 since I need to do SNI having just on public IP.
After creating the server and listener in UTM9 with Pass host header and Enable WebSocket passthrough options configured I would expect for my app to work. The thing is that the remote agent (over internet) cannot connect to my internal MeshCentral server. The agent is using websocket wss://fqdn:443.
If I configure my firewall to bypass the UTM9 appliance and direct the 443 traffic directly to the MeshCentral server, then the remote agent pops-up in the console just fine.
With Nginx proxy this is double, but I don't know how to configure the below lines in UTM9
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Please insert pictures of the Edits of the Virtual and Real Server definitions. Also, copy here the lines from the Webserver log when this access is not allowed.
Does Karlos suggestion help?
If you have a paid subscription, please open a support ticket and share here what Sophos has to say about this issue which I thought was fixed last year.
Cheers - Bob
Thanks for getting by.
After more investigation I kind of have the feeling the problem is not in the UTM9 proxy because if I disconnect the internal server network adapter and restart the remote agent in order to force it to reconnect, I can see in the UTM logs that the proxy module is trying to forward the agent request to the server's internal IP but it fails (since it is disconnected).
If I connect the adapter back and restart the remote agent again, I see nothing in the logs even tough I should still have some pass lines here, but it is empty.
Unfortunately I cannot upload the images here that I have taken from the UTM, I keep getting an empty box during upload, but I have uploaded them here https://imgur.com/a/g5JELbw
Let me know your thoughts,