UTM9 Web Server Protection with Websocket

Question

Hi, 
 I have an internal application, and more specifically MeshCentral and I am using UTM9 since I need to do SNI having just on public IP. 
 After creating the server and listener in UTM9 with Pass host header and Enable WebSocket passthrough options configured I would expect for my app to work. The thing is that the remote agent (over internet) cannot connect to my internal MeshCentral server. The agent is using websocket wss://fqdn:443 . 
 If I configure my firewall to bypass the UTM9 appliance and direct the 443 traffic directly to the MeshCentral server, then the remote agent pops-up in the console just fine. 
 With Nginx proxy this is double, but I don't know how to configure the below lines in UTM9 
 #Websocket Support 
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade ;
 proxy_set_header Connection "upgrade" ; 
 Any ideas? 
 
 Thanks, 
 
 Am văzut pe interior I ahve see on the in

Detected language : English

Costea Adrian · Answer

Just wanted to update the post since I have found the issue, and it is not form the UTM, maybe it will help someone. 
 The Mesh server checks the hash of the certificate that it issued to the agents, and since the certificate was coming from the UTM proxy it had a different one and the handshake was broken. I had to tell the Mesh server to check the proxy certificate and accept its hash ("certUrl": " ">https://domain.com:443") . From here one everything stat working. 
 provin de la coming from

Detected language : English

UTM9 Web Server Protection with Websocket

Top Replies