https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256847#M134 <P>Thanks - the official comment from the proxy vendor was that web sockets require a forward and reverse proxy function due to the protocol having the ability to switch/upgrade mid stream: they couldn't do it as the appliance was a forward proxy only. I know there is an application definition in Checkpoint,&nbsp; but it would be more about how to exempt the web socket traffic from the main web traffic on the proxy to send it somewhere else I guess. WAF is interesting. Anyway the issue has left my support queue so it someone else problem now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 09 Sep 2025 08:41:14 GMT LazarusG 2025-09-09T08:41:14Z https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256653#M131 <P>Hi</P><P>What support can Checkpoint offer for web sockets.</P><P>I must admit I have not encountered them before in my networking career.</P><P>Our customer has a proxy product that cannot granularly filter them and sends everything uninspected.</P><P>They have on-prem gateways.</P><P>If they bypass their proxy can we leverage https inspection/apcl/url filtering logic in the on-prem gateways to apply security policy to ws:// and wss:// sites?</P><P>Will the cloud WAF product be able to do this?</P><P>Thanks</P><P>&nbsp;</P> Fri, 05 Sep 2025 10:20:05 GMT https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256653#M131 LazarusG 2025-09-05T10:20:05Z https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256665#M132 <P>WebSockets are everywhere. Many WebUI's heavily make us of them. Interactive online games, like LittleWarGame, wouldn't work without wss. I've created several tools to tinker with those nifty sockets. They are the hidden engine of many online communications these days.</P> Fri, 05 Sep 2025 14:57:34 GMT https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256665#M132 Danny 2025-09-05T14:57:34Z https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256672#M133 <P>We support WebSocket in the context of Mobile Access Blade:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk95311" target="_blank">https://support.checkpoint.com/results/sk/sk95311</A>&nbsp;<BR />It appears CloudGuard WAF supports this also, but that's more for protecting the server side of this.</P> Fri, 05 Sep 2025 16:40:13 GMT https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256672#M133 PhoneBoy 2025-09-05T16:40:13Z https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256847#M134 <P>Thanks - the official comment from the proxy vendor was that web sockets require a forward and reverse proxy function due to the protocol having the ability to switch/upgrade mid stream: they couldn't do it as the appliance was a forward proxy only. I know there is an application definition in Checkpoint,&nbsp; but it would be more about how to exempt the web socket traffic from the main web traffic on the proxy to send it somewhere else I guess. WAF is interesting. Anyway the issue has left my support queue so it someone else problem now <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Tue, 09 Sep 2025 08:41:14 GMT https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256847#M134 LazarusG 2025-09-09T08:41:14Z https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256899#M135 <P>We do have reverse proxy functionality also, FYI:&nbsp;<A href="https://support.checkpoint.com/results/sk/sk110348" target="_blank">https://support.checkpoint.com/results/sk/sk110348</A>&nbsp;</P> Tue, 09 Sep 2025 15:15:00 GMT https://community.checkpoint.com/t5/Browse/web-sockets/m-p/256899#M135 PhoneBoy 2025-09-09T15:15:00Z