This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LazarusG
Collaborator
Collaborator
Friday

web sockets

Hi

What support can Checkpoint offer for web sockets.

I must admit I have not encountered them before in my networking career.

Our customer has a proxy product that cannot granularly filter them and sends everything uninspected.

They have on-prem gateways.

If they bypass their proxy can we leverage https inspection/apcl/url filtering logic in the on-prem gateways to apply security policy to ws:// and wss:// sites?

Will the cloud WAF product be able to do this?

Thanks

 

0 Kudos
4 Replies
Danny
Champion Champion
Champion
Friday

WebSockets are everywhere. Many WebUI's heavily make us of them. Interactive online games, like LittleWarGame, wouldn't work without wss. I've created several tools to tinker with those nifty sockets. They are the hidden engine of many online communications these days.

0 Kudos
PhoneBoy
Admin
Admin
Friday

We support WebSocket in the context of Mobile Access Blade: https://support.checkpoint.com/results/sk/sk95311 
It appears CloudGuard WAF supports this also, but that's more for protecting the server side of this.

0 Kudos
LazarusG
Collaborator
Collaborator
13 hours ago
In response to PhoneBoy

Thanks - the official comment from the proxy vendor was that web sockets require a forward and reverse proxy function due to the protocol having the ability to switch/upgrade mid stream: they couldn't do it as the appliance was a forward proxy only. I know there is an application definition in Checkpoint,  but it would be more about how to exempt the web socket traffic from the main web traffic on the proxy to send it somewhere else I guess. WAF is interesting. Anyway the issue has left my support queue so it someone else problem now 🙂

0 Kudos
PhoneBoy
Admin
Admin
7 hours ago
In response to LazarusG

We do have reverse proxy functionality also, FYI: https://support.checkpoint.com/results/sk/sk110348 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events