WebSocket Protocol Support

The Mobile Access Check Point Software Blade on a Security Gateway that provides a Remote Access VPN access for managed and unmanaged clients. Acronym: MAB. Software Blade Specific security solution (module): (1) On a Security Gateway, each Software Blade inspects specific characteristics of the traffic (2) On a Management Server, each Software Blade enables different management capabilities. supports Web applications using the WebSocket protocol (RFC 6455). Some 3rd-party applications provide RDP/VDI capabilities for browsers supporting HTML5 and WebSocket without requiring a pre-installed RDP/VDI client. For details, see sk95311.

The Mobile Access Software Blade Guacamole-based Clientless RDP-SSH support also leverages WebSocket capabilities.'

For WebSocket system requirements, see sk95311.

Check Point appliances can support hundreds of concurrent WebSocket users. The amount depends on the power of the appliance and their deployment (Load Sharing an appliance cluster Two or more Security Gateways that work together in a redundant configuration - High Availability, or Load Sharing. can support more users). To get the best appliance that best suits your needs, contact your Check Point sales engineer.

Using WebSocket

To use WebSocket support:

Create a regular Web application to the WebSocket server.

• Make sure to include the port used for the WebSocket connection in the Authorized Locations of the Web application.

• The Web applications related to the WebSocket application must use Path Translation as their Link Translation method. It can be inherited from the Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. setting or configured in the Web application.

Monitoring WebSocket

To monitor WebSocket connections:

1. Connect to the command line on the Security Gateway.

2. Log in to the Expert mode.

3. Run:

   PingerAdmin report type ws

   Alternatively, to see all connections currently handled by the Pinger daemon (such as ActiveSync push), run:

   PingerAdmin report all