In today's rapidly evolving digital landscape, ensuring secure, efficient, and real-time communication between clients and servers is paramount. Particularly for businesses deploying on-premise servers, navigating through additional security layers like Web Application Firewalls (WAFs) and HTTPS load balancers necessitates a sophisticated approach to maintaining seamless connectivity.
The Challenge with TCP Connections and SSL Termination
Splashtop Gateway leverages a unique privacy protocol to ensure data security and integrity. However, this specialized approach presents a challenge when SSL termination occurs at the WAF or load balancer level. The termination process disrupts the assembly of the TLS/SSL session, rendering it unrecognizable by our server. This incompatibility necessitates a shift to a more flexible and secure communication protocol like WebSocket, which can operate effectively even in these complex networking environments.
Configuring WebSocket Connections: A Step-by-Step Guide
*Please contact your Sales to enable WebSocket connection feature in your license.
Required Gateway version 3.28.2 with endpoints v3.6.8.0 or higher.
To facilitate a smooth transition and integration, let's delve into configuring WebSocket connections with some of the most popular WAFs and load balancers, namely F5 and Cloudflare.
F5 Big-IP:
1. Create a WebSocket Profile:
- Navigate to `Local Traffic` > `Profiles` > `Protocol` > `WebSocket`.
- Click `Create` and enter a name for the WebSocket profile.
2. Assign the Profile to a Virtual Server:
- Go to `Local Traffic` > `Virtual Servers`.
- Select the relevant virtual server and edit its properties.
- Under the `Profiles` tab, add the newly created WebSocket profile to ensure WebSocket traffic is properly handled.
Cloudflare:
1. Enable WebSockets
- Cloudflare supports WebSockets by default, but ensure the feature is enabled by navigating to the `Network` tab of your Cloudflare dashboard and confirming that the `WebSockets` toggle is activated.
2. Configure SSL/TLS
- Given the SSL termination challenge, ensure that the SSL/TLS encryption mode is set to `Full` or `Full (Strict)` to secure the WebSocket connections.
Conclusion
Transitioning to WebSocket connections in environments with WAFs or HTTPS load balancers is a strategic move towards enhancing the efficiency, reliability, and security of your on-premise server deployments. By understanding the configuration nuances for popular platforms like F5 and Cloudflare, organizations can ensure their infrastructure is not only protected by modern security measures but also optimized for the high-speed demands of today's digital interactions.