Sophos UTM 9.6 Webserver Protection (WAF) can now forward WebSocket connections to the Real Server. This means that web applications that require WebSocket for the function now work in connection with the UTM WAF. One of these applications is, for example, the Windows Admin Center, but the UniFi SDN Controller also uses WebSockets for certain features.
Although Websocket could be activated by editing the configuration files on the UTM for some time, the settings were overwritten if changes were made to the configuration via the WebGUI. However, it is now possible to pass through WebSockets in the WebGUI and the configuration is retained.
Here is a small configuration guide for the Windows Admin Center and the web server protection of Sophos UTM 9.601-5.
First of all, the server on which the Windows Admin Center was installed must be specified as the "Real Server":
A firewall profile is then required. The following filter rules must be excluded for the Windows Admin Center:
981203 960017 981173 981246 981204 981176 960015 960032
The remaining settings for the firewall profile can be seen in the screenshot:
Once the firewall profile and the real server have been created, the virtual web server can be created. The required certificate can be downloaded from the UTM directly from Let's Encrypt get. The settings for the virtual web server can be seen in the screenshot:
There is now a new route for the Windows Admin Center on the "Site-Path-Rounting" tab. Here you can now activate the passing through of websockets:
The configuration is now complete and can be tested, so far I have not noticed any problems:
Remote Desktop also works smoothly with Websockets and the UTM:
As already mentioned at the beginning, the UniFi SDN Controller also works in this way. The procedure is almost identical, only the exceptions in the firewall profile differ:
960015 981203 970003 960032
With these settings, the GUI of the UniFi Controller also loads without error messages:
Any other applications that use websockets can also be published in this way.