Auto tunneling of WebSocket Traffic

For web applications using WebSockets for communication, the Tunnel WebSocket Traffic option makes it possible to automatically tunnel WebSocket traffic, significantly reducing the need to add SSL decryption bypasses when SSL Inspection is enabled.

Note: Auto-tunneling applies only to the Web Socket traffic for that web application. Regular HTTP/S traffic for that web application will still be subject to inspection.

Using this option, cloud web administrators can enable or disable WebSocket auto- tunneling at the individual policy level allowing for phased roll-out.

To enable or disable the auto tunneling of web socket traffic:

Steps

  1. Navigate to Web > Policies > policy name > Web Categories > Tunnel WebSocket Traffic.
  2. Set the Automatically tunnel all WebSocket traffic for this policy option to ON or OFF.
    Note:

    The default value is OFF.

    SSL Inspection bypasses may still be needed:

    1. If the application is using pinned certificates
    2. If the application’s best practice recommendation is to bypass SSL inspection generally
    3. If inspection of the application’s regular HTTPS traffic causes the application to be blocked due to policy settings that you do not wish to apply