Edge SWG (ProxySG) handling Websocket traffic
search cancel

Edge SWG (ProxySG) handling Websocket traffic


Article ID: 259520


Updated On:


ProxySG Software - SGOS ISG Proxy Advanced Secure Gateway Software - ASG


The Internet Engineering Task Force (IETF) standardized the WebSocket protocol in 2011. WebSocket provides simultaneous two-way communications channels over a single TCP connection by detecting the presence of a proxy server and tunneling communications through the proxy.

Client (browser / application) expected behavior:

To upgrade an HTTP connection to a newer HTTP version or use another protocol such as WebSocket, a client sends a request with Upgrade, Connection, and other relevant headers. 

EdgeSWG (ProxySG) expected behavior:

Previous versions of SGOS did not allow WebSocket handshakes to complete, but supported versions allow the handshake to complete successfully. Supported versions also detects WebSocket traffic and allows administrators to perform specific policy actions.

When the EdgeSWG (ProxySG)  detects a WebSocket request in the HTTP/S request, the Active Sessions tab in the Management Console indicates that the traffic is WebSocket. Use the filter Protocol > WebSocket.


- SGOS/ASG OS 7.2.x, 7.3.x and later..

- WebSocket over HTTP/1.1


"Websocket" protocol in Active Session may only show if the request is SSL intercepted.   If HTTPS request is not SSL intercepted, the Edge SWG (ProxySG) would not have visibility on the request itself and should continue tunneling the websocket. 

Refer to SGOS 7.3.x documentation for further details how Edge SWG (ProxySG)  may tunnel or intercept a WebSocket protocol in explicit and transparent deployment.


EdgeSWG (ProxySG) running 7.3.x does not need additional configuration to support WebSocket over HTTP/1.1.   

However, "Websocket" protocol in Active Session may only show if the request is SSL intercepted. 

Additional Information

- For Websocket over HTTP/2, please see Article 234070 

- TCP_WEBSOCKET can be captured on access log using s-action field.

- Sample SSL intercepted Websocket request values from the access log fields:

  sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path    

   101 TCP_WEBSOCKET GET - https bogus.url.example.com 443 /sample/url/path/ws/