- Under Citrix Policy, go to Policy
- In the middle pane, under Policies, modify an existing policy or create a new policy for external connections.
- In the right pane, click Actions > Edit Policy
- Edit Unfiltered window will appear, then type websock and hit Enter.
- Select WebSock trusted origin server list
- Enter the External URL //this is to allow external URL as a trusted URL
- Click OK
For internal connections, the policy for the web sockets is as follows :
Web Socket Connects – Allowed
Web Socket Port number – Default 8008
Web sockets trusted origin server – default *
The policy is assigned to all objects in the site.
WebSockets trusted origin server list
This setting provides a comma-separated list of trusted origin servers, usually Receiver for Web, expressed as URLs. Only WebSockets connections originating from one of these addresses is accepted by the server.
By default, the wildcard * is used to trust all Receiver for Web URLs.
On proxy-chaining (ProxySG), what is the best position in network to put Threat Isolation Proxy?
2 edges proxy available on this case, one proxy collecting session from clients, forwards it to another one proxy before reaching the internet.
My concerns are the websocket performance and policy management.
Reflection ZFE consists of a session server, a management server (Reflection Security Gateway), and the web client. Session allocation, authorization, and authentication are handled through the Reflection Security Gateway (RSG) Administrative WebStation.
The Reflection Management Server provides the engine that serves the sessions to all users that need to connect to your host data. The web client is a terminal emulator that can be accessed through a browser. Once assigned a session, your user has access to the host, provided they have browser access.
- Supported emulation types: 3270, 5250, VT/SSH
- Requires only a modern browser—no Java required for end users
- Centralized management of sessions
- Sessions can be assigned to all users, individual users, or groups
- Secure end-to-end connections via TLS/SSL
- Use of WebSockets to enhance real-time interaction with host
- Broad platform support
- Keyboard remapping
- Metering of sessions
If you encounter an issue in Reflection ZFE, contact Attachmate Technical Support.
- Recommended Browsers
- “Mixed content” error
When an administrator uses a mix of HTTP and HTTPS, connection requests are blocked and a “mixed content” error displays. To avoid this error:
- If Reflection Security Gateway is accessed via HTTP, then Reflection ZFE sessions must be accessed (create/edit) via HTTP.
- If Reflection Security Gateway is accessed via HTTPS, then Reflection ZFE sessions must be accessed (create/edit) via HTTPS.
- Cannot edit session while logged into Reflection ZFE in another tab
When creating or editing sessions in Reflection Security Gateway, it is best to log out of the Reflection ZFE server that will be used for creating or editing the session. Not doing so can lead to unexpected behavior during the create/edit process.
- Reflection Security Gateway (RSG) authentication session expires
See Technical Note 2779 for more information.
- Key Mapping
Certain keys on a numeric keypad and some browser-specific keys cannot be mapped. For example in Chrome, Ctrl+n and Ctrl+w cannot be mapped.
- Some antivirus software blocks WebSockets
Reflection ZFE requires a WebSocket connection between the web browser and the server. Antivirus software might prevent WebSocket connections, especially when ports 80 or 8080 are used. If you think your antivirus software may be preventing WebSockets, first try a different port. For troubleshooting, see http://websocketstest.com/.
- Sessions configured across multiple Reflection ZFE servers
When a Reflection ZFE session is created, a particular Reflection ZFE server is specified by the administrator. When that session is launched from the Links List, it will always be opened on the server specified by the administrator. If there are multiple session servers in the environment, this may lead to unexpected behavior.
- VT issues
The following issues may occur with VT sessions:
- Heavy text output, such as from “Is -IR” may cause slow performance.
- Scrolling regions may appear slow and/or choppy.
- Cursor movement may be slow and/or choppy.
- Internet Explorer is particularly slow, and performance degrades further when higher-than-default values are used for rows and columns.
- Graphical characters and some character sets are not supported.
- Some non-English characters may cause the terminal display to freeze.
Other VT issues
- A blinking rectangle is the only cursor style current supported.
- Insert/delete column (DECIC, DECDC) may fail.
- VT400 will not recognize DECSCL.
- In rare occasions, using VT102-style features with BCE, the left margin is displaced a few inches to the right.
- Pasting a string containing square brackets ‘[‘ or ‘]’ will fail.
- Pan Down (SU) and Pan UP (SD) Scroll Left (SL), and Scroll Right (SR) are not supported.
- Some VT320 Window Reports (such as DECTTC, DECTLTC, and DECRPDE) fail.
- Setting columns per page (DECSCPP) or lines per page (DECSLPP) may fail.
- Known hosts entries
Only ssh-rsa and ssh-dss are valid as public key types for Reflection Security Gateway known_hosts entries. Key types that contain the string “-sha2-256” are not recognized.
- Extraneous sessions may be launched when using the Links List
When a session is launched from the Reflection Security Gateway Links List, the resulting URL can lead to extra sessions being launched if the user refreshes the page or navigates away from Reflection ZFE and then returns to the session.
- Field Outline in a 3270 session
The 3270 attributes for field outlines are not fully supported. Reflection ZFE currently supports underline and overline; however, left vertical line, right vertical line, and combinations of the four line types are not yet supported.
- “(ECL1011) Error connecting to host: Connection to host failed.”
This misleading error message displays when a TLS/SSL connection to a host fails because the certificate was not added to the trusted certificate store. The error is not a connection issue; it is a certificate issue.
If you encounter this error, check the Reflection Security Gateway trusted certificate store. In Administrative Web Station, click Security Setup > Certificates tab. Scroll to View or modify certificates trusted by the terminal emulator applet. If the certificate is not listed, Import it.
- SSL 3.0 is disabled by default
For security reasons, enabling SSL 3.0 is not recommended. However, for hosts that absolutely require SSL 3.0, you can follow these steps to enable the protocol:
- Stop the applications or services that will be using SSL 3.0.
- Open <install_dir>/jre/lib/security/java.security in a text editor.
- Remove or comment out the line jdk.tls.disabledAlgorithms=SSLv3.
For more information, see https://www.attachmate.com/documentation/rzfe-1-0/rzfe-user/data/session_settings.htm#security_step3.
- TLS/SSL connections are disabled on machines using IBM JDK 7.1 or 8
See Technical Note 2780 for more information.
- Session connections are slow and may time out on some platforms when connecting to a host via TLS/SSL
See Technical Note 2781 for more information.
Obtaining the Product
After you purchase Reflection ZFE, the product is available to download from Attachmate Downloads: https://download.attachmate.com/. For more information on using the Download Library, see Technical Note 0200.
For information about purchasing or evaluating Reflection ZFE, please email SalesRecept@attachmate.com.
Installing the Product
For information about installing the product, see the Reflection ZFE Installation and Deployment Guide: http://www.attachmate.com/documentation/rzfe-1-0/rzfe-install/.
For more information about Reflection ZFE, see the Technical Resources page: http://support.attachmate.com/product/?prod=RZFE.
Here is a code that i found. This code does so what i want but it takes pre-recorded audio files which is not my requirment.
Can anybody please help me to achieve my required goal? Is there anybody who can provide some code sample of what i am willing to do? or can tell me how should i edit the above code so that it fulfills my requirement?
Its Urgent !! Please help !!
i have setup a was9 environment with java 8 for supporting a websockets application ( using cometd)
the applications works when i use the direct port of the application server ( port 9082)
but when i use IIS + plugin it returns a http code of 400.
i have installed websockets support into IIS but that didnt solved the question.
Do you know if the combination IIS+Plugin was9 , works for websockets?
(searched around and notice tat only works for apache based browsers – did it changed=)
1. In reading the [STT WebSocket API reference], I see a response value called `result_index`. This value seems to effectively indicate the number of `final: true` results that were returned. Is that a correct way of interpreting this value? Basically, once a result array containing `final: true` is returned, we’ll never see a `result_index` with that same value for the duration of the WebSocket connection, correct?
2. In what situations will the `results` array in `SpeechRecognitionEvent` ever contain more than one element? In all of the tests I’ve ran, I’ve only ever seen one item in the `results` array. It seems that there would ever only be one item in that array from what I can tell? Is it possible for non-final and final items to exist in this array at the same time?
(1) The application server stops without any reason, and it prompts that I don’t have the permission when I was trying to restart it. However, the app restarts itself after 10 minutes.
(2) The app URL is not accessible sometimes. Restarting app works.
(3) We have Watson Speech to Text service attached to the app. The voice data is transferred through WebSocket, by using the app hosted in bluemix, the returned text appear broken sometimes. This issue got resolved after a while. To narrow down this issue, when it occurs, we quickly switch to the local host with the same speech-to-text service, it works fine.
Any advice? Thanks.