We are using Guacamole HTML5 Remote Desktop functionality in our application. However once we deployed Guacamole server and our customers tried accessing it from their corporate network, they have been reporting connectivity issues.
It turns out that most of the anti-virus softwares (Bitdefender, AVG etc...) are blocking access to Guacamole server through their SSL scanning feature. If we disable SSL scanning then our customers are able to connect to Guacamole server. However we cannot expect our client to permanently turn off SSL Scanning from their anti-virus software.
We also figured out that Guacamole creates an HTTP tunnel and the JS client constantly sends read and write requests. These read/write requests are of type application/octet-stream. Most of the firewall block application/octet-stream and our guess it that SSL Scanning feature in anti-virus software is also blocking because of this MIME type.
We would like to know if there is any workaround to prevent anti-virus from blocking Guacamole traffic without turning of SSL Scanning feature. We would appreciate any help, feedback or suggestions in this regard.
I was able to figure out a solution with the help from Guacamole support team. We were not using latest version of NGINX and Tomcat on our Guacamole server. Once we upgraded to latest version of these softwares, entire communication started using websockets. This also fixed all issues we were facing with anti-virus softwares.