Using websockets relies on a proxy that doesn't pass just the headers/body, but instead sends all packets in both directions. Nginx proxies do this, Apache requires a special proxy module.

Firewalls don't typically care, since it's effectively a long lived HTTP request, unless it digs into all of the packets and filters there.