Cannot sync Google Drive when SSL interception is enabled on ProxySG appliance 

book

Article ID: 169125

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

Users cannot sync Google Drive when SSL interception is enabled on ProxySG appliance.

The only solution is to bypass SSL Interception for these connections. This applies to both transparent and explicit connections.
 

Cause

This occurs because SSL certificate validation is done by the Google Drive application. Because the certificate used for SSL Interception is either self-signed or issued by a locally-signed CA, Google Drive certificate validation fails.

 

If there is an SSLV involved, you may need to ensure this device is set to cut through this traffic. If this solution does not resolve the issue, see if the SSLV SSL Connections are erroring.

Resolution

Add the following CPL to ProxySG policy:

- For Explicit

define url.domain condition GoogleDrive 
googledrive.com 
ssl.google-analytics.com 
s.ytimg.com 
googleapis.com 
googleusercontent.com 
gstatic.com 
google.com 
end 

<proxy>
condition=GoogleDrive authenticate(no) detect_protocol(none) allow

 

 

- For Transparent

define url.domain condition GoogleDrive 
googledrive.com 
ssl.google-analytics.com 
s.ytimg.com 
googleapis.com 
googleusercontent.com 
gstatic.com 
google.com 
end 

define condition GoogleDriveSSL
server.certificate.hostname.substring=googledrive.com 
server.certificate.hostname.substring=ssl.google-analytics.com 
server.certificate.hostname.substring=s.ytimg.com 
server.certificate.hostname.substring=googleapis.com 
server.certificate.hostname.substring=googleusercontent.com 
server.certificate.hostname.substring=gstatic.com 
server.certificate.hostname.substring=google.com 
end 

<proxy>
condition=GoogleDrive authenticate(no) allow

<ssl-intercept> 
condition=GoogleDriveSSL ssl.forward_proxy(no)