Cannot sync Google Drive when SSL interception is enabled on ProxySG appliance
Article ID: 169125
Updated On:
Products
Issue/Introduction
Users cannot sync Google Drive when SSL interception is enabled on ProxySG appliance.
The only solution is to bypass SSL Interception for these connections. This applies to both transparent and explicit connections.
Cause
This occurs because SSL certificate validation is done by the Google Drive application. Because the certificate used for SSL Interception is either self-signed or issued by a locally-signed CA, Google Drive certificate validation fails.
If there is an SSLV involved, you may need to ensure this device is set to cut through this traffic. If this solution does not resolve the issue, see if the SSLV SSL Connections are erroring.
Resolution
Add the following CPL to ProxySG policy:
- For Explicit
define url.domain condition GoogleDrive
googledrive.com
ssl.google-analytics.com
s.ytimg.com
googleapis.com
googleusercontent.com
gstatic.com
google.com
end
<proxy>
condition=GoogleDrive authenticate(no) detect_protocol(none) allow
- For Transparent
define url.domain condition GoogleDrive
googledrive.com
ssl.google-analytics.com
s.ytimg.com
googleapis.com
googleusercontent.com
gstatic.com
google.com
end
define condition GoogleDriveSSL
server.certificate.hostname.substring=googledrive.com
server.certificate.hostname.substring=ssl.google-analytics.com
server.certificate.hostname.substring=s.ytimg.com
server.certificate.hostname.substring=googleapis.com
server.certificate.hostname.substring=googleusercontent.com
server.certificate.hostname.substring=gstatic.com
server.certificate.hostname.substring=google.com
end
<proxy>
condition=GoogleDrive authenticate(no) allow
<ssl-intercept>
condition=GoogleDriveSSL ssl.forward_proxy(no)
Feedback
