Hot!Google Drive Application will not Sync/Unable to Connect

Author
creserva
New Member
  • Total Posts : 13
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/03/16 09:32:42
  • Status: offline
2014/08/26 12:17:46 (permalink)
0

Google Drive Application will not Sync/Unable to Connect

When Deep SSL is turned on. I have added Google Drive on Application Sensors, Added on WebFilter drive.google.com with exempt and it still unable to sync. Please advise. Thank you
< Message edited by creserva -- 8/26/2014 12:24:37 PM >
#1

6 Replies Related Threads

    Warren_Olson_FTNT
    Gold Member
    • Total Posts : 131
    • Scores: 3
    • Reward points: 0
    • Joined: 2014/06/05 06:57:10
    • Status: offline
    RE: Google Drive Application will not Sync/Unable to Connect 2014/08/26 12:26:40 (permalink)
    0
    Are you saying you have the rest of *.google.com blocked using webfilter? Google uses a wildcard SSL certificate so if you block google.com it is likely going to block every google site since they all share the same cert over SSL.
    #2
    creserva
    New Member
    • Total Posts : 13
    • Scores: 0
    • Reward points: 0
    • Joined: 2012/03/16 09:32:42
    • Status: offline
    RE: Google Drive Application will not Sync/Unable to Connect 2014/08/26 13:03:30 (permalink)
    0
    No! *.google.com is not blocked. it similart to this http://docs-legacy.fortinet.com/fos50hlp/50/index.html#page/FortiOS%205.0%20Help/misc_utm_chapter.158.21.html

    So I thought adding drive.google.com will allow Google Drive Applications sync. I can visit drive.google.com via web but the applications is not connecting exept turning off SSL Deep Scanning.
    < Message edited by creserva -- 8/26/2014 1:03:55 PM >
    #3
    JerryPWhite_FTNT
    New Member
    • Total Posts : 8
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/12/08 16:16:44
    • Status: offline
    Re: Google Drive Application will not Sync/Unable to Connect 2015/05/27 13:07:29 (permalink)
    0
    I found this to be a workaround but it appears you will be setting the application to http instead of https so if it's secure data it wouldn't be a wise idea.
     
    When SSL Decryption is enabled for a site like drive.google.com, the secure connection in the Google Drive app will break due to an invalid security certificate. Unfortunately, the app uses its own certificate instead of sharing the browser’s certificate store. This is known as certificate penning. There is no way to modify the certificate or add certificates in the app itself. The work around, however, is fairly simple. The invalid certificate can be ignored by adding a switch when running the app. The methods below have been tested and seem to be viable.

    Use any of the following three methods to activate the switch.

    1.  Edit the shortcut for the Google Drive and add the switch at the end:
          Change C:\Program Files\Google\Drive\googledrivesync.exe to C:\Program Files\Google\Drive\googledrivesync.exe" --unsafe_network
     
    2.  Open a command prompt and navigate to the folder where Google Drive is installed.
          At a prompt, run googledrivesync.exe --unsafe_network

    3.  You can also push out a registry entry change if Drive Sync is auto starting
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\GoogleDriveSync].
    Add the value -unsafe_network after the quote as shown below.

    "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" --unsafe_network
    /autostart

     
    source = http://support.iboss.com/...ve-desktop-application
    #4
    pmit
    New Member
    • Total Posts : 6
    • Scores: 0
    • Reward points: 0
    • Joined: 2015/04/03 08:03:01
    • Status: offline
    Re: Google Drive Application will not Sync/Unable to Connect 2015/10/27 07:52:21 (permalink)
    0
    You must start Google Drive sync with
    googledrivesync.exe --unsafe_network
    #5
    fran1942
    Bronze Member
    • Total Posts : 28
    • Scores: 0
    • Reward points: 0
    • Joined: 2016/12/21 21:56:19
    • Status: offline
    Re: Google Drive Application will not Sync/Unable to Connect 2017/01/31 13:38:36 (permalink)
    0
    Hello,  this is fine, but I would like to understand why the SSL deep packet exemption for 'Google Drive' doesn't seem to work. If it did, then there would be no need to run the Google Drive app in 'HTTP' mode.
    So, what actually is the purpose of the 'Google Drive' SSL deep packet exemption entry that I see there ? i.e. why are we forced to use HTTP mode ?
    Thank you kindly.
    post edited by fran1942 - 2017/01/31 13:48:22
    #6
    dmilagros_FTNT
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/13 11:13:21
    • Status: offline
    Re: Google Drive Application will not Sync/Unable to Connect 2019/06/26 06:11:06 (permalink)
    0
    fran1942
    Hello,  this is fine, but I would like to understand why the SSL deep packet exemption for 'Google Drive' doesn't seem to work. If it did, then there would be no need to run the Google Drive app in 'HTTP' mode.
    So, what actually is the purpose of the 'Google Drive' SSL deep packet exemption entry that I see there ? i.e. why are we forced to use HTTP mode ?
    Thank you kindly.




     
    • Application did not work due a certificate error.  This issue occurs due the drive.google.com site having SSL Decryption enabled, so the Google secure connection for Google Drive app will detect an invalid security certificate. If the FortiGate does not have a valid certificate, the application will not work. Which is this case. Google Sync and Backup desktop application was waiting for google certificate instead of FortiGate certificate.
    • This is because when SSL Decryption is enabled, the FortiGate device receives the external site's certificate and sends its own self-signed certificate to the end client. 
    • When the Google Drive client software, installed on a desktop, attempts to connect to the Google server, it expects to receive a valid certificate from the Google server. With SSL decryption enabled, the Google Drive client receives an untrusted certificate from the FortiGate device and the connection ultimately fails.
    • Google has provided an option to bypass the certificate validation by using a switch “--unsafe_network”.
    • This workaround does not compromise the end client security and data because the certificate bypass is done between the FGT and client, when FortiGate has decrypted the data and it is in the process to deliver it to the client.
    Check references below:
    https://kb.fortinet.com/kb/viewContent.do?externalId=FD36816
    #7
    Jump to:
    © 2019 APG vNext Commercial Version 5.5