SSL issue

*** For more tips, answers, and tutorials, check out our knowledge center here***

Awesome Table is powered by Firebase, a platform provided by Google to deploy web and mobile apps.

As of August 2016, Google has issued a new SSL certificate for all apps hosted by Firebase, causing issues with firewalls like FortiGate.

The issue appears to be linked to the number of SANs in the certificate, which is almost a thousand. We don't know if Google is going to change something here.

Solution

If you are a Fortinet user, you can enable/check "Inspect All Ports" in Policy & Objects > Policy > SSL/SSH Inspection > [your policy].

Explanation: when "Inspect All Ports" is DISABLED (you're scanning specific ports), the FortiGate's proxyworker process is doing the SSL Inspection. The proxyworker isn't able to handle all of those SANs. However, if "Inspect All Ports" is ENABLED, SSL Inspection gets offloaded to the IPS Module, which is able to handle that number of SANs just fine.

Another solution is to write firewall rules to allow traffic with no certificate inspection for cdn.firebase.com (151.101.44.249), firebase.com and awesome-table.com (23.235.33.171 and 23.235.37.171).

Many thanks to Aaron Moreno for his investigation and explanations. You can read this post on our G+ community to learn more about the issue and proposed solutions.