Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

[Solved] Unable to access Fireabaseapp SSL website when ssl inspection is On


We are using theXS Mapping Sheets Google Apps plugin which used to work fine until tuesday 16th of august.

Since then, wen we try to connect, we get an SSL error.


Using openssl: here is what we get : 

openssl s_client -connect
139984351467176:error:14077419:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert access denied:s23_clnt.c:749:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 290 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

Our web connexion is using a Fortinet 100D installed on the begining of july.


- If I try this app not using the Fortigate unit (we also have an old Netgear),  it works fine.

- Qualys SSL test shows a score of A+ for this domain.

- If I disable SSL inspection (check certificate only, no full inspection) on the LAN to WAN policy, the site works fine.

- We don't block anything on our Fortigate for web, app and ssl inspection.

- I can't find any special event in the Fortigate saying that this site is blocked (in attachment is an event corresponding to the problem)


Do you have any idea on how to solve this problem ? Ididn't find a way to bypass SSL inspection for specific domains.


Thank you for your help,






Esteemed Contributor III

Did  you try various TLS versions?




curl -L -v -k https://x.x.x.x. --tlsv1.1 ( or 1.2 or 1.0  or even worse --sslv3 )


Did you run the cli  diag debug flow and see what's the report function and error message(s)?


I bet the 1st part will give you a clue if it's tls version related




PCNSE NSE StrongSwan
New Contributor

It seems to be known problem between Fortigate and Firebaseapp :


According to this post, it's due to the fact that the certificate has too many SANs.


Bu the way, I forgot to mention that my Fortigate 100D has 5.2.8 firmware.

New Contributor

The solution to enable "inspect all ports" solved the problem has stated in the attached post.


Top Kudoed Authors