topic What's stored in the GlobalProtect encrypted cookie on the endpoint? in GlobalProtect Discussions

What's stored in the GlobalProtect encrypted cookie on the endpoint?

claner — Fri, 04 Feb 2022 23:32:15 GMT

Does anyone know what data is stored in the GlobalProtect authentication cookie?

Is it something like a session token, session data unique to that connected VPN session? Would it contain user credential information if it's not a pre-logon setup? I know it can be setup to only be accepted from the original endpoint IP it was issued to, but is there anything else keeping it from being used on another machine?

Re: What's stored in the GlobalProtect encrypted cookie on the endpoint?

Adrian_Jensen — Mon, 07 Feb 2022 15:30:44 GMT

I don't have any particular knowledge of what is in the auth cookie, but I believe it is just a cert-signed session token. I currently use auth cookies to handle login to multiple gateways (different IPs) from a single portal. Just use a unique cert for auth and copy it (and the private key) to multiple PAs.