topic Re: CSRF Protection in General Topics

CSRF Protection

Jatin.Singh — Wed, 26 Feb 2020 07:33:26 GMT

GlobalProtect portal page isn't protected by anti-CSRF tokens. Is it possible to add this protection?

Re: CSRF Protection

reaper — Wed, 26 Feb 2020 08:50:35 GMT

the portal is never used in a browser unless to download the agent one time. you could disable the portal externally if you find your users continually logging on for no reason?

Re: CSRF Protection

hshawn — Wed, 26 Feb 2020 20:42:59 GMT

@reaper Hmm, What about clientless VPN?

Re: CSRF Protection

DanielS.Romero — Fri, 14 Jul 2023 17:29:16 GMT

Hi dear, how you're today?
I wanna to ask you about the vulnerability known as CSRF (Cross-Site Request Forgery) in the portal of Global Protect in a web browser in a NGFW I have this problem,
Do you know of a possible solution to this problem or a guide to avoid this problem?

Thanks you for your help,

Sincerely.