What's stored in the GlobalProtect encrypted cookie on the endpoint?
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-04-2022 03:32 PM
Does anyone know what data is stored in the GlobalProtect authentication cookie?
Is it something like a session token, session data unique to that connected VPN session? Would it contain user credential information if it's not a pre-logon setup? I know it can be setup to only be accepted from the original endpoint IP it was issued to, but is there anything else keeping it from being used on another machine?
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
02-07-2022 07:30 AM
I don't have any particular knowledge of what is in the auth cookie, but I believe it is just a cert-signed session token. I currently use auth cookies to handle login to multiple gateways (different IPs) from a single portal. Just use a unique cert for auth and copy it (and the private key) to multiple PAs.
