On Mon, Dec 18, 2017 at 8:47 AM, Daniel Lenski wrote:
> Unlike CSD, the HIP security checker runs during the connection phase, not
> during the authentication phase.
This is a rather vexing difference between the GlobalProtect "security
theater director" (HIP) and its
Unlike CSD, the HIP security checker runs during the connection phase, not
during the authentication phase. Therefore we need to build the CSD token
(an MD5 digest identifying the client) without relying on the authentication
phase having run in the same process. We build it from the cookie