hi Brian,
How is this possible?
"UDP packets arriving at the View Security Server (or the View Desktop) with an invalid IPSec SPI or that cannot be authenticated with the key associated with the SPI will be discarded."
So, Invalid IPSec SPI or key gets dropped, only way of obtaining those is to pass authentication.
"The PCoIP (4172) channel can not be used to gateway PCoIP traffic without the user first authenticating and having entitlements to access virtual desktops"
So a PCoIP session is not actually established until the client passes authentication...
If you can demonstrate how a man in the middle attack is performed, please file a support request so we can properly engage our security team.
Thanks!
Wm