Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems includes receiving a plurality of network packets. Metadata comprising state information for the received plurality of network packets is generated. The generated metadata is inserted into the received plurality of network packets or a cloned version of the plurality of network packets. A network diagnostic operation is performed on the received plurality of network packets based on the inserted metadata into the received plurality of network packets or the cloned version of the plurality of network packets.

Abstract: Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems includes receiving a plurality of network packets. Metadata comprising state information for the received plurality of network packets is generated. The generated metadata is inserted into the received plurality of network packets or a cloned version of the plurality of network packets. A network diagnostic operation is performed on the received plurality of network packets based on the inserted metadata into the received plurality of network packets or the cloned version of the plurality of network packets.

Abstract: A method, non-transitory computer readable medium and device that assists with managing L7 network classification includes receiving a request to access a service by a mobile computing device. Next, application layer network traffic from the requesting mobile computing device is classified based on mobile data associated with the requesting mobile computing device. One or more actions are performed based on the classification.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that facilitates multipath transmission control protocol (MPTCP) based session migration. The primary network traffic management apparatus migrates the MPTCP session state data associated with a client-server pair flow transactions to a secondary traffic management apparatus. The primary traffic management apparatus then disconnects the first connection for the client-server pair flow transactions and the secondary traffic management apparatus establishes a second connection to continue with the processing of client-server pair flow transactions without introducing application faults.

Abstract: Methods, non-transitory computer readable media, and network traffic management apparatuses that obtain one or more custom selection rules and one or more custom priority rules via a graphical user interface (GUI). One or more of the custom selection rules are applied to a cipher suite database to generate a result set of cipher suites. The cipher suite database includes a plurality of cipher suite sets. One or more of the custom priority rules are applied to the result set of cipher suites to generate an ordered result set of cipher suites. A cipher string is generated based on the ordered result set of cipher suites. The cipher string is stored in a secure socket layer (SSL) profile to be used during negotiation of secure network sessions.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that monitor at least one TCP connection. A determination is made when an established configuration for the TCP connection requires modification based on the monitoring. The established configuration corresponds to utilization of Nagle's algorithm for the TCP connection. The established configuration is automatically modified to enable or disable utilization of Nagle's algorithm for the TCP connection, when the determination indicates that the established configuration requires modification. By automatically toggling utilization of Nagle's algorithm for a TCP connection, the TCP connection can advantageously be dynamically optimized with this technology with respect to performance metrics such as latency and bandwidth efficiency.

Abstract: Methods, non-transitory computer readable media, and network traffic manager apparatus that assists with managing a federated identity environment based on application availability includes identifying a current status of one or more applications. Next, a response to a received request is generated based on the identified current status and a status of user authentication, wherein the generated response comprises an access token and a notification message corresponding to the identified current status. The generated response is provided to the client.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that identify a first service based on inspection of a message received from a server. The message is associated with a flow between a client and the server. The first service is incorporated in, or removed from a service chain associated with the flow. The message, or other received network traffic associated with the flow, is then steered according to the service chain. With this technology, network traffic can advantageously be processed and steered according to services within a service chain that more accurately reflect the communications occurring within particular flows with this technology. In particular, service chains for flows can advantageously be established or modified to account for server-speaks-first protocols, as well as protocols that may be used inside secure or encrypted connections.

Abstract: A method, non-transitory computer readable medium, and access policy manager (APM) device that provides access to applications hosted by server computing devices to client computing devices each associated with an authenticated user. Interactions of the client computing devices with the applications are monitored to obtain usage statistics. The usage statistics are correlated with identifying information for each of the authenticated users or an indication of each of the applications. Notification rule(s) or parameter(s) of a request for information are applied to the correlated usage statistics. Based on the applying, a notification is sent to one or more of the client computing devices or at least a portion of the correlated usage statistics is sent to at least one of an application administrator or an APM administrator.

Abstract: Methods, non-transitory computer readable media, rendezvous gateway (RG) apparatuses, and network security systems that send an RG synchronization message (SYN) to an application in a secure domain following receipt, from a client, of a client SYN comprising an indication of the application. A rendezvous agent (RA) SYN is received, via a firewall coupled to the security domain and in response to the RG SYN, from an RA in the secure domain. A first RG synchronization-acknowledgement message (SYN+ACK) is sent to the client in response to the client SYN. A second RG SYN+ACK is sent, via the firewall, to the RA in response to the RA SYN. The RA is notified of receipt of a client acknowledgement message (ACK) from the client. An RA ACK is received, from the RA and via the firewall, in response to the notification, to thereby establish a full connection between the client and the application.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that send a server response to a client request from a requesting client device to a service chaining device. A modified server response from the service chaining device is received based on a correlation of the server response to one or more service policies. A determination is made on whether the modified server response requires additional processing by one or more additional service chaining devices based on the modified server response. The processed server response is received from the one or more additional service chaining devices when the determination indicated processing was required. The processed server response is transmitted to the requesting client device.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists secured SCEP enrollment of client devices includes receiving a certificate signing request and an encrypted device key from an enrolled mobile device. The received certificate signing request is forwarded to a simple certificate enrollment protocol server upon determining a validity of the received encrypted device key. A signed device certificate is received from the simple certificate enrollment protocol server as a response to the forwarded certificate signing request. The secured simple certificate enrollment protocol enrollment is completed forwarding the signed device certificate to the enrolled mobile device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that obtain an assigned Internet Protocol (IP) address from a DHCP server in response to an address request received from a client. One of a plurality of processing cores, on which a traffic management process is executing, is identified. The assigned IP address is modified based on the identified processing core. The modified IP address is sent to the client in response to the received address request. With this technology, connections associated with a same subscriber can advantageously be disaggregated to the same traffic management process.

Abstract: Methods, non-transitory computer readable media, and mobile application manager apparatus that assists with enhancing enforcement on compliance based on security violations includes obtaining security violation data associated with a plurality of enrolled mobile devices and identifying one or more of the plurality of enrolled mobile devices causing one or more security violations based on the obtained security violation data. One or more compliance policies are updated based on the obtained security violation data. A compliance check is performed on the identified one or more enrolled mobile devices causing the one or more security violations based on the updated one or more policies and initiating one or more compliance correction actions on the identified one or more enrolled mobile devices causing the one or more security violations.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems performing load balancing in a federated identity environment. An enhanced identity service provider server receives a redirected user authentication from a client device. Upon successfully authenticating the user of the client device a token is generated. Further another service provider server is selected based on a comparison of one or more network parameters and the client device is redirected with the token to the another selected service provider server. Based on a validation of the token the client device accesses applications protected by the selected another service provider server.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that determine when an event has occurred. The event is defined in an obtained rule and is associated in the rule with a key. The key is attached to a connection associated with received network traffic that triggered the event, when the determining indicates that the event has occurred. The connection is associated with a first layer, the key comprises an input string value or corresponds to a portion of data associated with a second layer associated with the network traffic, and the second layer is different from the first layer. The connection is then monitored to obtain statistics for the connection and store or report the statistics as associated with the key.

Abstract: A method, non-transitory computer readable medium, and device that provides multi-path TCP (MPTCP) proxy options includes receiving a SYN packet comprising one or more MPTCP options as a request for a new TCP connection. A new SYN packet including information from the received SYN packet is generated and the generated new SYN packet is forwarded to the server. A SYN acknowledgement including information associated with one or more supported MPTCP options is received from the server. A new SYN acknowledgement packet including the information from the received SYN acknowledgement is generated and forwarded to the requesting client computing device.

Abstract: Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that generate a duration corresponding to a current one of a plurality of states in a TCP connection. The duration is generated based on a difference between a stored time recorded at a previous transition to the current one of the states and a current time. The duration is stored or output as associated with the current one of the states. The stored time recorded at the previous transition to the current one of the states is then replaced with the current time. A determination is made when one or more TCP configurations should be modified based on the duration for the current one of the states. The one or more TCP configurations are automatically modified to improve TCP performance, when the determining indicates that the one or more TCP configurations should be modified.

Abstract: A method, non-transitory computer readable medium, and application management computing device that obtains a segment of streaming video content from a server device in response to a request for the segment received from a client device. One or more static or dynamic parameter values associated with the streaming video content are determined. A segment quality of experience (QOE) score is generated for the segment based on one or more of the static or dynamic parameter values. A session identifier is extracted from the request or from a response from the server device that includes the segment. A video QOE score is generated for the streaming video content based on the segment QOE score and another segment QOE score for another segment of the streaming video content retrieved from a record of a session database associated with the session identifier. The video QOE score is output.

Abstract: A method, non-transitory computer readable medium, and traffic management computing device that allocates a subset of tokens to active subscribers based on an estimated number of subscribers that will be active in a next sampling period. A request to transmit a first packet is received from one of the active subscribers. A determination is made when a current time is prior to an expiration of the allocated subset of the tokens. Another determination is made when a length of the first packet is less than a size corresponding to an available portion of the allocated subset of the tokens when the current time is determined to be prior to the expiration of the allocated subset of the tokens. The first packet is transmitted when the length of the first packet is determined to be less than a size corresponding to an available portion of the allocated subset of the tokens.