Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A network device may identify an application signature associated with a web application, and may determine, based on an application-based policy associated with the web application, an access method to be used to transmit traffic associated with the web application. The network device may generate a proxy auto configuration (PAC) file using the application signature associated with the web application, and the access method to be used to transmit the traffic associated with the web application. The network device may provide the PAC file to a client device to permit the client device to transmit the traffic associated with the web application based on the PAC file.

Abstract: A network device decrypts a record, received from a client device, that is associated with an encrypted session between the client device and an application platform. The network device incorporates decrypted record data, from the decrypted record, into a payload field of a transmission control protocol (TCP) packet to be transmitted to another device, identifies a record header in the record, and determines, based on the record header, a record type associated with the decrypted record. Based on the record type, the network device marks the one or more TCP packets as including urgent data by setting a TCP urgent control bit in a header of the one or more TCP packets, and sets a second field, in the header of the TCP packet, to a second value that identifies an end of the urgent data, which corresponds to an end of the decrypted record data in the payload field.

Abstract: A device may receive client cipher information, associated with initiating a secure session, identifying at least one key exchange cipher supported by a client device associated with the secure session. The device may determine, based on the client cipher information, that a Diffie-Hellman key exchange is to be used to establish the secure session. The device may determine whether a server device, associated with the secure session, supports use of the Diffie-Hellman key exchange. The device may manage establishment of the secure session using a first decryption technique based on determining that the server device does not support the use of the Diffie-Hellman key exchange, or manage establishment of the secure session using a second decryption technique based on determining that the server device supports the use of the Diffie-Hellman key exchange or being unable to determine whether the server device supports the use of the Diffie-Hellman key exchange.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A network device may receive network traffic for an application. The network device may determine a first classification for the network traffic according to a first classification technique. The first classification may identify the network traffic as relating to a particular application or an unknown application. The network device may determine a second classification for the network traffic according to a second classification technique. The second classification may identify the network traffic as relating to an unknown application of a particular type and identity. The network device may process, based on whether the first classification identifies the network traffic as relating to the particular application or the unknown application, the network traffic according to a first security policy associated with the particular application or a second security policy associated with the unknown application of the particular type and identity.

Abstract: A network device may receive network traffic for an application. The network device may determine a first classification for the network traffic according to a first classification technique. The first classification may identify the network traffic as relating to a particular application or an unknown application. The network device may determine a second classification for the network traffic according to a second classification technique. The second classification may identify the network traffic as relating to an unknown application of a particular type and identity. The network device may process, based on whether the first classification identifies the network traffic as relating to the particular application or the unknown application, the network traffic according to a first security policy associated with the particular application or a second security policy associated with the unknown application of the particular type and identity.

Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: A network device may receive network traffic associated with a network and determine that the network traffic is associated with a dynamic application. The network device may determine, based on the network traffic being associated with a dynamic application, an application feature associated with the network traffic. The network device may perform a lookup operation associated with the application feature to identify policy information associated with the application feature. The network device may selectively permit communication of the network traffic via the network based on the policy information associated with the application feature, wherein the network traffic is to be permitted to be communicated via the network or prevented from being communicated via the network based on an indication from the policy information.

Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: A network device may decrypt a record received from a source device and associated with an encrypted session. The network device may process the decrypted record. The network device may encrypt the record to generate an encrypted payload. The network device may store an entry in a retransmission mapping that includes a decryption key used to decrypt the record and an encryption key used to encrypt the record. The network device may transmit the encrypted payload in a first TCP packet toward the destination device. The network device may receive retransmitted data and may determine, based on the record entry, that the retransmitted data is associated with the record. The network device may decrypt, using the decryption key, the retransmitted data and may re-encrypt, using the encryption key, the decrypted record. The network device may transmit, toward the destination device, the encrypted payload in a second TCP packet.

Abstract: A network device may receive network traffic associated with a network and determine that the network traffic is associated with a dynamic application. The network device may determine, based on the network traffic being associated with a dynamic application, an application feature associated with the network traffic. The network device may perform a lookup operation associated with the application feature to identify policy information associated with the application feature. The network device may selectively permit communication of the network traffic via the network based on the policy information associated with the application feature, wherein the network traffic is to be permitted to be communicated via the network or prevented from being communicated via the network based on an indication from the policy information.

Abstract: A network device receives a packet from a client device, and identifies, based on receiving the packet, a destination of the packet. The network device determines, based on information included in an application cache, an application associated with the destination of the packet, where the first network device, the client device, and the application cache are included in a first local network. The network device determines, based on the information included in the application cache, a policy rule associated with the application, and applies the policy rule to the packet.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session, wherein the application path is associated with a communication protocol and an application protocol. The network device may determine, based on policy information that is associated with the application path, whether the network traffic associated with the session is capable of being communicated via the network using the communication protocol and the application protocol. The network device may perform, based on whether the network traffic is determined to be capable of being communicated, an action associated with enabling or preventing communication of the network traffic.

Abstract: A network device receives a packet from a client device, and identifies, based on receiving the packet, a destination of the packet. The network device determines, based on information included in an application cache, an application associated with the destination of the packet, where the first network device, the client device, and the application cache are included in a first local network. The network device determines, based on the information included in the application cache, a policy rule associated with the application, and applies the policy rule to the packet.

Abstract: A network device may identify an application signature associated with a web application, and may determine, based on an application-based policy associated with the web application, an access method to be used to transmit traffic associated with the web application. The network device may generate a proxy auto configuration (PAC) file using the application signature associated with the web application, and the access method to be used to transmit the traffic associated with the web application. The network device may provide the PAC file to a client device to permit the client device to transmit the traffic associated with the web application based on the PAC file.

Abstract: A network device may receive network traffic for an application. The network device may identify an application layer protocol being used for the network traffic. The network device may obtain contextual information, from the network traffic, to obtain an item of contextual information, and the item of contextual information may be selected based on the application layer protocol. The network device may determine that the item of contextual information matches a stored item of contextual information. The network device may determine that a threshold has been met with regard to the stored item of contextual information. The network device may generate an application signature for the application based on the item of contextual information. The network device may send the application signature to another device to permit the other device to identify the application based on the application signature.

Abstract: A network device may identify an application signature associated with a web application, and may determine, based on an application-based policy associated with the web application, an access method to be used to transmit traffic associated with the web application. The network device may generate a proxy auto configuration (PAC) file using the application signature associated with the web application, and the access method to be used to transmit the traffic associated with the web application. The network device may provide the PAC file to a client device to permit the client device to transmit the traffic associated with the web application based on the PAC file.