Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: A method for transmitting network traffic across a wide area network (WAN) from a first site to a second site is provided. The method is executed by a first edge network device at the first site that further includes a second edge network device, and the method includes: receiving the network traffic from a client device at the first site; determining, using ipath characteristics and a classification of the network traffic, that the network traffic should be transmitted by the second edge network device to the second site; forwarding in response to the determination, the network traffic to the second edge network device using a local tunnel over a local area network (LAN) of the first site such that the network traffic is transmitted to the second site by the second edge network device.

Abstract: In one embodiment, a first device in a network receives intercepted traffic that has been encrypted. The first device decrypts the intercepted traffic and sends the decrypted traffic to one or more analysis devices in the network. The first device receives a message indicative of a result of analysis of the decrypted traffic by the one or more analysis devices.

Abstract: In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection.

Abstract: In one embodiment, an apparatus comprises logic for detecting stolen authentication cookie attacks. A first transport connection is established between a client and a gateway server, where the first transport connection is authenticated by the gateway server. A first authentication cookie is associated with a client session, between the client and the gateway server, that includes the first transport connection. A second transport connection is established at the gateway server. A request is received over the second transport connection. The request includes the first authentication cookie to associate the second transport connection with the client session. A second authentication cookie is generated for the client session and is returned over the second transport connection. Thereafter, a determination is made whether the second authentication cookie is received over the first transport connection.