Abstract: A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.

Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.

Abstract: A method may include providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method may include providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with OSI Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from OSI Level 2. A method may include providing an interface for network traffic, comprising, in a virtual private network: establishing a connection between a first node of the virtual private network and a second node serving as a virtual private network broker and fetching, by the first node from the virtual private network broker, information regarding one or more other nodes of the virtual private network.

Abstract: A system for providing network data processing, comprising a processor operating one of more algorithms that are configured to interface with one or more clients to receive a client hello data message. A transport layer security extension extraction system operating on the processor and configured to extract an extension from the client hello data message. A transport layer security extension identification system operating on the processor and configured to process the extension from the client hello data message and to identify a data networking session using the extension.

Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.

Abstract: A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection.

Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client based

Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securit

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to establishment of a connection between a first endpoint device and a second endpoint device: maintaining, by a security device interfaced between the first endpoint device and the second endpoint device for inspecting traffic transmitted over the connection, a first communication state to be identical to a communication state of the first endpoint device; and maintaining, by the security device, a second communication state to be identical to a communication state of the second endpoint device; and responsive to transmission of traffic from the first endpoint and intended for the second endpoint: inspecting individual objects of the traffic; modifying stream identifiers of the individual objects prior to retransmission of the traffic to the second endpoint to maintain ordering of stream identifiers as seen by the second endpoint; and maintaining a mapping of the modified stream identifiers such that the mapping is used by the securit

Abstract: A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection.

Abstract: A method, system, and computer-usable medium are disclosed for providing a multi-access interface for network traffic, comprising: receiving information regarding topology of a virtual private network and storing the topology in the form of a routing table. A method, system, and computer-usable medium are disclosed for providing an interface for network traffic, comprising: in a virtual private network comprising a plurality of tunnels delivering only information associated with Open Systems Interconnect stack Level 3, receiving a network communication and performing multicast forwarding among the plurality of tunnels using multicast forwarding from Open Systems Interconnect stack Level 2.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to communication of a client handshake to a server for establishing communications between the client and server, managing handshake messages between the client and server until an application layer message is communicated from the client, such that a connection between the client and the server appears to be established, and responsive to communication of the application layer message from the client, rendering a policy decision with respect to a connection between the client and the server based on a payload of the application layer message, the policy decision defining a selected path between the client and the server and including a chosen target device from a plurality of potential target devices, wherein the chosen target device is within the selected path and establishing the selected path for communication between the client and the server in accordance with the policy decision.

Abstract: A method, system, and computer-usable medium are disclosed for, responsive to an attempted connection from a client to a server for establishing communications between the client and the server, redirecting the connection to a proxy and injecting protocol-independent header information into a datagram of the traffic between the client and the server, the protocol-independent header information including information based upon which the proxy enforces a security policy.

Abstract: A method, system and computer-usable medium are disclosed for performing an automated anti-spoofing configuration operation, comprising: determining whether a source address of an internet protocol (IP) packet is allowed by a receiving interface of a firewall; determining whether the IP packet comprises a multicast packet when the IP packet is allowed by the receiving interface of the firewall; replacing the source address with a rendezvous point address; using the rendezvous point address to determine whether routing path information associated with the multicast packet matches information stored within a multicast routing information base for the receiving interface of the firewall; and, identifying the multicast packet as spoofed when the routing path information associated with multicast packet does not have corresponding information stored within the multicast routing information base.

Abstract: A method, system, and computer-usable medium are disclosed for (a) responsive to communication of a client handshake from a client to a server for establishing encrypted communications between the client and the server: (i) holding open, by an intermediate verification system interfaced between the server and the client, the client handshake; and (ii) opening a connection between the intermediate verification system and the server via which the intermediate verification system issues a server verification handshake to the server; (b) responsive to issuance of the server verification handshake to the server, receiving a server certificate associated with the server by the intermediate verification system; (c) responsive to receipt of the server certificate, processing, by the intermediate verification system, the server certificate to determine an identity of the server; and (d) rendering, by the intermediate verification system, a security policy decision regarding traffic between the server and client based

Abstract: A method, system, and computer-usable medium are disclosed for network acceleration, comprising: responsive to receiving at an acceleration device a stream of one or more datagrams from a sending endpoint device within a first local area network of the acceleration device, the stream for transmission to a receiving endpoint device within a second local area network coupled to the first local area network by a wide area network: communicating by the acceleration device to the sending endpoint device a respective acknowledgement to each of the one or more datagrams; and transmitting by the acceleration device the one or more datagrams via multiple communication links of the wide area network to a second acceleration device within the second local area network and coupled to the receiving endpoint device.

Abstract: A method, system and computer-usable medium are disclosed for performing an automated anti-spoofing configuration operation, comprising: determining whether a source address of an internet protocol (IP) packet is allowed by a receiving interface of a firewall; determining whether the IP packet comprises a multicast packet when the IP packet is allowed by the receiving interface of the firewall; replacing the source address with a rendezvous point address; using the rendezvous point address to determine whether routing path information associated with the multicast packet matches information stored within a multicast routing information base for the receiving interface of the firewall; and, identifying the multicast packet as spoofed when the routing path information associated with multicast packet does not have corresponding information stored within the multicast routing information base.