CPC H04L 63/0245 (2013.01) [H04L 45/38 (2013.01); H04L 63/0876 (2013.01); H04L 63/20 (2013.01)] | 20 Claims |
1. A system comprising:
a processor configured to:
receive a flow at a network gateway of a security service from a software-defined wide area network (SD-WAN) device, wherein the flow includes a set of network packets associated with a session;
inspect the flow to determine and extract meta information associated with the flow using the network gateway of the security service; and
communicate, from the network gateway of the security service, the meta information associated with the flow in-band on the flow to the SD-WAN device, wherein the meta information is communicated in-band on the flow using encapsulated packet header information, wherein the SD-WAN utilizes the meta information associated with the flow based on a policy without having to use computing resources of the SD-WAN device to perform deep packet inspection in order to obtain the meta information associated with the flow, wherein the policy includes a routing policy or a security policy, and wherein the SD-WAN device enforces the routing policy or the security policy using the meta information associated with the flow; and
a memory coupled to the processor and configured to provide the processor with instructions.
|