Peered appliances work together to accelerate and secure various types of traffic, including SSL/TLS, MAPI, SMB, and Citrix. They can also accelerate non-secure protocol traffic, and IPsec can be used to secure communication between them if needed. Secure transport using SSL/TLS can run alongside other secure methods like IPsec.

Traffic acceleration happens between peered appliances. To do this securely, the appliances must first establish trust with one another. They create a secure inner channel, which is the encrypted connection between the two appliances. The outer channel refers to the connection between clients and client-side appliances, and between servers and server-side appliances.

We recommend using the secure inner channel instead of IPsec for securing traffic. Each appliance comes with a built-in, self-signed certificate and private key that uniquely identifies it. When setting up the secure inner channel, the appliances authenticate one another by exchanging certificates and then negotiate encryption keys for each intercepted connection. Once trust is established, secure inner connections are created to match all outer connections.

You can manually set peer relationships between appliances using fixed-target rules, but more commonly, the client-side appliance automatically discovers the server-side peer when it first connects to a server. Each appliance keeps a peering table that stores information about its peers—such as certificates, IP addresses, and hostnames. You have the option to accept or reject peering requests at any time.

Once peering is set up, the appliances use their secure inner channels to send encrypted data that corresponds to the outer channel traffic being accelerated.