About secure peers
Peered appliances can accelerate, encrypt, and secure SSL/TLS and other types of secure traffic, such as MAPI, SMB, and Citrix traffic. They can also securely accelerate other traffic that does not use a secure protocol. You can also use IPsec to secure communication between peered appliances.
SSL/TLS secure peering and secure transport traffic can coexist.
Acceleration occurs between peered appliances. To securely accelerate traffic, peered appliances must establish a trust relationship with each other and create a secure connection between each other. This secure connection between appliances is called the secure inner channel. Outer channels are those connections between client-side appliances and clients and between server-side appliances and servers.
We recommend using the secure inner channel in place of IPsec encryption to secure traffic.
Each appliance is manufactured with its own self-signed certificate and private key, which uniquely identifies that appliance. The setup process for the secure inner channel begins with the appliances authenticating each other by exchanging certificates and negotiating separate encryption keys for each intercepted connection. Next, the appliances create corresponding secure inner connections for all outer connections between the client and the client-side appliance and between the server and the server-side appliance.
You can manually configure peer relationships between appliances using fixed-target rules. Typically, though, client-side appliances find server-side peers through autodiscovery the first time they attempt to connect to a server. Peered appliances maintain peering tables that list each peer, their key certificates, and other identifying information such as IP address and hostname. You can accept or decline peering requests from any appliance at any time.
After the appliances trust each other, they send encrypted data between themselves over the secure inner connections matching the outer channel connections for the relevant traffic types.