Method device and system for policy based packet processing

What is claimed is: 1. A method for policy based networking comprising the steps: configuring a plurality of network appliances with a policy configuration, wherein each network appliance is coupled to at least one wide area network; receiving an outgoing packet having a destination address behind one of the plurality of network appliances coupled to at least one network; associating the outgoing packet with the policy configuration, by: classifying the outgoing packet by a port on which the outgoing packet was received; determining an application from which the outgoing packet originated; and determining, based on the policy configuration, a network segment to which the port and the application are assigned; validating the outgoing packet against the policy configuration by verifying that the destination address of the outgoing packet is in a same network segment as the determined network segment, thereby setting a forwarding indication if the outgoing packet should be forwarded; appending a first policy header to the outgoing packet and thereby forming an outgoing payload; appending to the outgoing payload a WAN header compatible with the destination address associated with the one of the plurality of network appliances coupled to at least one network, thereby forming an outgoing WAN packet; and forwarding the outgoing WAN packet to the destination address associated with the one of the plurality of network appliances coupled to at least one network if the forwarding indication is set. 2. The method of claim 1 further comprising the steps: receiving, from one of the at least one wide area networks, an incoming WAN packet having a WAN header and an incoming payload, wherein the incoming payload includes a second policy header and an incoming packet; removing the WAN header from the incoming WAN packet thereby forming the incoming payload; associating the second policy header with the policy configuration; validating the second policy header against the policy configuration thereby setting a valid indication if the incoming packet should be forwarded; removing the second policy header from the incoming payload thereby forming the incoming packet; and forwarding the incoming packet if the valid indication is set. 3. The method of claim 2 , wherein the outgoing packet and the incoming packet have a destination network address and a source network address, and wherein the policy configuration includes at least one of a network segment, application rules, and a security protocol associated with the source network address and the destination network address. 4. The method of claim 3 , wherein the security protocol includes one or more firewall zones within the network segment. 5. The method of claim 3 , wherein the network segment is associated with a segment in a software-defined wide area network. 6. The method of claim 2 , further comprising the step of encrypting the outgoing payload and decrypting the incoming payload. 7. The method of claim 2 , wherein the policy configuration includes network address translation of the outgoing packet and the incoming packet. 8. A network appliance comprising: at least one wide area network interface, wherein the at least one wide area network is configured to receive an outgoing packet and transmit an incoming packet; memory, wherein the memory is configured with a policy configuration; a processor, wherein the processor is configured to associate the policy configuration with the outgoing packet, to validate the outgoing packet against the policy configuration, to set a forwarding indication if the outgoing packet is validated, to append a first policy header to the outgoing packet and thereby form an outgoing payload, to append to the outgoing payload a WAN header compatible with at least one wide area network interface and thereby form an outgoing WAN packet, and to forward the outgoing WAN packet to at least one wide area network interface if the forwarding indication is set, wherein the processor is further configured to associate the policy configuration with the outgoing packet by: classifying the outgoing packet by a port on which the outgoing packet was received; determining an application from which the outgoing packet originated; and determining, based on the policy configuration, a network segment to which the port and the application are assigned; and wherein the processor is further configured to validate the outgoing packet against the policy configuration by verifying that the destination address of the outgoing packet is in a same network segment as the determined network segment. 9. The network appliance of claim 8 , wherein the at least one wide area network interface is configured to receive, from one of the at least one wide area networks, an incoming WAN packet having a WAN header and an incoming payload, wherein the incoming payload includes a second policy header and an incoming packet, to remove the WAN header from the WAN packet thereby forming the incoming payload that includes the second policy header, to associate the second policy header with the policy configuration, to validate the second policy header against the policy configuration thereby setting a valid indication if the incoming packet should be forwarded, to remove the second policy header from the incoming payload thereby forming the incoming packet, and to forward the incoming packet if the valid indication is set. 10. The network appliance of claim 8 , wherein the outgoing packet and the received packet have a destination network address and a source network address, and wherein the policy configuration includes a network segment, application rules, and a security protocol based on the source network address and the destination network address. 11. The network appliance of claim 10 , wherein the security protocol includes one or more firewall zones within the network segment. 12. The network appliance of claim 10 , wherein the network segment is associated with a segment in a software-defined wide area network. 13. The network appliance of claim 9 , wherein the network appliance is further configured to encrypt the outgoing payload and decrypt the incoming payload. 14. A network system comprising: a plurality of network appliances each network appliance comprising, a wide area network interface, a local area network interface, a processor, and memory; and a software-defined wide area network (SD-WAN), wherein the SD-WAN is coupled to each network appliance's wide area network interface, wherein each network appliance is configured with a policy configuration, wherein a wide area network interface of a respective network appliance is configured to receive an outgoing packet from the local area network interface and transmit the outgoing packet on the wide area network interface and to receive an incoming packet on the wide area network interface and send the incoming packet on the local area network interface, wherein the respective network appliance is configured to associate the policy configuration with the outgoing packet, wherein the respective network appliance is configured to append a first policy header to the outgoing packet and thereby form an outgoing payload, to append to the outgoing payload a WAN header compatible with the respective network appliance's wide area network interface and thereby form an outgoing WAN packet, and to forward the outgoing WAN packet to the network appliance's wide area network interface if the forwarding indication is set, wherein the respective network appliance is further configured to associate the policy configuration with t