Configuring IoT devices for policy enforcement

What is claimed is: 1 . A system, comprising: a device configurer on a network segment of a network, comprising: a configurer processor, and a configurer memory having stored thereon configuration instructions that, upon execution by the configurer processor, causes the configurer processor to: configure a plurality of special-purpose devices to steer outbound network traffic to an inline secure forwarder on the network segment instead of a default gateway on the network segment by transmitting a modified setting of each of the plurality of special-purpose devices to designate the inline secure forwarder as the default gateway; and the inline secure forwarder on the network segment, comprising: a forwarder processor, and a forwarder memory having stored thereon forwarding instructions that, upon execution by the forwarder processor, causes the forwarder processor to: route the outbound network traffic to a policy enforcement point for a policy enforcement, determine, from the outbound network traffic, metadata required for the policy enforcement, and append the metadata to the outbound network traffic and sends the outbound network traffic appended with the metadata to the policy enforcement point for the policy enforcement. 2 . The system of claim 1 , wherein the configuration instructions to configure the plurality of special-purpose devices comprises using static manual configuring. 3 . The system of claim 1 , wherein the configuration instructions to configure the plurality of special-purpose devices comprises using static automated configuring. 4 . The system of claim 1 , wherein the metadata includes a device classification of special-purpose devices in the plurality of special-purpose devices. 5 . The system of claim 1 , further comprising: the policy enforcement point, wherein the policy enforcement point is implemented as a cloud service. 6 . The system of claim 1 , wherein the metadata about a particular special-purpose device uniquely identifies the particular special-purpose device. 7 . The system of claim 1 , wherein the metadata includes media access control (MAC) addresses of special-purpose devices in the plurality of special-purpose devices. 8 . The system of claim 1 , wherein the metadata includes pre-network address translated (pre-NATed) IP addresses of the special-purpose devices. 9 . The system of claim 1 , wherein the metadata includes information about the network segment. 10 . The system of claim 1 , wherein the metadata includes manufacturing information of special-purpose devices in the plurality of special-purpose devices. 11 . The system of claim 1 , wherein the forwarding instructions comprise further forwarding instructions that, upon execution by the forwarder processor, cause the forwarder processor to: append the metadata to the outbound network traffic on a packet level. 12 . The system of claim 1 , further comprising: the policy enforcement point, comprising: one or more processors, and one or more memories having stored thereon instructions that, upon execution by the one or more processors, cause the one or more processors to: classify the outbound network traffic based on the metadata, wherein the classifications comprise benign and malicious. 13 . The system of claim 12 , wherein the one or more memories of the policy enforcement point comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to: based on a benign classification, send the outbound network traffic to one or more out-of-network destinations intended by the special-purpose devices. 14 . The system of claim 13 , wherein the out-of-network destinations include cloud applications. 15 . The system of claim 13 , wherein the out-of-network destinations include one of web applications and websites. 16 . The system of claim 12 , wherein the one or more memories of the policy enforcement point comprises further instructions that, upon execution by the one or more processors, cause the one or more processors to: based on a malicious classification, block the outbound network traffic. 17 . The system of claim 1 , wherein the device configurer is implemented in a dynamic host configuration protocol (DHCP) server. 18 . The system of claim 1 , wherein the configuration instructions comprise further configuration instructions that, upon execution by the configurer processor, cause the configurer processor to: intercept a dynamic host configuration protocol (DHCP) request from a special-purpose device of the special-purpose devices; and modify a DHCP response to the DHCP request with the modified setting. 19 . The system of claim 1 , wherein the configuration instructions comprise further instructions that, upon execution by the configurer processor, causes the configurer processor to: determine a classification of each of the plurality of special-purpose devices as special-purpose devices. 20 . The system of claim 19 , wherein the instructions to determine the classification comprise instructions to analyze data associated with the respective special-purpose device.