Facilitating a Secure 3 Party Network Session by a Network Device

What is claimed is: 1 . A method for facilitating a three party TCP connection by a network device, comprising: receiving at a network device a SYN packet from a client device over a network, the SYN packet comprising identifying information for the client device and a request to establish a TCP session with an application server; transmitting by the network device, a SYN/ACK packet to the client device, the SYN/ACK packet comprising information to authenticate the client device to the application server directly as a trusted source for the network; receiving information at the network device from the application server, the information relating to a TCP session established between the application server and the client device by way of an acknowledgement (ACK) packet received at the application server from the client device that includes the information to authenticate the client device to the application server as a trusted source for the network from the SYN/ACK packet. 2 . The method of claim 1 , the network device comprising an application delivery controller, firewall, network switch, network router, network computer, remote access server, or virtual private network (VPN) gateway. 3 . The method of claim 1 , wherein the network device determines if the client device is a trusted source for the network by: extracting a destination network address from the SYN packet from the client device; and matching the extracted destination network address to a network address of the application server; 4 . The method of claim 3 , wherein the network device determines that the client device is a trusted source for the network using the SYN packet received by the client device, by: retrieving application server information if the destination network address in the SYN packet matches a network address of the application server; checking server load of application server to determine if SYN packet should be accepted; generating a SYN cookie using transmission control protocol (TCP) options in the application server information or pre-set TCP options; creating a SYN/ACK packet using the SYN cookie; and sending the SYN/ACK packet to the client device. 5 . The method of claim 4 , wherein the checking server load of application server to determine if SYN packet should be accepted further comprises: declining to process the SYN packet if the server load is high; and accepting and continuing to process the SYN packet if the server load is low. 6 . The method of claim 3 , the server load comprising CPU load, network module load, number of TCP sessions, application load, and an indication to accept or to decline SYN requests. 7 . The method of claim 4 , the TCP options comprising a maximum segment size, a window scale, and a selective acknowledgement message, wherein the selective acknowledgement message is used for selective retransmission of individual data packets that were not received by the application server. 8 . The method of claim 1 , further comprising receiving at an application server an ACK packet from the client device forwarded by the data network to the application server when the destination network address of the ACK packet matches the application server. 9 . The method of claim 1 , further comprising receiving at an application server an ACK packet from the client device comprising: forwarding the ACK packet by the network device when the network device receives the ACK packet; and matching the destination network address of the ACK packet to the application server. 10 . The method of claim 1 , wherein the client device is authenticated to the application as a trusted source for the network by: extracting a SYN cookie from the ACK packet if ACK packet does not match any existing sessions in the application server, the SYN cookie generated by the network device and transmitted by the network device to the client device in the SYN/ACK packet; and verifying the client device based on at least one TCP option in application server information in the SYN cookie. 11 . The method of claim 1 , wherein the receiving information at the network device from the application server comprises receiving information about a server load of the application server. 12 . A network gateway system, comprising: a plurality of processors; a memory communicatively coupled to the plurality of processors, the memory storing instructions executable by at least one of the plurality of processors to perform a method comprising: receiving at a network device a SYN packet from a client device over a network, the SYN packet comprising identifying information for the client device and a request to establish a TCP session with an application server; transmitting by the network device, a SYN/ACK packet to the client device, the SYN/ACK packet comprising information to authenticate the client device to the application server directly as a trusted source for the network; receiving information at the network device from the application server, the information relating to a TCP session established between the application server and the client device by way of an acknowledgement (ACK) packet received at the application server from the client device that includes the information to authenticate the client device to the application server as a trusted source for the network from the SYN/ACK packet. 13 . The system of claim 12 , wherein the network device comprises an application delivery controller, firewall, network switch, network router, network computer, remote access server, or virtual private network (VPN) gateway. 14 . The system of claim 12 , the network device determines if the client device is a trusted source for the network using the SYN packet by: extracting a destination network address from the SYN packet from the client device; and matching extracted destination network address to a network address of the application server; 15 . The system of claim 14 , wherein the network device determines that the client device is a trusted source for the network using the SYN packet received by the client device by: retrieving application server information if the destination network address in the SYN packet matches a network address of the application server; checking server load of application server to determine if SYN packet should be accepted; generating a SYN cookie using transmission control protocol (TCP) options in the application server information or pre-set TCP options; creating a SYN/ACK packet using the SYN cookie; and sending the SYN/ACK packet to the client device. 16 . The system of claim 15 , wherein the network device checks server load of application server to determine if SYN packet should be accepted by: declining to process the SYN packet if the server load is high; and accepting and continuing to process the SYN packet if the server load is low. 17 . The system of claim 14 , the server load comprising CPU load, network module load, number of TCP sessions, application load, and an indication to accept or to decline SYN requests. 18 . The system of claim 15 , the TCP options comprising a maximum segment size, a window scale, and a selective acknowledgement message, wherein the selective acknowledgement message is used for selective retransmission of individual data packets that were not received by the application server. 19 . The system of claim 12 , wherein the application server receives an ACK packet from the client device by the data network forwarding the ACK packet to the