Allow / express forward Drop NAT Policy Engine Enhancement Frame Ingress WebOS Policy Engine MAC source/dest address IP /not IP source/dest address /range Protocol IP TOS IP Options /not ICMP message types TCP/UDP source/dest port TCP flags URL and Cookie VLAN ID ( New) Iterate per unmatched frame / session IP TOS rewrite Redirect (to IP or server group) Actions

Secure XL & NAAP in Action TCP session SYN 1 Policy Check 1 1 Add Conn. (F2F) 1 SYN/ACK2 Update Conn. 3 TCP 3-way handshake complete, data for the session accelerated4 FIN-1 5 Update Conn. 5 FIN-26 ACK7 Update Conn. 6 Delete Conn. 7 Alteon Switched Firewall (ASF) Clients Servers ACK3 (TCP 3-way handshake complete )

1 st pkt 1 Policy Check 1 1 Add Conn. 1 Data for the session accelerated2 Delete Conn. after UDP timeout if session is inactive 3 Alteon Switched Firewall (ASF) Clients Servers Secure XL & NAAP in Action UDP session

Application Clusters Security Dashboard Intelligent Flow Management Shift from physical management to logical management Central management of multiple services New Focus on Integrated Management and Flow Plug and play simplicity and scalability SSLFWVPNIDS Virus Scanning URL Filtering SSLFWVPNIDS Virus Scanning URL Filtering SSLFWVPNIDS Virus Scanning URL Filtering SSLFWVPNIDS Virus Scanning URL Filtering SSLFWVPNIDS Virus Scanning URL Filtering SSLFWVPNIDS Virus Scanning URL Filtering