The company gets its hands on software that it will integrate into its existing product lines, and an appliance that it will continue to sell standalone, according to F5’s senior director of product management, Eric Giesa.

F5’s believes it’s the way its existing traffic management products are positioned in front of web server farms makes them ideal places to do security policy enforcement too. Customers have been asking for it, Giesa said.

MagniFire’s TrafficShield uses a positive enforcement method to prevent attacks against web applications, Giesa said. It uses a combination of passive monitoring and active crawling to build a model of acceptable HTTP traffic, and can then block the rest.

It doesn’t rely on a list of 8,000 bad things, which still leaves you open to zero-day attacks. It defines the list of good things, Giesa said. He said TrafficShield is better than the competition and handling dynamic web sites.

It does have some signature-based blocks, however. Other features include the ability to block certain types of sensitive information, such as credit card and social security numbers, from being leaked, as well as server cloaking and input validation.

Giesa said that TrafficShield will integrated with F5’s Traffic Management Operating System, which should take about nine months, and will be converged with FirePass, the company’s SSL VPN offering, into a new Application Security Gateway. He also said that TrafficShield will be made available as a blade for F5’s planned blade chassis, code-named Montreal. F5’s blade strategy currently revolves purely around partnerships with IBM and Hewlett-Packard.

F5’s unreleased products are all codenamed after locations en route to Montreal, Canada. Buffalo Jump, the imminent next version of Big-IP, is named for Head-Smashed-In Buffalo Jump (a site of historical interest in Alberta).

Also on the roadmap, but as yet unannounced, are products codenamed Yellow Knife and Swift Current, Giesa said. It could be inferred from the roadmap metaphor that these could be blades that will fit into the Montreal chassis.

The style of the latest deal recollects F5’s $25m acquisition of uRoam Inc last year. Regarded as second-tier vendor by analysts, uRoam was a bargain. F5 paid $14m less that had been previously invested in the startup.

MagniFire came out of stealth mode in the US last August with $9m funding, and is not believed to have accrued the customer traction of its competitors. It was, however, named a visionary by Gartner Inc in a recent review of the market.

The deal puts at least two of F5’s existing partners in awkward positions. Giesa said F5 will now be competing directly web application firewall makers Sanctum Inc and Teros Inc, both of which are F5 technology partners.

Application Firewall vendors that partner currently with F5 such as Sanctum and Teros are free to continue to recommend F5, an F5 spokesperson said in a statement, but we suspect they will try to find an alternate partner.

Sanctum declined to comment, but Teros CEO Bob Walters told ComputerWire the relationship, which he said has seen Teros acquire the largest footprint of F5 customers in the market, will cool as a result of the acquisition.

We’re certainly not going to give up on F5’s customer base because they [F5] bought MagniFire, said Walters, who reckons Teros is the largest player in the young market. Obviously, we could be driven closer to F5’s competitors.

It is believed that Teros, which has been funded to the tune of $26.5m, was one of many firms investigated by F5 as a possible acquisition. Walters declined to confirm this, but noted the price paid for MagniFire is lower that Teros could command.

F5 has been saying it’s a security appliance maker for some time, but it’s core business is it Big-IP line of internet traffic management devices, which sit in front of web servers, load balancing traffic.

In late 2002, the firm added deep packet inspection, allowing traffic management decisions to be made on the basis of data payloads as well as headers, and has been promoting this as a security function.