genugate Firewall: Well Protected Against Attacks
Your level of IT security is determined largely at the interface between the Internet and the local network. The attacks from the outside and the data sent from the inside pass through this point.
The more carefully this data traffic is monitored, the greater the protection you achieve for your entire network. The IT security at this critical point should therefore be given top priority. A central element here is the content analysis: you should only allow data into your network after completely inspecting its content, because only in this way can dangerous content be reliably detected and blocked. The High Resistance Firewall genugate satisfies the highest requirements: two different firewall systems – an application level gateway (ALG) and a packet filter (PFL), each on separate hardware – are combined to form a compact solution.
Your Benefits at a Glance
- BSI certification and approval for use with RESTRICTED data
- Best self-protection: The only "highly resistant" firewall in the world as classified by the BSI
- Two-tier firewall: Implementation of the two components on two independent computers: On the inside is a packet filter (PFL), on the outside an application level gateway (ALG)
- Application level gateway: Comprehensive, complete content analysis – not only just a random sample
- Packet filter with an individually configurable set of rules
- Integrated Web Application Firewall (WAF)
- GEO-IP filtering enables country-based network access control
- Offline mode: The license can be activated offline; patches and updates can be executed manually
- REST-API support for administrator's task automation
- Advanced update mechanism protects against attacks with quantum computers
Application Level Gateway
Content Control: Dangerous Content Is Blocked
At the heart of the genugate solution is the application level gateway. This sophisticated security system checks the content of the entire data stream. To this end, the incoming data packets are first stopped – the application level gateway does not permit a direct connection between the Internet and the local network. The gain in security through this feature: attacks are not possible on the network level. Many risks, such as through the extended headers with IPv6, are thereby excluded.
After the connection is terminated, the packets are assembled like a puzzle, since a content check is only possible using complete data sets. Filtering is now performed and, depending on the configuration, undesired and dangerous data such as active content, viruses or even spam are reliably blocked. Only then is the data passed on via a new connection.
The application level gateway can also secure cloud usage by, e.g., only allowing uploads to external services if the data is encrypted. With the comprehensive traffic analysis through the application level gateway,
genugate offers a significantly higher level of security than so-called next generation firewalls, which usually function with deep packet inspection or pattern matching and check only a random sample of the data contents.
Firewall Certified at Common Criteria Level EAL 4+
This solution has also convinced the German Federal Office for Information Security (BSI), which certified the genugate firewall according to the international Standard Common Criteria (CC) at the strict EAL 4+ level.
The high trustworthiness of the security of our firewall solution has thereby been confirmed by an independent organization. In addition, genugate is classified as highly resistant as it counters with maximum resistance against direct attacks. The security performance satisfies the requirements of level EAL 7. The genugate application gateway firewall is the only firewall in the world that offers this high level of security.
Stateful Packet Filter
Teamwork with Packet Filter
With genugate, a stateful packet filter functions as a second firewall system on the inside in the direction of the local network. It checks the data packets based on the header information: IP address, protocol type and port number. This means: all data must pass through two firewall systems whose protective measures optimally complement one another on different levels. Through the finely coordinated teamwork, the two systems mutually protect one another. The two-tiered structure also allows for the creation of demilitarized zones (DMZ) precisely according to your requirements: Servers can be connected to both the application level gateway as well as to the packet filter via other interfaces. As a result, you are able to offer services on the Internet that are secured through the high-performance application level gateway or servers can be closely connected to your LAN via the packet filter.
genugate: The Ideal Basis for a P-A-P Solution
The German Federal Office for Information Security (BSI) recommends using a firewall combination comprising two packet filters and one application level gateway – or P-A-P for short – at the critical interface between Internet and local network. The upstream packet filters placed on either side of the high quality application level gateway protect against both direct attacks and high data loads.
With genugate, you can comfortably achieve this high level of security: If, for example, you configure your Internet router with rules as a packet filter or additionally use a firewall of type genuscreen from genua, the desired P-A-P combination can be created in conjunction with the two-tiered genugate.
Voice-over-IP communication
Additional SIP Module Option
All-IP and further developments require a broad transition to Voice-over-IP communication, for which the Session Initiation Protocol (SIP) is of central importance.
Since new technologies also result in new attack vectors, it is important to ensure completely secure operations. With the additional SIP module option, you receive a specialized testing authority that only allows data communication if the corresponding connection has been fully analyzed and assessed as secure. The SIP module can also be used for SSL/TLS connections. Through session border controller (SBC) functionality, it prevents attacks on telephones and telephone systems and enables the enforcement of security policies. The SIP module also ensures the interoperability of systems that use different encryption standards, for example, and simplifies certificate management.
Complete Solution for Maximum Security
Finely Tuned Firewall System
With genugate, the German provider genua offers an approved and certified IT security system for critical interfaces. The High Resistance Firewall is a complete solution consisting of hardware, operating system, and firewall software.
All components are precisely matched to one another and designed for maximum network security. The used operating system OpenBSD guarantees high security standards, and the two firewall components – the application level gateway and the packet filter – run on physically separate computers.
Both firewalls are, however, operated via a uniform user interface which enables convenient administration and reduces support costs. genugate stands out from other firewalls through its two-tier protection and guarantees robust protection at the critical interface between your network and the Internet.
Hardware and Clusters for All Requirements
We offer genugate in various hardware models to cover a wide range of requirements. Clusters handle even greater data throughput and availability requirements: All models can be freely bundled as powerful clusters.
The two-tier genugate is administrated using a consistent Web GUI. If you use several firewalls of type genugate, you can comfortably create and distribute configuration information such as IP addresses or server names via a management station.
You can use an interface to connect the genugate to your security information and event management system (SIEM), e.g., QRadar from IBM. The log data of the firewall system makes an important contribution to your central event and risk analysis.
Web Application Firewall (WAF) based on a CC EAL4+ certification with AVA_VAN.5
genugate includes the only Web Application Firewall (WAF) on the market that is based on a foundation certified by the BSI according to Common Criteria (CC) EAL4+ with AVA_VAN.5 (Advanced Methodical Vulnerability Analysis). The designation AVA_VAN.5 stands for a high level of self-protection which has been proven to protect the firewall even against attackers with high attack potential. Especially endangered organizations such as security authorities or operators of critical infrastructures can thereby reliably protect their servers against attacks.
New: genugate Virtual – the Only Virtualized Firewall with Approval for Classification Level German VS-NfD
genugate Virtual is the only virtualized firewall approved by the Federal Office for Information Security (BSI) for processing data classified as German VS-NfD in Germany.
The High Resistance Firewall genugate Virtual combines the rigorous security standards of genugate with the benefits of virtualization. It maintains a consistent security posture by offering advanced application-level-gateway (ALG) functionality for thorough network traffic inspection and control, distinguishing itself in virtual environments with its proven security and reliability.
![[Translate to English:]](/fileadmin/_processed_/f/e/csm_genugate-virtual-visual_eef404b8b7.png)
Our sales team will be glad to answer your questions. We are looking forward to get in touch with you.