genugate

A Maximum Security Solution

genugate is a complete solution: hardware, operating system, and firewall software. All components are carefully selected and specifically designed for maximum security. The OpenBSD operating system ensures high security standards and the two firewall systems – the application level gateway and the packet filter – run on physically separate computers.

/dateien/gui-genugate.jpg
Easy administration of the two-tier solution via a consistent GUI

Application Level Gateway Checks Content

At the heart of the genugate solution is the application level gateway. This advanced security system checks the content of your data flow. Therefore, the incoming data packets will be stopped and filtered and then forwarded via a newly established connection. This type of content check can only be carried out by application level gateways: packet filters, on the other hand, whose security mechanisms form the sole basis of many other firewalls, can only check formal criteria.

Teamwork with Packet Filter

genugate also has a stateful packet filter, operating on the inside in the direction of the local area network (LAN). The filter checks the packets according to their header data: IP address, protocol type, and port number. This means that all data has to negotiate two complementary firewalls, each with its own protection system operating on a particular level. The two systems effectively work as a team, each supporting the other. This two-tier design also simplifies the configuration of so-called demilitarized zones (DMZs). These zones are erected between the two firewalls and provide a secure environment for servers and gateways that have to be accessed from both the Internet and from a LAN. The LAN remains separated from the DMZ by the second firewall and is therefore well protected from direct access from the Internet. This two-stage structure in the form of a powerful application level gateway and an additional packet filter is the guiding principal behind the genugate and your assurance of top-level security.

/dateien/genugate-sicherheitszonen-en.jpg
Customized security zones for all requirements

Straightforward and Secure Migration to IPv6

The genugate is fully IPv6 compatible and is designed to enable the comfortable and secure dual-stack operation. The Application Level Gateway that separates the connections at the boundary between the LAN and the Internet is able to convert from IPv4 to IPv6 and vice-versa. This guarantees reliable communication paths, even when not all clients and servers are able to handle both protocols. At the same time, the genugate minimizes many of the risks associated with the extended standard. IPv6 offers many additional possibilities, particularly in the header area ‐ that also represent potential weaknesses. However, the genugate makes this type of attack impossible as the Application Level Gateway generates a new body and header for each packet after checking its contents.

genugate: the Ideal Basis for a P-A-P-Solution

The German Federal Office for Information Security (BSI) recommends protecting the critical connection between the Internet and a local network with a firewall combination consisting of two packet filters and an application level gateway, or P-A-P for short. The packet filters are placed on either side of the powerful application level gateway and provide optimum protection against both direct attacks and high data loads. It is a simple matter to provide this high level of protection with the genugate. For example, a P-A-P solution can be created with an Internet router configured for rule-based filtering and acting as an additional packet filter in conjunction with the two-tier genugate system.

High Availability Clusters and Central Administration

We are able to meet a wide range of different performance requirements. We can handle any bandwidth and availability requirements in excess of these capacities by using clusters: all genugate models can be bundled together to form clusters with any capacity the customer specifies. The two-tier firewall can be administrated via a uniform Web-based GUI.

Advantages of the Cluster

  • Load Balancing: The firewalls share data processing between themselves
  • High Availability: The firewalls monitor each other - in case one system fails, the other systems automatically take over
  • Scalability: The cluster can be modified in various ways to meet higher requirements

The Only Highly Resistant Firewall Worldwide

The German Federal Office for Information Security (BSI) has evaluated the genugate 8.0 according to the standard Common Criteria (CC) for the technically challenging level EAL 4. The resulting certification was EAL 4+. The attribute "+" indicates, that level EAL 4 has been surpassed for certain criteria. Our firewall fulfils the central self-protection requirements, which are requested at security level EAL 7. genugate is the only firewall worldwide that offers this high level of self-protection - and is therefore classified as Highly Resistant.

Order Printed Information Material

Further Information

Follow us