genugate is a complete solution: hardware, operating system, and firewall software. All components are carefully selected and specifically designed for maximum security. The OpenBSD operating system ensures high security standards and the two firewall systems – the application level gateway and the packet filter – run on physically separate computers.
At the heart of the genugate solution is the application level gateway. This advanced security system checks the content of your data flow. Therefore, the incoming data packets will be stopped and filtered and then forwarded via a newly established connection. This type of content check can only be carried out by application level gateways: packet filters, on the other hand, whose security mechanisms form the sole basis of many other firewalls, can only check formal criteria.
genugate also has a stateful packet filter, operating on the inside in the direction of the local area network (LAN). The filter checks the packets according to their header data: IP address, protocol type, and port number. This means that all data has to negotiate two complementary firewalls, each with its own protection system operating on a particular level. The two systems effectively work as a team, each supporting the other. This two-tier design also simplifies the configuration of so-called demilitarized zones (DMZs). These zones are erected between the two firewalls and provide a secure environment for servers and gateways that have to be accessed from both the Internet and from a LAN. The LAN remains separated from the DMZ by the second firewall and is therefore well protected from direct access from the Internet. This two-stage structure in the form of a powerful application level gateway and an additional packet filter is the guiding principal behind the genugate and your assurance of top-level security.
The genugate is fully IPv6 compatible and is designed to enable the comfortable and secure dual-stack operation. The Application Level Gateway that separates the connections at the boundary between the LAN and the Internet is able to convert from IPv4 to IPv6 and vice-versa. This guarantees reliable communication paths, even when not all clients and servers are able to handle both protocols. At the same time, the genugate minimizes many of the risks associated with the extended standard. IPv6 offers many additional possibilities, particularly in the header area ‐ that also represent potential weaknesses. However, the genugate makes this type of attack impossible as the Application Level Gateway generates a new body and header for each packet after checking its contents.
The German Federal Office for Information Security (BSI) recommends protecting the critical connection between the Internet and a local network with a firewall combination consisting of two packet filters and an application level gateway, or P-A-P for short. The packet filters are placed on either side of the powerful application level gateway and provide optimum protection against both direct attacks and high data loads. It is a simple matter to provide this high level of protection with the genugate. For example, a P-A-P solution can be created with an Internet router configured for rule-based filtering and acting as an additional packet filter in conjunction with the two-tier genugate system.
We are able to meet a wide range of different performance requirements. We can handle any bandwidth and availability requirements in excess of these capacities by using clusters: all genugate models can be bundled together to form clusters with any capacity the customer specifies. The two-tier firewall can be administrated via a uniform Web-based GUI.
The German Federal Office for Information Security (BSI) has evaluated the genugate 8.0 according to the standard Common Criteria (CC) for the technically challenging level EAL 4. The resulting certification was EAL 4+. The attribute "+" indicates, that level EAL 4 has been surpassed for certain criteria. Our firewall fulfils the central self-protection requirements, which are requested at security level EAL 7. genugate is the only firewall worldwide that offers this high level of self-protection - and is therefore classified as Highly Resistant.