A Customizable Comprehensive Solution
The genugate is a high resistance firewall developed by the German manufacturer genua as a solution for critical interfaces. genugate is a complete solution comprising hardware, operating system, and firewall software. The product‘s unique factor: Two different firewall systems – an application level gateway and a packet filter – are combined to a compact solution. All components are perfectly coordinated and specifically designed for maximum security. The OpenBSD operating system ensures high security standards, and the two firewall systems run on physically separated computers. Both firewalls, however, are operated through a single interface, simplifying administration and reducing support costs. The genugate stands out by its two-tier protection, and guarantees you robust protection at critical interfaces.
Application Level Gateway Screens Content
At the heart of the genugate solution is the application level gateway. This advanced security system checks all data stream content. The first step in this process is termination of the incoming data packets – the application level gateway never permits a direct connection between the Internet and your local network. This feature significantly increases security: network level attacks are no longer possible, eliminating many potential weaknesses, such as those involving extended IPv6 headers. Then, much like a puzzle, the packets are re-assembled, as content checks can be carried out only on complete data records. The application level gateway can now filter the data and block out unwanted material: active content, viruses, or spam, depending on how you have configured your system. Data will be forwarded over a new connection only after all checks have been performed. The application level gateway can also secure cloud usage, e.g. by only allowing encrypted uploads to external services. The comprehensive content analysis provided by the application level gateway means genugate provides a significantly higher level of security than so-called "next generation" firewalls. These mostly use deep packet inspection or pattern matching, and only check a random sample of the data contents.
Teamwork with Packet Filter
genugate also has an additional packet filter, operating on the inside (local network side). The packet filter checks data packets according to the header data: IP address, protocol type, and port number. As a result, all data passes through two firewall systems, with protection systems operating on different levels. The two systems effectively work as a team, each supporting the other. This two-tier system also allows the configuration of demilitarized zones (DMZ) exactly to your requirements. Additional interfaces can be used to connect servers to either the application level gateway or the packet filter. This in turn permits providing of services in the Internet that are secured by the powerful application level gateway. Alternatively, servers can be closely connected to your LAN via the packet filter.
Two-tier firewall for highly secure interfaces
Security vs. Performance
Two tiers, comprehensive content control, separation of all connections – the genugate high resistance firewall is a no-compromise high security design. These three features set the genugate apart from the firewall solutions of other manufacturers. They also require considerable computing capacity – an inevitable cost in terms of data throughput performance, even when the most modern hardware is used. Note this relationship between security and performance applies for all firewall systems, and means that high performance figures can only be achieved at the cost of reduced security or vice-versa – even when some manufacturers promise otherwise. You should not make compromises with the security of critical interfaces. Here, the genugate is the right solution.
genugate: the Ideal Basis for a P-A-P Solution
The German Federal Office for Information Security (BSI) recommends protecting the critical connection between the Internet and a local network with a firewall combination, consisting of two packet filters and an application level gateway, or P-A-P for short. The packet filters placed on either side of the powerful application level gateway provide optimum protection against both direct attacks and high data loads. With genugate, it becomes a simple matter to provide this high level of protection. For example, a P-A-P solution can be created with an Internet router configured with rules to act as an additional packet filter, operated in conjunction with the two-stage genugate system.
Only Highly Resistant Firewall in the World
Based on this exceptional security performance, the BSI has classified genugate as “Highly Resistant” – the only firewall in the world to achieve this rating. This rating gives our customers an independent guarantee that they have purchased a high-security solution. We renew the certification of the genugate high resistance firewall by the the German Federal Office for Information Security (BSI) with every major release of the genugate to provide ongoing assurance of its high quality.
Hardware and Clusters to Meet all Requirements
To precisely meet a wide range of different requirements, we supply genugate in various hardware models. We can handle any bandwidth and availability requirements in excess of these capacities by using clusters: all genugate models can be bundled to clusters with any capacity requirement the customer specifies. The firewall is administrated using a consistent Web GUI. If deploying a number of genugate firewalls, you can use a management station to comfortably create and distribute configuration information such as IP addresses or server names. In addition, the genugate supplies an interface for Security Information and Event Management (SIEM) applications, such as QRadar from IBM. This assists in the integration of the firewall system log files in your central event and risk analysis.