Firewall & VPN Appliance genuscreen: Protection for Data Transfer and Networks

Data exchange between multiple locations via the Internet is convenient and economical – but must be reliably protected from eavesdroppers and prying eyes. In much the same way, your network also needs to be shielded from Internet hazards.

A common requirement above and beyond this is the creation of secure zones for especially sensitive systems within large networks. We developed our Firewall & VPN Appliance genuscreen for precisely this purpose: The security solution creates strongly encrypted virtual private networks (VPNs) for data communication via public networks. These can also be used to securely transfer highly sensitive information. In addition, the high-performance genuscreen firewall strictly filters data traffic at the interfaces and only allows expressly permitted connections. All other requests are blocked without exception. The Firewall & VPN Appliance genuscreen has been officially tested for compliance with the highest security standards as evidenced by the approval for the encrypted transmission of data up to the German classification level RESTRICTED and the certification according to Common Criteria (CC) EAL 4+.

Top Highlights

  • Data protection through backdoor-free VPN technology

  • Strong security proven by regular certifications and approvals from the BSI

  • Scalable for installations with more than 1,000 systems

Card Icon

genuscreen is approved for classification levels German VS-NfD, NATO RESTRICTED, and RESTREINT UE/EU RESTRICTED

Card Icon

genuscreen is certified according to CC EAL 4+

Card Icon

Advanced update mechanism protects against attacks with quantum computers

All benefits of genuscreen at a glance

  • Scalable up to installations with > 1,000 systems
  • Centrally administrated: time saving, simple administration of large installations
  • Strong security performance, demonstrated through regular certifications and approvals from the BSI
  • Protection against data theft through backdoor-free VPN technology "Made in Germany" 
  • Can be used in the high-security sector through approval for classification level German VS-NfD; proven dial-up solution for restricted data
  • Can be used internationally thanks to the approval for EU/NATO RESTRICTED
  • Central component for the termination of various VPN clients such as genuconnect, ECOS SecureBootStick SX, and iOS devices in Indigo setups
  • Advanced update mechanism protects against attacks with quantum computers

High-Security Solution: Approval for the German Classification Level RESTRICTED

genuscreen can be used to create virtual private networks (VPNs) for the secure transfer of data via public networks. Your data thereby traverses the Internet over encrypted connections known as VPN tunnels. This method can also be used to securely transfer sensitive data between distributed locations, with powerful encryption techniques guaranteeing confidentiality. 

The genuscreen IPsec VPN solution has the official approval of the German Federal Office for Information Security (BSI) for classification level RESTRICTED. Official public bodies, military units as well as companies that have access to classified information as suppliers can therefore use genuscreen to conveniently exchange restricted information via the Internet, with security guaranteed by the German Federal Office for Information Security. However, genuscreen is not just for companies that handle classified data: Any organization will benefit from a high-security VPN appliance approved by an independent organization. According to the new directive for classified information (Verschlusssachenanweisung), the approval includes the firewall functions in addition to the VPN.

Convenient VPN for Various Requirements

The Firewall & VPN Appliance genuscreen offers a host of practical benefits for your VPN needs: Expertly applied IPsec functions can be used to operate large networks with many users via a handful of tunnels. Fully meshed and high-performance VPNs are available with easy-to-configure settings and low maintenance and computer capacity overhead. genuscreen is also capable of SSH VPNs to easily connect different networks. Unlike other methods, the IP addresses do not need to be synchronized for secure communication between networks via SSH. genuscreen receives the data transmitted by the sender and transfers it to a remote station in the other network via SSH-VPN. Here, the data is then securely transmitted to the recipient by the second genuscreen appliance, even if the same IP addresses are used in this network as in that of the sender. You can thereby integrate customers and partners with IP addresses over which you have no control or even new corporate locations in the encrypted communication network.

Firewall Appliance at a Glance – Including Under IPv6

genuscreen takes the initiative. As a stateful packet filter, the system monitors the communication flow: If, for example, local computer A requests data from computer B in an external network, genuscreen allows the response from B pass to A. Any attempt by external computer B to establish an unsolicited network connection in computer A’s local network is rejected, however. The firewall always assesses the overall context before making a decision about the connection, thereby enabling convenient communication with high security. This, of course, also applies to your data communication under IPv6 – our solution fully implements this standard.

Quality Seal: Certification with the BSI

The Firewall & VPN Appliance genuscreen is certified by the German Federal Office for Information Security (BSI) according to the international Standard Common Criteria (CC) at the challenging level EAL 4+. 

This level requires the submission of comprehensive documentation, the source code and extensive testing and verifies that all safety functions are correctly implemented. EAL 4+ is the highest level that can be used completely on a complex system such as a firewall. Through the certification, our customers can be assured that, with genuscreen, they are using a high-quality security solution that cannot be defeated even by skilled attackers.

SIP Module for Securing IP-Based Communication

All-IP and other developments require the broad changeover to Voice-over-IP communication, for which the Session Initiation Protocol (SIP) is of key importance. Because new technologies lead to new attack vectors, IT security must ensure completely secure operation. With the additional option of the SIP module, you receive a specialized test instance that permits data communication only if the corresponding connection has been fully analyzed and determined to be secure. The SIP module can also be used on SSL/TLS connections. Session Border Controller (SBC) functionalities prevent attacks on telephones and telephone systems and allow security guidelines to be implemented. The SIP module also ensures the interoperability of systems that, e.g., use different encryption standards, and simplifies certificate management.

Top Bridging Firewall

The Firewall & VPN Appliance genuscreen plays a strong role as bridging firewall. The solution is simply inserted in the existing IT landscape and provides protection as a stealth system for, e.g., especially sensitive systems within your network, such as the servers of the development or personnel departments. These “invisible” firewalls are implemented without changing a single IP address and are certain to pose an unexpected obstacle to attackers.

Teamwork in Clusters and Centralized Administration

We offer genuscreen in a variety of hardware models to cater to wide-ranging performance requirements. Clusters handle even greater bandwidth and availability requirements:

All models can be bundled as high-performance clusters. genuscreen is administered via its own web-based GUI. If you use several of these firewall & VPN appliances or other solutions from genua, you can manage the full range of systems via the Central Management Station genucenter. You thereby have the status of all systems in view at all times, can make changes and updates and can easily transfer them to entire areas. The result is a very high security level in the entire network with very little effort.


[Translate to English:]

Post-Quantum Cryptography: genua Meets Future Security Requirements

With products from genua you can make the transition to post-quantum cryptography. Our update mechanism guarantees trustworthy product updates today and in the future: In addition to a digital signature for maximum security according to current standards, the addition of a quantum-resistant signature already provides effective protection against attacks with quantum computers.

Learn more

A Safe Investment in Accordance with the BSI Recommendation

Experts assume that in a few years, quantum computers could weaken or even break the current cryptographic methods. The security of the XMSS method developed by genua in cooperation with the Technical University of Darmstadt and the Technical University of Eindhoven is well understood today. By applying this method, we meet the recommendations for future-proof software updates according to the German Federal Office for Information Security (BSI) and the National Institute of Standards and Technology (NIST).

Training courses

Training Courses & Hacking Bootcamps

In intense training and hacking bootcamps, we share our knowledge of current IT risks and attack patterns, show effective reaction scenarios and provide instruction for the optimum use and administration of the genua solutions.

All events at a glance

Our sales team will be glad to answer your questions. We are looking forward to get in touch with you.

Contact Us