First Firewall and VPN Appliance With Certified Patch Management For Highly Secure Updates

  • genuscreen 40G VPN approved for classification level “German VS-NfD” and the classification levels "Nato Restricted" and "Restreint UE/EU Restricted"

  • FPGA-accelerated network packet processing provides guaranteed 2x 40 Gbit/s IPsec and <20 μs latency

  • Highly secure transfer through encryption using AES-256-GCM with 16-byte integrity check

Kirchheim near Munich (Germany), July 11, 2023. The German Federal Office for Information Security (BSI) has recertified the Firewall & VPN Appliance genuscreen (version 8.0p11) from German IT security specialist genua in accordance with the demanding EAL4+ trustworthiness level of the Common Criteria (CC). This means that all of the security functions for this level are proven to have been implemented correctly, thus confirming the high level of trustworthiness of the solution.

Proven, Highly Secure Update Mechanism

For the first time, the current recertification of genuscreen incorporates the ALC_PAM.1 security component for patch management. This proven, highly secure update mechanism can even protect against attacks from quantum computers. Since it has been tested for vulnerabilities, this patch management solution allows trusted software and hardware updates to be provided – even for the highest security levels. Already in June 2021, the High Resistance Firewall genugate – also available from genua – became the first CC-EAL4+ system worldwide to have patch management jointly certified.

Goetz Salzmann, Product Owner VPN Solutions at genua GmbH: "Software updates are a basic foundation of IT security because they serve to correct errors. This is the reason why the German Federal Office for Information Security (BSI) has long been recommending that patches should be installed regularly and promptly. Users obligated to operate a certified IT security product due to high security requirements are, however, faced with a dilemma. They are not able to make use of software updates to rectify errors as the certification of the product would thereby be lost. This is because the certification applies to a specific software version. With a certified patching process, we provide these users with a tool that allows them to more effectively combine both formal and practical requirements."

Level 4 Significantly Exceeds The Required Vulnerability Analysis

Alongside the ALC_PAM.1 patch component, the Evaluation Assurance Level EAL4 has been supplemented with the ALC_FLR.2 component on flaw remediation documentation, the ASE_TSS.2 component (TOE summary specification with architectural design summary) and the AVA_VAN.4 component (methodical vulnerability analysis), thus achieving level EAL4+. Level 4 of the AVA_VAN component is significantly higher than the vulnerability analysis required for EAL4.

Highly Secure Connection of up to Ten Thousand Participants Via VPN

The Firewall & VPN Appliance genuscreen allows data to be securely exchanged between different company locations via the Internet. "The required level of data protection necessary for doing this is achieved using backdoor-free VPN technology. We ensure that the technology is secure with regular approval and certification processes through the BSI," explains Mr. Salzmann. Thanks to a Stateful Packet Filter, this is also achieved for IPv4 and IPv6. With this technology, the firewall assesses the overall context before allowing a connection.

The certification number at the time of the patch release was BSI-DSZ-CC-1194-2023. This covers stand-alone operation and operation in combination with Version 8.0p5 of the Central Management Station genucenter.

With the approval for the classification levels German VS-NfD and EU/NATO RESTRICTED, users can implement the scalable genuscreen solution both nationally and internationally for high-security applications, either as a site-to-site VPN with over one thousand participants or as a remote-access-service VPN (RAS) with up to ten thousand participants.

Further Information

Image captions

  • Photo (preview): genuscreen is a highly secure Firewall and VPN Appliance certified and approved by the German Federal Office for Information Security (BSI) "Made in Germany" for companies with high protection requirements, government organizations and industries with an obligation to maintain secrecy.


© genua GmbH

About genua

genua GmbH secures sensitive IT networks in the public and enterprise sectors, for critical infrastructure organizations and in industries with an obligation to maintain secrecy with highly secure and scalable cyber security solutions. In doing so, the company focuses on the comprehensive protection of networks, communication and internal network security for IT and OT. The range of solutions spans from firewalls and gateways, VPNs, remote maintenance systems, internal network security and cloud security to remote access solutions for mobile employees and home offices.

genua GmbH is a company of the Bundesdruckerei Group. With more than 400 employees, it develops and produces IT security solutions exclusively in Germany. Since the founding of the company in 1992, regular certifications and approvals from the German Federal Office for Information Security (BSI) provide proof of the high security and quality standards of the products. Customers include, among others, Arvato Systems, BMW, the German Armed Services, THW as well as the Würth Group.

Press Contact

genua GmbH
Martina Hafner

Domagkstr. 7
85551 Kirchheim bei München
M +49 171 56 92 523