“Secure communications over untrusted IP-networks.”
Certified and approved VPN-crypto
Färist VPN provides secure communication over untrusted IP-networks making it possible to interconnect private networks over untrusted public networks using encrypted tunnels.
The Färist VPN is a high assurance system that has been evaluated and certified according to Common Criteria for IT Security Evaluation (ISO/IEC15408:1999) with assurance package EAL4+. It is approved to protect Hemlig / Restricted, RESTREINT UE and Nato Restricted information in Swedish systems (specific version).
The Färist VPN-system is based on IPSEC standards and supports digital certificates for automatic key exchange. There is also support for encapsulating the ESP-packets in UDP for NAT-traversal.
Tunnels can be either at OSI-level 3 (IP-router) or at OSI-level 2 (Ethernet bridge).
Traffic in the tunnels can be unicast or multicast and can be restricted using IP-filters. A specific version of Färist VPN also supports filtering traffic through proxies for various protocols.
The system can be administered via a standard web browser with no need for a special management station, providing detailed logging and traffic statistics. A centralised management system is also available providing effective management of large groups of Färists.
Management can be done over a specific management interface or tunnel without access to the encrypted traffic.
Färist VPN appliances come in a variety of sizes, from small mobile units to a high performance 19” datacenter system.
Performance depends on hardware and will increase over time as faster hardware becomes available.
Approved by EU
The EU has approved Färist VPN for protecting EU classified information at the level RESTRICTED.
Withing the EU administration the approved version of Färist VPN is called SIGRID and also PGAI 9401.
- Provides secure communication over untrusted public networks.
- Formally evaluated and certified according to Common Criteria for IT Security Evaluation (ISO/IEC15408:1999) with assurance packet EAL4+.
- Approved for the Restricted level.
- Can create tunnels at OSI-level 3 (IP) or OSI-level 2 (Ethernet).
- Unicast and multicast traffic are supported.
- Automatic key exchange using RSA-certificates.
- Encryption using AES256 (256-bits).
- Built in failover functionality for high availability configurations.
- Automatic secure update capability over the network.
- User friendly management using a standard web browser.
- Internally based on a standard PC-architecture makes it highly scalable, economical, and future proof.
- Made in Sweden