« Back to our products
Färist Firewall

“...will by design effectively block all ip-based attacks.”

Application level firewall

The Färist Firewall is a high assurance application layer firewall. The Färist Firewall enforces high-level security policies and creates fine granular audit trails by the use of high-level proxies operating above the network layer of the protocol stack, effectively blocking all IP-based attacks.

The Färist Firewall supports proxies for the most common network services and protocols such as dns, dhcp, ftp, http and ssl. It also supports vendor specific protocols such as ica (Citrix), nrpc (Lotus Notes) as well as specific Nato information exchange protocols.

The Färist Firewall also features VPN encryption using Ipsec-tunneling at both the link and the network layer.

Ease of use
The Färist Firewall is managed via a standard web browser. The Färist Firewall can be configured one by one or in groups using the Färist Firewall central administration. Software upgrades can be applied automatically and securely over the network.

High availability
The Färist Firewall supports fail-over for seamless continuous operation in the event of a hardware failure. 

High assurance
The Färist Firewall is designed, implemented, evaluated, and maintained for the highest assurance levels possible. Ever since it was first released in 1997, each version has been verified and reviewed by a national laboratories and independent auditors. In 2002, it was the first Swedish product to be certified according to Common Criteria and in 2008 it was the first product ever to be certified by the Swedish certification body for IT-security, CSEC.

Färist Firewall comes in a variety of hardware models, from small fanless desktops to specialised rugged versions designed for rough environments.

Customised solutions
The Färist Firewall has a feature rich and highly configurable development platform making it fast and cost-effective to develop specific proxies and security solutions for non-standard, specialised or proprietary protocols and applications. The Färist Firewall is an ideal solution for Scada-installations, where sensitive isolated scada networks have a need to exchange information with less trusted networks such as a corporate lan or the Internet.  

Key features
  • Application level proxy based firewall
  • Formally evaluated and certified according to Common Criteria for IT Security Evaluation (ISO/IEC15408:1999) with assurance packet EAL4+
  • Unicast proxies: dhcp, dns, ftp, http, ldap, lpr, ntp, ping, rfb, sip, smtp, snmp, syslog, tcp, udp, telnet
  • Multicast proxies: igmp, mcntp, mcast
  • Vendor specific proxies: ica (Citrix), nrpc (Lotus Notes), Cama, NFFI
  • Encrypted VPN-tunnels using Ipsec ESP in tunnelling mode
  • Encrypted tunnels can be defined at ethernet or IP level
  • Automatic key exchanges using X.509-based certificates
  • Encryption using AES-256 in CBC mode
  • Built in failover functionality for high availability configurations.
  • Automatic secure update capability over the network
  • Central administration
  • User friendly management via a standard web browser
  • Internally based on standard PC-architecture makes it highly scalable, economical and future proof
  • Made in Sweden


Certificates and approvals related to this product
Download technical specificationsPDFFaristFirewall-ProductSheet3.6.pdf