IT Central Station is now PeerSpot: Here's why

Hillstone T-Series vs Kerio Control comparison

Cancel
You must select at least 2 products to compare!
Featured Review
Buyer's Guide
Hillstone T-Series vs. Kerio Control
May 2022
Find out what your peers are saying about Hillstone T-Series vs. Kerio Control and other solutions. Updated: May 2022.
597,708 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most important feature is the intensive way you can troubleshoot Cisco Firepower Firewalls. You can go to the bit level to see why traffic is not handled in the correct way, and the majority of the time it's a networking issue and not a firewall issue. You can solve any problem without Cisco TAC help, because you can go very deeply under the hood to find out how traffic is flowing and whether it is not flowing as expected. That is something I have never seen with other brands.""The most valuable feature is the access control list (ACL).""It has a good security level. It is a next-generation firewall. It can protect from different types of attacks. We have enabled IPS and IDS.""The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy.""The implementation is pretty straightforward.""The content filtering is good.""If you compare the ASA and the FirePOWER, the best feature with FirePOWER is easy to use GUI. It has most of the same functionality in the Next-Generation FirePOWER, such as IPS, IPS policies, security intelligence, and integration and identification of all the devices or hardware you have in your network. Additionally, this solution is user-friendly.""Feature-wise, we mostly use IPS because it is a security requirement to protect against attacks from outside and inside. This is where IPS helps us out a bunch."

More Cisco Firepower NGFW Firewall Pros →

"The only firewall able to monitor traffic from a CCTV network. Can detect unauthorized devices plugged into the network, which standard firewalls can't do.""It has been stable so far."

More Hillstone T-Series Pros →

"The installation is straightforward.""The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because obviously everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.""In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, and content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.""One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly.""The ease of use in the GUI itself is the most valuable feature. The GUI is really the best part of it. We like the traffic rules so we can control who can get to what. It's easy to determine the flow of the traffic itself so we aren't having to guess through command lines and reading out basically command-driven output. It's just a very easy-to-use interface. The interface is the best part of the product.""One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.""The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.""The initial setup is a breeze."

More Kerio Control Pros →

Cons
"There is limited data storage on the appliance itself. So, you need to ship it out elsewhere in order for you to store it. The only point of consideration is around that area, basically limited storage on the machine and appliance. Consider logging it elsewhere or pushing it out to a SIEM to get better controls and manipulation over the data to generate additional metrics and visibility.""One issue with Firepower Management Center is deployment time. It takes seven to 10 minutes and that's a long time for deployment. In that amount of time, management or someone else can ask me to change something or to provide permissions, but during that time, doing so is not possible. It's a drawback with Cisco. Other vendors, like Palo Alto or Fortinet do not have this deployment time issue.""Cisco Firepower NGFW Firewall can be more secure.""I would like to see improvement when you create policies on Snort 3 IPS on Cisco Firepower. On Snort 2, it was more like a UI page where you had some multiple choices where you could tweak your config. On Snort 3, the idea is more to build some rules on the text file or JSON file, then push it. So, I would like to see a lot of improvements here.""The change-deployment time can always be improved. Even at 50 seconds, it's longer than some of its competitors. I would challenge Cisco to continue to improve in that area.""FlexConfig is there as a bridge for features that are not yet natively integrated into Firepower. It is a way of allowing you to be able to configure things that wouldn't otherwise be possible until the development team can add them into Firepower's native capability. There is still some work that needs to be done around FlexConfig. There are still quite a few complex things, like policy-based routing, that have to be done in FlexConfig, and it doesn't always work perfectly. Sometimes, there are some glitches. It is recommended that you configure FlexConfig policies with Cisco TAC. It would be good to see Cisco accelerate some of those configurations that you can only do in FlexConfig into the platform, so that they are there natively.""An area of improvement for this solution is the console visualization.""I would like it to have faster deployment times. A typical deployment could take two to three minutes. Sometimes, it depends on the situation. It is better than it was in the past, but it could always use improvement."

More Cisco Firepower NGFW Firewall Cons →

"Licensing is not cheap.""They have a very good technical support team, but I think there are some communication issues due to language differences."

More Hillstone T-Series Cons →

"I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.""The solution should offer more dashboards.""The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.""When we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly.""The reporting needs to be improved. It is hard to get a domain.""They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper.""If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces.""Kerio Control could improve by having higher availability and adding a mobile VPN channel. These additions are needed. The VPN is working fine on the Kerio Control but there needs to be a VPN client on the mobile phones, both for iOS and Android. This would be very good for us."

More Kerio Control Cons →

Pricing and Cost Advice
  • "Cisco pricing is premium. However, they gave us a 50 to 60 percent discount."
  • "There are additional implementation and validation costs."
  • "Cisco, as we all know, is expensive, but for the money you are paying, you know that you are also getting top-notch documentation as well as support if needed."
  • "This product requires licenses for advanced features including Snort, IPS, and malware detection."
  • "This product is expensive."
  • "For me, personally, as an individual, Cisco Firepower NGFW Firewall is expensive."
  • "The price of Firepower is not bad compared to other products."
  • "The solution was chosen because of its price compared to other similar solutions."
  • More Cisco Firepower NGFW Firewall Pricing and Cost Advice →

  • "We got a much cheaper price than that provided by Fortinet right now."
  • More Hillstone T-Series Pricing and Cost Advice →

  • "It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product."
  • "GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?"
  • "The fixed model of users and devices is a bit of a problem for us. We want to be able to expand it fast and not have to contact our supplier first to get a license... If they had a larger fixed price with unlimited users or devices, that would help. Now, it's five users each time. A pack of 100 or 200 users for a certain price would make it more dynamic and user-scalable."
  • "The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue."
  • "It gives us a lot. It does prove to be a very robust product for the cost."
  • "I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that."
  • "On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware."
  • "It gets expensive pretty quickly if you need to purchase license packs."
  • More Kerio Control Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Firewalls solutions are best for your needs.
    597,708 professionals have used our research since 2012.
    Questions from the Community
    Top Answer: 
    When you compare these firewalls you can identify them with different features, advantages, practices and… more »
    Top Answer: 
    The Cisco Firepower NGFW Firewall is a very powerful and very complex piece of anti-viral software. When one considers… more »
    Top Answer: 
    It is easy to integrate Cisco ASA with other Cisco products and also other NAC solutions. When you understand the Cisco… more »
    Top Answer: 
    The only firewall able to monitor traffic from a CCTV network. Can detect unauthorized devices plugged into the… more »
    Top Answer: 
    Licensing is not cheap, but there are customers who will buy because they understand that this has a cost involved and… more »
    Top Answer: 
    Whatever improvements I wanted, they put on the A-Series. The new A-Series recently launched a few months ago. It has… more »
    Top Answer: 
    The firewall and the content filtering options are valuable.
    Top Answer: 
    Its licensing is yearly. You renew every year. Its price is all-inclusive.
    Top Answer: 
    There isn't a lot to be improved. It works well as it is, but they can maybe improve the reporting side.
    Comparisons
    Also Known As
    Cisco Firepower NGFW, Cisco Firepower Next-Generation Firewall, FirePOWER, Cisco NGFWv
    Hillstone T-Series Intelligent Next-Generation Firewalls, Hillstone iNGFW
    Learn More
    Overview

    Cisco Firepower Next-Generation Firewall (NGFW) is a firewall that provides capabilities beyond those of a standard firewall and delivers comprehensive, unified policy management of firewall functions, application control, threat prevention, and advanced malware protection from the network to the endpoint.

    Cisco NGFW Firewalls include advanced threat defense capabilities to meet diverse needs, from small offices to high-performance data centers and service providers, and are deployed in leading private and public clouds. Available in a wide range of models, Cisco NGFW can be deployed as a physical or virtual appliance. Cisco NGFW firewalls are also available with clustering for increased performance, high availability configurations, and more.

    Key Features of Cisco NGFW Firewalls

    • Breach prevention and advanced security: Prevent attacks before they get inside. Cisco provides its firewalls with the latest intelligence to stop emerging threats and employs filtering to enforce policies on hundreds of millions of URLs. Cisco NGFW offers built-in sandboxing and advanced malware protection that continuously analyzes file behavior to quickly detect and eliminate threats.

    • Comprehensive network visibility: Constantly monitor your network so you can rapidly spot and stop bad behavior. Cisco NGFW provides a holistic view of all activity and provides a clear picture of threat activity across users, hosts, networks, and devices, as well as information on threats and website, application, and VM activities.

    • Flexible management and deployment options: Centrally deploy, customize, and manage all your appliances.

    • Fast detection: Detect threats in seconds and detect the presence of a successful breach within hours or minutes. Cisco NGFW allows you to deploy consistent policy that's easy to maintain, with automatic enforcement across all the different parts of your organization.

    • Automation and product integrations: Seamlessly integrate with Cisco tools and automatically share threat information, event data, policy, and contextual information with email, web, endpoint, and network security tools. Cisco NGFW automates security tasks like impact assessment, policy management and tuning, and user identification.

    Reviews from Real Users

    Cisco NGFW stands out among its competitors for a number of reasons. Two major ones are its extensive discovery abilities that enable you to constantly see what is happening on your network and take action when necessary, and the high level of protection it provides.

    Mike B., a director of IT security at a wellness & fitness company, writes, "It is one of the fastest solutions, if not the fastest, in the security technology space. This gives us peace of mind knowing that as soon as a new attack comes online that we will be protected in short order. From that perspective, no one really comes close now to Firepower, which is hugely valuable to us from an upcoming new attack prevention perspective."

    Zhulien K., the lead network security engineer at TechnoCore LTD, notes, " The most valuable feature that Cisco Firepower NGFW provides for us is the Intrusion policy. Again, with that being said, I cannot shy away from giving kudos to all of the other features such as AVC (Application Visibility and Control), SSL Decryption, Identity policy, Correlation policy, REST API, and more. All of the features that are incorporated in the Cisco Firepower NGFW are awesome and easy to configure if you know what you are doing. Things almost always work, unless you hit a bug, which is fixed with a simple software update. "

    Hillstone’s T-Series intelligent Next-Generation Firewall (iNGFW) uses three key technologies to detect advanced attacks and provide continuous threat defense for today’s networks. First, it uses statistical clustering to detect unknown malware, leveraging the patented Hillstone Advanced Threat Detection engine (ATD). Second, it uses behavioral analytics to detect anomalous network behavior, which is based on the Hillstone Abnormal Behavior Detection engine (ABD). Finally, it leverages the Hillstone threat correlation analysis engine to correlate threat events detected by disparate engines – including ATD, ABD, Sandbox and other traditional signature-based threat detection technologies – along with context information to identify advanced threats.

    Kerio Control is a popular security product for small and medium-sized businesses. It is a next-generation firewall that provides unified threat management without complexity. Kerio Control provides advanced anti-virus protection and industry-leading web and content application filtering, and has a secure VPN.

    With Kerio Control you can:

    • Preserve the integrity of your network.
    • Manage bandwidth to streamline traffic flows.
    • Improve productivity with filtering capabilities.

    Kerio Control Features

    Some of Kerio Control’s most valuable features include:

    High availability, deployment flexibility, deep packet inspection, advanced routing, usage reporting, quick administering, intrusion detection and prevention (IPS), gateway anti-virus, VPN, web and content application filtering, and centralized administration with MyKerio.

    Kerio Control Benefits

    • Eliminate downtime risks: Because Kerio Control offers high availability and failover protection, you can eliminate the risk and cost of connectivity or threat protection downtime.

    • Detailed reports: Kerio Control makes it easy to view individual users’ internet activity through detailed reports.

    • Traffic monitoring: Traffic monitoring allows you to manage bandwidth and makes it possible for you to control access to streaming video and peer-to-peer networks.

    • Server protection: Using Kerio Control’s advanced networking routing and deep packet inspection, you can protect servers.

    • Easily create policies: With Kerio Control, you can create both inbound and outbound traffic policies, and can also restrict communication by specific URLs, applications, traffic type, content category, or even time of day.

    • Snort-based analysis: Kerio Control gives you the ability to add a transparent layer of intrusion prevention with snort-based analysis along with a database of rule and blacklisted IP addresses that is regularly refreshed.

    • Optionally integrated anti-virus: WIth this feature, you can prevent viruses, Trojans, or spyware from entering your networks.

    Reviews from Real Users

    Here is some feedback from some of our users who are currently using the solution:

    PeerSpot user Brian C., Senior Technology Specialist, VP at Unified Technology Solutions, writes "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work on what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."

    Andy D., IT Manager at Flare Technologies, praises how easy it is to use and says, "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."



    Offer
    Learn more about Cisco Firepower NGFW Firewall
    Learn more about Hillstone T-Series
    Learn more about Kerio Control
    Sample Customers
    Rackspace, The French Laundry, Downer Group, Lewisville School District, Shawnee Mission School District, Lower Austria Firefighters Administration, Oxford Hospital, SugarCreek, Westfield
    University of Córdoba
    Triton Technical, McDonald's
    Top Industries
    REVIEWERS
    Comms Service Provider21%
    Financial Services Firm17%
    Government10%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Comms Service Provider34%
    Computer Software Company20%
    Government6%
    Manufacturing Company4%
    VISITORS READING REVIEWS
    Comms Service Provider38%
    Computer Software Company21%
    Energy/Utilities Company6%
    Healthcare Company6%
    REVIEWERS
    Computer Software Company21%
    Financial Services Firm11%
    Comms Service Provider11%
    Transportation Company11%
    VISITORS READING REVIEWS
    Comms Service Provider44%
    Computer Software Company19%
    Government4%
    Educational Organization4%
    Company Size
    REVIEWERS
    Small Business42%
    Midsize Enterprise27%
    Large Enterprise30%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise12%
    Large Enterprise64%
    No Data Available
    REVIEWERS
    Small Business85%
    Midsize Enterprise13%
    Large Enterprise3%
    VISITORS READING REVIEWS
    Small Business47%
    Midsize Enterprise17%
    Large Enterprise36%
    Buyer's Guide
    Hillstone T-Series vs. Kerio Control
    May 2022
    Find out what your peers are saying about Hillstone T-Series vs. Kerio Control and other solutions. Updated: May 2022.
    597,708 professionals have used our research since 2012.

    Hillstone T-Series is ranked 32nd in Firewalls with 2 reviews while Kerio Control is ranked 9th in Firewalls with 33 reviews. Hillstone T-Series is rated 7.0, while Kerio Control is rated 8.0. The top reviewer of Hillstone T-Series writes "Customizable reports with advanced threat protection". On the other hand, the top reviewer of Kerio Control writes "Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight". Hillstone T-Series is most compared with Fortinet FortiGate, Hillstone E-Series, Cisco ASA Firewall and Sangfor NGAF, whereas Kerio Control is most compared with pfSense, Fortinet FortiGate, Sophos XG, Sophos UTM and OPNsense. See our Hillstone T-Series vs. Kerio Control report.

    See our list of best Firewalls vendors.

    We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.