IT Central Station is now PeerSpot: Here's why

Kerio Control OverviewUNIXBusinessApplication

Kerio Control is #2 ranked solution in top Intrusion Detection and Prevention Software and #9 ranked solution in best firewalls. PeerSpot users give Kerio Control an average rating of 7.6 out of 10. Kerio Control is most commonly compared to pfSense: Kerio Control vs pfSense. Kerio Control is popular among the large enterprise segment, accounting for 47% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 40% of all views.
Kerio Control Buyer's Guide

Download the Kerio Control Buyer's Guide including reviews and more. Updated: August 2022

What is Kerio Control?

Kerio Control is a popular security product for small and medium-sized businesses. It is a next-generation firewall that provides unified threat management without complexity. Kerio Control provides advanced anti-virus protection and industry-leading web and content application filtering, and has a secure VPN.

With Kerio Control you can:

  • Preserve the integrity of your network.
  • Manage bandwidth to streamline traffic flows.
  • Improve productivity with filtering capabilities.

Kerio Control Features

Some of Kerio Control’s most valuable features include:

High availability, deployment flexibility, deep packet inspection, advanced routing, usage reporting, quick administering, intrusion detection and prevention (IPS), gateway anti-virus, VPN, web and content application filtering, and centralized administration with MyKerio.

Kerio Control Benefits

  • Eliminate downtime risks: Because Kerio Control offers high availability and failover protection, you can eliminate the risk and cost of connectivity or threat protection downtime.

  • Detailed reports: Kerio Control makes it easy to view individual users’ internet activity through detailed reports.

  • Traffic monitoring: Traffic monitoring allows you to manage bandwidth and makes it possible for you to control access to streaming video and peer-to-peer networks.

  • Server protection: Using Kerio Control’s advanced networking routing and deep packet inspection, you can protect servers.

  • Easily create policies: With Kerio Control, you can create both inbound and outbound traffic policies, and can also restrict communication by specific URLs, applications, traffic type, content category, or even time of day.

  • Snort-based analysis: Kerio Control gives you the ability to add a transparent layer of intrusion prevention with snort-based analysis along with a database of rule and blacklisted IP addresses that is regularly refreshed.

  • Optionally integrated anti-virus: WIth this feature, you can prevent viruses, Trojans, or spyware from entering your networks.

Reviews from Real Users

Here is some feedback from some of our users who are currently using the solution:

PeerSpot user Brian C., Senior Technology Specialist, VP at Unified Technology Solutions, writes "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work on what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."

Andy D., IT Manager at Flare Technologies, praises how easy it is to use and says, "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."



Kerio Control Customers

Triton Technical, McDonald's

Kerio Control Video

Kerio Control Pricing Advice

What users are saying about Kerio Control pricing:
  • "It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it."
  • "The biggest advice that I could probably give people is when you buy the solution be prepared to either buy the unlimited license or buy more licenses than you think. Each user license gives you one employee and each a user gives you five devices. In the world nowadays where everybody has a cellphone, tablet, desktop, and laptop, that's four devices. You still get one more device per person. That covers your servers and back-ends."
  • "It's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this."
  • "It's too expensive. The license, in the last year or so, has gone up by over a £100. We're almost being out-priced by the annual license at the minute."
  • "Our clients see ROI with Kerio Control, as they are saving bandwidth costs."
  • "Licensing is easier with Kerio Control. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on."
  • "Its price is fair. There are no additional costs."
  • "Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products."
  • Kerio Control Reviews

    Filter by:
    Filter Reviews
    Industry
    Loading...
    Filter Unavailable
    Company Size
    Loading...
    Filter Unavailable
    Job Level
    Loading...
    Filter Unavailable
    Rating
    Loading...
    Filter Unavailable
    Considered
    Loading...
    Filter Unavailable
    Order by:
    Loading...
    • Date
    • Highest Rating
    • Lowest Rating
    • Review Length
    Search:
    Showingreviews based on the current filters. Reset all filters
    BrianCook - PeerSpot reviewer
    Information Security Officer - VP at Unified Technology Solutions
    Reseller
    Top 5Leaderboard
    Through the ease of how quickly we could roll out the VPN to everybody, we had whole companies remotely working overnight
    Pros and Cons
    • "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."
    • "I would like to see a little improvement in their technical support when you have a problem. I may be a little jaded because I came from Kerio when we could call and get a person on the phone who worked on the product. Every tech had their own demo setup. They had instant messaging capability with the developers. If we found a problem, then we could get a result for it quickly. Now, the product seems to be 24 hours. They have also gone to the model that if you need quicker support, then they now charge you additional for the exact same level of support that they used to give. I am assuming it's the exact same level of support that they say it is. I'm not paying extra for it. That's the biggest flaw with the product."

    What is our primary use case?

    We use it ourselves and deploy it to our customers, which are small and medium-sized businesses. Our use cases are for both ourselves and our clients, mainly as a frontline protection for their internal networks to filter viruses and threats as well as for web filtering to ensure employees and guest networks don't access material that wouldn't be appropriate to be viewed. It's also used for remote access VPNs so remote users can access internal servers and resources, as well as site-to-site VPNs for multi-site offices to access resources located either at the main HQ headquarters or at an alternate site.

    How has it helped my organization?

    It does antivirus, malware, and ransomware. We feel the coverage is complete across the entire spectrum of malware, viruses, and most ransomware. It also covers some types of adware, which is an unwanted program that's not necessarily bad, but there's no reason to have it.

    We have a lot of other companies that were multi-site companies which had servers at different sites not talking to each other. They had remote workers or maybe they were using open RDP as their access to their internal network. These customers were getting ransomware infections and constantly just getting frustrated not being able to share resources between sites and this gives them the capability. I have a lot of customers, especially in the non-profit market, where we've had a lot of success deploying the solution. 

    A lot of the non-profits also have open WiFi and the filtering tools have been great for making sure that the WiFi bandwidth isn't drained by somebody sitting there and just surfing videos. We can control the open WiFi and we can control public computers to make sure that they stay just on the sites that we want them to stay on, e.g., employment sites, training, etc. So, it's been really helpful for the non-profits.

    If a tech has a basic understanding of firewalls, NATing, and security, it is amazing how quick we can teach them how to use the product to its full capabilities. We can take a half day to a day and a brand new tech who's never seen the product can pretty much understand it enough to set it up, work with a customer, and make changes that a customer requests. There's nothing better than a customer calling and saying, "We need to add this site," and instead of saying, "Well, let me open a ticket and get an engineer to look at the thing," we go, "One second," and, through the MyKerio portal, find their firewall, remote into it, make the change, and say, "Okay, test it now. Works? Perfect." Hang up the phone and we are done.

    With COVID-19 and everything that has happened, customers would call us up and say, "We're shutting down. Friday's our last day. Everybody is going to work from home." In 24 hours, we could have them all working remotely. The amount of time and simplicity of getting users set up with the VPN allowed us to get massive numbers of users working remotely at businesses that had never even considered remote work as a possibility. Or, maybe the owner had a little bit of remote capability, but that was it. Just through the ease of and the free VPN client it was amazing how quickly we could roll out VPN to everybody, we had whole companies remotely working overnight.

    What is most valuable?

    The most valuable feature for us is the ease of use. We don't have to go crazy trying to figure out how to do something. It allows you to make changes, set things up, turn on things for a customer without having to go through 37 different menus, read the manual, and try to remember it. It's pretty straightforward. That's what attracted it to us in the beginning. While we can work with complicated systems, most of our customers don't need them, then we end up just spending more time setting up the solution than we really need to. It's more productive, the customer saves money and at the same time and we make more money off of it. I can set up a whole firewall solution in 30 minutes and that's valuable to me.

    We have been very happy with the security features. We find that the keyword filtering is great. Also, the antivirus filtering is excellent. One thing we always tell our customers is that we have never had a client using Kerio Control and the antivirus tools that we suggest who has been infected with any type of ransomware. We have customers who have had ransomware, but they were all ones who chose not to go with Kerio Control. That's always just been a very simple, easy, and powerful fact that we can explain to people, "We've never had a customer who has used this firewall along with our recommended antivirus and had a ransomware infection."

    It is very comprehensive. It has all the active protections. It's updated regularly. We love that you can set how often threat definitions updated so you can work what is right for the site. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios.

    We've been very happy with the solution’s firewall and intrusion detection features. The company has been pretty good when it comes to maintaining it and closing out security holes. For example, when there was a security bug found in the encryption in the VPN, they were very quick about reacting to that and coming out with a new VPN client encryption. At the same time, they made sure that for those cases where maybe you couldn't upgrade right away, there was a bit of overlap of backward capability so you weren't like, "Oh geez. I have to do everybody at once."

    We love the VPN feature. That is one of our favorite things. The free client that they have makes it so easy to attach computers to the company network and we can usually set somebody up in like five minutes or so. It's real simple for the users because of the way that it presents the information you don't have all types of weird keys and stuff that users have to remember or write down, which is great because a key lost on a piece of paper is just as bad as a key found by a hacker. So, the computer memorizes it all, stores it, and makes it real simple with a push button to either connect, disconnect, or keep the connection persistent, which we love because then for a company-owned computer it stays connected from the moment the user logs in to logs out. Then, we can actually sync the user's VPN credentials to their Active Directory account and that is really helpful, because if a user leaves, disabling their Active Directory credential also disables their VPN credentials automatically and now when an employee is no longer with the company we don't have to worry about going to a separate system and shutting that VPN down until we can get our hands physically back on the laptop. We don't have security risks hanging out there.

    MyKerio is a really neat tool where there's one central website that I can go and see every Kerio firewall that we manage. I don't have to go find specific logins for every firewall because I log into the MyKerio site with my master credentials, and it has two-factor authentication to make sure it's secure. Once I'm in, I can choose any of the Kerio firewalls that we manage: Kerio firewalls, Kerio Operator Phone Systems, or their Kerio Connect mail product. I can find any of them and quickly attach to it, then help the customer. It makes it real nice instead of having to chase down a list of IP addresses and passwords. As a managed service provider, it's nice because if a tech leaves, then I can cut them out of all our customers by simply closing their MyKerio account since they never actually had a direct login to the firewall itself.

    What needs improvement?

    The one feature that seemed to be missing for a while that they finally just readded was the ability to filter by known IP lists, either specific countries, or lists of IPs know to be hackers. That was in the product awhile ago, but just wasn't maintained for a while, but they recently did start to maintain it again it.

    The MyKerio online portal could probably use a little touch up and tweaks, sometimes the backups just fail or you have to log off and back in with a new browser to connect to a device. The site is glitchy every now and then.

    The guest network that they had behind a splash screen is the one spot that we're not thrilled with. We believe the guest network could have a more reliable and better customization on the splash screen, and sometimes we have issues with users getting to the splash screen at all. Our solution is just buy unlimited licenses to get around that. Then instead of using the guest WiFi, we create a whole separate VLAN with no splash page or use a splash page through the access points if we need a splash page. Its also not customizable at all so you can't put logos or names on it, make them accept a usage agreement, etc.

    Buyer's Guide
    Kerio Control
    August 2022
    Learn what your peers think about Kerio Control. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,949 professionals have used our research since 2012.

    For how long have I used the solution?

    It was long before GFI even owned them. It has to be almost 10 years.

    What do I think about the stability of the solution?

    We have not had any problems with the stability at all. It's pretty solid once we get them running. Besides reboots for updates, we usually never have to do anything with them. The only ones that I can ever remember failing are caused by physical hardware failures. A lot of times either there is a lightning strike, electrical surge, or something like that. Once or twice, we've had a fail where we can't tell exactly why it failed, but it's always been the hardware that's failed, not the firewall software. I do remember one very old box that had gone through multiple iterations and had copied backups from hardware to hardware to hardware for almost a decade, which started acting a little funny. It stayed up, but we would see weird logs that didn't make sense. For that one, we finally did a backup, wiped it, restored the backup, and all the problems went away. That's the only time where the software was the cause and it was nothing that actually affected end users.

    What do I think about the scalability of the solution?

    I have it in customers that have four users. The largest site that we've had (with a single box) is probably 150 users, including guests, and it scaled right up and I'm sure I could have pushed it much farther. Again the nice part about the product is they have a software-only version where you could put it on your own hardware, where you can slap it in a Xeon server if you really needed to, and I'd have no fears that the product could actually filter a whole school campus.

    In our company, it's mainly our techs who work with this solution. The roles are usually customer-facing techs and support techs. We call them technology specialists, but it would be equal to a tech support type person. Everybody in the company dealing with customers knows how to manage the product because it's so simple. There's no reason to have a firewall engineer. We have a senior person for a really complex setup, but every tech can work on the product and set it up for the average company. Every tech can make changes that the customer requests right then and there when they call.

    How are customer service and support?

    I would like to see a little improvement in their technical support when you have a problem.  I may be a little jaded because I came from Kerio when we could call and get a person on the phone who actually worked on the product and every tech had their own demo setup for testing. They also had instant messaging capability with the developers. If we found a problem, then we could get a result for it quickly. Now, the product seems to be 24 hours response no matter what the issue. They have also gone to the model that if you need quicker support, then they now charge you additional for the exact same level of support that they used to give for free. I am assuming it's the exact same level of support that they say it is. I'm not paying extra for it. That's the biggest flaw with the product.

    How would you rate customer service and support?

    Positive

    Which solution did I use previously and why did I switch?

    We have a mix. A lot of our customers are just building or starting to manage thier network, so this is their first new product that didn't come from an office store. We also have some that were replacing an existing product either because the product got old and it was time to replace it, or sometimes because we've seen issues with other products we know this will fix. For one product in particular, we will see point-to-point VPN instability sometimes that customers have been dealing with years. We'll say, "Hey, let us put this in. Chances are it's going to clear up." Usually, it does. One customer had a point-to-point VPN with a that product that would go down almost every day. Now, the point-to-points have been up for about five months straight. This shows how reliable the solution is. 

    For other customers, sometimes we'll replace another product because they got oversold. They'll have some very large product that's really expensive, and we're like, "Hey, that's cool. It does a ton of neat things you don't even need. But this product will do pretty much all the same things, especially all the things you currently use as well as give you some capability to grow into." A lot of customers didn't realize they need VPNs until all of a sudden they grow. There is nothing worse than telling a customer, "Remember when you saved a couple hundred bucks a year ago. Well, that's all gone now because the product you chose doesn't support this." That's what we like about this solution. It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it.

    How was the initial setup?

    The initial setup is super straightforward. We can get a basic firewall running in under an hour. That is from opening the box  to getting it working. We tend to take it out of the box and do a little bit of preconfiguring for half an hour, maybe 45 minutes if it's a really complex multi-VLAN setup. Once you have it ready and bring it out to the customer site, then you plug it in and do a couple of final steps. We can get a sealed box to set up in under an hour.

    We do have some basic guidelines that we try and use across all of our customers (minimum requirements), but because we deal with a wide range of customers, where some of our customers have four employees and others have 400, there will be minor changes. Everybody usually has a regular network, then a VLAN for guests, but sometimes our larger companies have VLANs for labs and other sections of the business: for example maybe development and admins get more rights. We always make sure the antiviruses, the IPS, filtering are running with a basic number of rules.

    Don't over think the implementation. The biggest thing that you can do is start overthinking when you're setting it up, and be like, "Well, what do I have to do next?" You're probably already done. It's real simple. Anybody could take the manual home if they've never seen it before. They have a complete 30-day demo that you can download. Even if you aren't hooked into the Internet, you can log into the web GUI and look through it. It's great because it gives you an opportunity to do that and play with the product. If you're a technical person, you could take the manual home for the night, then the next day set one of these things up.

    What about the implementation team?

    We always deploy it by ourselves, I think anyone with some IT experience could do it. I mean its not for Grandma but if you understand routing you can do it.

    We're rolling out a four location non-profit right now that pretty much had zero network infrastructure. We're bringing our third site on out of four next week. Getting the firewall up is the easy part. It's been more of tying in their computers to the rest of the network and stuff, but eventually we're going to replace this hodgepodge of laptops and emailing files with central shares backed up and secured with the proper permissions all through the VPN.

    What was our ROI?

    Once customers get into doing site-to-site, employee remote VPNs, they start seeing savings in travel time and time costs. When everybody talks about savings, a lot of people forget to think about, "If my employees have to individually mail a bunch of files to somebody else, spend time trying to access files, or getting somebody in the office to send the files, that's a lot of time spent," this is where giving VPN capabilities both site-to-site and for end users who usually can't afford them is a giant cost savings, being able to seamlessly work remotely, include roaming employees who are able to go site-to-site and access the same resources at any location.

    What's my experience with pricing, setup cost, and licensing?

    It's generally inexpensive compared to a lot of other products out there.

    We don't use the solution’s high-availability/failover protection. For our market, it just hasn't been something that's been worth it for the cost. Because the software can run on both the Kerio hardware as well as regular off the shelf computer hardware, we've actually just maintained a standard computer with some extra NICs in it or a microcomputer as a backup. So, if a box goes out, we just run out there, pull the backup file off the web (since it is backed up through the MyKerio portal), and push it to the box, then we can have them back up in an hour or two. We can then worry about a permanent replacement once the client is back up. 

    The biggest advice that I could probably give people is when you buy the solution be prepared to buy a few extra licenses if you want a guest network but you don't need to go crazy. Each user license gives you one employee and five devices. In the world nowadays where everybody has a cellphone, tablet, desktop, and laptop, that's still four devices and you still get one more device per person to cover the company printers, servers, etc.

    Which other solutions did I evaluate?

    We do evaluate other products both before we choose Kerio Control and on a regular bases. We do have one or two smaller firewall product that we use for the true entry-level businesses who don't need any capabilities, and we are constantly seeing products as we get new customers and what products they are using currently. We don't like to rip them out right away until we understand the network and its issues, we have to get familiar with a customer before we can make a recommendation.

    Vendors are always coming out with new things and there are always new features. True cloud management seems to be the big buzz right now, so we've been looking at those type of products. However, so far we keep going back to Kerio Control.

    A lot of times I can do things in one screen of Kerio Control that would take two to three screens. I was just making a firewall rule with NAT forwarding on a different product for a customer a couple of days ago and that took four different screens and four different menus. One of the nice things about Kerio is how it does firewall rules and port forwarding.You do it all-in-one screen called "rules" where It creates the forwarding, the NAT, and the port holes.  

    With some products I'd have to go into a window to create a firewall rule of VLAN 1 to VLAN 2, then I have to create a firewall rule of VLAN 2 to VLAN 3. Finally, I have to create a firewall rule of VLAN 1 to VLAN 3. That's three separate firewall rules that I have to build. If I want to block one port, then that's three separate firewall rules I have to edit. On Kerio Control, the way it's setup, I can make one rule that encompasses all three of those rules by having my source have multiple sources, multiple destinations, and multiple ports. For example, a security camera system needs three ports forwarded to it. I might have to create three rules and 3 NAT translations, one for each of those ports. Some of them I can group, but others you can't. With Kerio firewall, I can list all those ports in one spot. Therefore, I can create a rule that allows the WAN and VPN 2 to access a camera system on VPN 3 on these two ports and point it all to the Camera System using only one rule.

    It is not the most powerful firewall out there, I understand that, but it's a great balancing act between the capabilities. It's as capable as many of my other firewalls, but at the same time, it's not as complicated. You don't need to take a three-month course like you do with some of the other products in order to be able to use it properly. It's all GUI-based, unlike some products. Sure a lot of products have a GUI where you get just so much done, then at a certain point, you have to jump into command line. There is no command line option in Kerio Control because its not needed, there isn't a point where I have to pull out a manual and find obscure commands to type in to get the product to do something I want it to do.

    What other advice do I have?

    It's definitely well suited for and marketed for SMBs but could some enterprises use it? I believe that they could. I believe that there are some spots in the enterprise market that should be looking at this product. I think that some companies would be pleasantly surprised if they considered it for enterprise market use. 

    It's inexpensive and secure enough that you could have multiple instances running across a campus, if you needed to do routing. It supports a ton of VLANs, especially if you put it on your own hardware. You can easily have this thing run thousands of users just by scaling up the hardware because it has the ability to run on standard PC or Server hardware so you can pop it right into a computer and boot it up. This is great because you can choose any amount of hardware that you want to put it on to get it to scale to what you need, and you can upgrade it as needed. It's also great when you do have virtual environments.

    The company has always been pretty good to work with, which is important. Obviously, GFI's a much bigger company than the original vendor, so some things have changed, but they're a friendly company and want to work with you. They have a nice NFR program. We always like products that have NFR programs, not because we're always looking for free stuff, but because it's nice to be able to use the same equipment inside that we sell to customers, even if it doesn't make sense for us financially (though Kerio Control makes sense for us). Just having that capability to say, "Hey, we use this product ourselves." It's a question that customers ask IT companies a lot, "What do you use?" So, if I can say, "I use Kerio Control." That goes a long way to making the customer understand I really like this product. I trust my business to it. You can trust me when I say, "You can trust your business to it."

    I would rate the product as a nine out of 10. I've never heard a customer that went on it be upset. I have never had a customer tell me, "I want to get rid of this thing."

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
    Flag as inappropriate
    PeerSpot user
    Arie De Kruijf - PeerSpot reviewer
    EMP Specialist at Global EPM BV
    Real User
    Top 10
    Can be used with our customers' certificates; they can see their connections are properly secured
    Pros and Cons
    • "The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us."
    • "The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser."

    What is our primary use case?

    We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

    We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

    How has it helped my organization?

    Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

    The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

    What is most valuable?

    The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

    Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

    The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

    What needs improvement?

    The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

    The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

    Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

    Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

    What do I think about the stability of the solution?

    The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

    When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

    The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

    What do I think about the scalability of the solution?

    As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

    Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

    How are customer service and technical support?

    GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

    But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

    But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

    We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

    How was the initial setup?

    For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

    On average, deployment of Kerio Control takes us maybe 30 minutes.

    The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

    What's my experience with pricing, setup cost, and licensing?

    Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

    But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

    The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

    By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

    With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

    As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

    Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

    Which other solutions did I evaluate?

    We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

    I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

    What other advice do I have?

    Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

    Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

    The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

    We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

    The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Buyer's Guide
    Kerio Control
    August 2022
    Learn what your peers think about Kerio Control. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
    622,949 professionals have used our research since 2012.
    Chris Bristow - PeerSpot reviewer
    Account Manager (Technical) at Redfortress Ltd
    Real User
    Top 10
    Provides good content filtering and failover, but licensing is becoming too expensive
    Pros and Cons
    • "The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."

      What is our primary use case?

      We use the Kerio Control as the firewall, and we manage all the load balancing for it, as well as DHCP, bandwidth control, failover, and basic reports.

      How has it helped my organization?

      It has saved time for the members of our team who manage security, because everything can be done from the Kerio. If a problem arises or something needs changing, we can just put it into the same rule that we already have or make a new rule, a duplicated rule, which is quite easy  to do.

      What is most valuable?

      The most valuable features are the 

      • firewall
      • load balancing 
      • bandwidth control
      • routing.

      We need these functions. We need to do what we do and then the Kerio is quite intuitive in terms of getting everything set up and managing it after. It has quite a nice UI which is fairly straightforward.

      The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.

      In addition, content filtering is good. We use that a lot. In terms of the content filtering we use all the basic ones that it already comes with, like phishing sites and peer-to-peer. We only use the VPN a little bit, for admin purposes, to go in and administer the other equipment onsite, like the switches.

      The comprehensiveness of the security features Kerio Control provides seems good. And it seems to just work. I don't really get down into the detail of it too much, but I'm happy with what it picks up. We haven't really had any problems.

      It is easy to use. We've never really used the wizards that are provided. We had a guy come in and set it all up for us in the first instance and then we built upon it by just using what he already did as a template, to do other things. But it's pretty straightforward.

      We also use the failover. We have two internet lines going into it, and it works. We have a loss of connection at the minute because of a problem with BT, our ISP, so it has gone over to another line. It keeps our security going, which is good.

      For how long have I used the solution?

      We have been implementing solutions with Kerio Control for our clients since about 2016.

      What do I think about the stability of the solution?

      The stability is very good. I don't think it's ever failed. 

      We had one time where there was an update, a couple of years ago, and it changed a setting for the failover and load balancing. As a result, we almost needed to roll back to a different version. We ended up finding the right setting. But that was the only thing that's happened really. Apart from that, they update fine.

      What do I think about the scalability of the solution?

      For the sorts of things we do, we'd only ever really need one Kerio in any one location. Scalability is beyond the Kerio, for what we do.

      We have about 150 users of the solution.

      We don't have plans to increase usage. It's been the same for about four years now and I think it will stay the same for at least another one or two. In the place where it's installed it's being used very extensively. It's the endpoint for the whole network so everything in the company ends up going through it.

      How are customer service and technical support?

      I've never used their technical support.

      Which solution did I use previously and why did I switch?

      We did not have a previous solution.

      How was the initial setup?

      We hired a guy to do the initial set up for us. I think he was a Kerio reseller and we used him for consultancy before it started and then he actually did the work on the Kerio as well, and the network in general.

      Our experience with him was excellent. We've used him a couple of times since. He's brilliant. His knowledge of everything is incredible. We tried to do it all ourselves at first, but he came in and knew exactly what the problems were. Something that had taken us about four days, he did in five minutes. He's just incredibly knowledgeable about everything to do with networks: Cisco, Kerio, everything.

      I've set up another one since, for the same company. I just copied the configuration file of the one and put it straight onto the other. They're in separate buildings, but they wanted them exactly the same so it was really easy.

      That deployment took an hour, but it was because we already had one set up.

      As for deployment and maintenance of these solutions we generally need just one person: me.

      What was our ROI?

      The return on investment is the fact that the network keeps going. In that respect the ROI is good. But the licensing fee seems to be getting too expensive. I wouldn't say it's a waste of money, because it's required, but it would make us look at the possibility of using another solution in the future, if it keeps going up at the rate it is.

      What's my experience with pricing, setup cost, and licensing?

      It's too expensive. The license, in the last year or so, has gone up by over £100. We're almost being out-priced by the annual license at the minute. If we do need to change, it will be because of the annual license fee, and we will have to get a different solution.

      Which other solutions did I evaluate?

      Ubiquiti is cloud-hosted. We use a lot of those as well. If that was around at the time, in the same way it is now, we probably would have used that to start with.

      What other advice do I have?

      A solution like Kerio Control is a nice-to-have for a medium size business. It just works. It does what it is meant to do. The hardware itself isn't too expensive, it's just the licensing fee that has gone up and up every year.

      I would recommend it. My advice would be to get a professional for the implementation.

      Overall, I would rate the solution at seven out of 10, because of the licensing, and there are other things on the market now that are probably as good.

      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
      PeerSpot user
      Senior Sales Technician at a tech services company with 51-200 employees
      Reseller
      You can see what all your users are doing
      Pros and Cons
      • "The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked."
      • "I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN."

      What is our primary use case?

      It is mainly for user control, e.g., who is downloading the most.

      We are using the latest version.

      How has it helped my organization?

      It helped a lot with the bandwidth because a lot of our clients complained that the Internet was really slow, then we found it's a Windows update or some guy inside the company using YouTube. With Kerio Control, we found out what was going on, blocked it, or pushed it down.

      It helps the IT manager monitor their staff. As for the servers, it gives protection from the outside. Their intrusion protection works extremely well, so you can see if there are issues from outside in the log files. The whole system is just easy to read.

      Right before the lockdown, we got requests for home connections like crazy from customers. We put all of them onto Kerio VPN, which is much easier for them. They log onto Kerio VPN and can see their local drives and servers, then they can work.

      What is most valuable?

      The VPN is a useful feature.

      When you go under status to, "active host", you see what all your users are doing. We found that this is the most useful feature.

      The security features are quite easy to use. It gives us everything we need in one product.

      The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked.

      The antivirus is good. Since they changed over to a new provider (GFI), we haven't had issues with it.

      What needs improvement?

      A little bit more info when we search on the client under active hosts. We would like to see a column to say what is going on: Is it encrypted? Is it HTTP or HTTPS? Is it connected to a gaming services?

      I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN.

      For how long have I used the solution?

      Since 2006.

      What do I think about the stability of the solution?

      The stability is good.

      The VPN features are awesome. The only issue that we had is when they changed versions. They removed a security feature and blocked out all the old VPN connections. As a service provider, we had to do an update for a lot of clients' VPNs after their update came out, which created more work for us.

      What do I think about the scalability of the solution?

      The scalability is awesome.

      For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.

      We have five to six support technicians who work with Kerio Control.

      How are customer service and technical support?

      I have never used their technical support.

      How was the initial setup?

      The initial setup is straightforward. It is easy to install. You just put in a memory stick and boot it up. Or, you just start up the device and follow the on-screen prompts. The deployment takes five minutes.

      What about the implementation team?

      We do use the online services Kerio provides for our implementation strategy.

      What was our ROI?

      Our clients see ROI with Kerio Control, as they are saving bandwidth costs.

      Kerio Control has saved time for the members of our team who manage security. It can save us two hours to a day, because if we use Mikrotik or something else, we have to sniff through the logs. With Kerio Control, we just log on and can see immediately what is wrong.

      Which other solutions did I evaluate?

      We tried FortiGate and Mikrotik, but they don't do what we want. Licensing is easier with Kerio Control. Also, troubleshooting and implementation on a network is much easier. You don't need to call support all the time. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on.

      It tells you what your users are doing or what is happening on your network. It goes into detail and you don't find that on FortiGate.

      What other advice do I have?

      The way that we sell Kerio is we show our customers what they can do with it. They don't really care much about licensing after they see that you can view each person one by one to see what they're doing. 

      I would give the product a 10 out of 10. I have been using this solution for an extremely long time. It is very helpful. With clients that don't have Kerio and have issues with their network, then we'll install a demo version of Kerio, fix the errors and problems, showing them what Kerio does. After, we'll take it out and put them back onto their normal router. It will take about a week or two weeks later, then they will phone us and say, "Please send us a quote for Kerio."

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Reseller.
      PeerSpot user
      Gilbert Mwiinga - PeerSpot reviewer
      Baobab College logo System Administrator at Baobab College
      Real User
      Top 5Leaderboard
      Good for intrusion detection and prevention and routing, but needs better content filtering and better support
      Pros and Cons
      • "I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated."
      • "They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper."

      What is our primary use case?

      We use it for bandwidth management, filtering, routing, and intrusion detection and prevention. It is our main edge firewall.

      I am working with the latest version. 

      What is most valuable?

      I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated.

      What needs improvement?

      The user login can be improved because we use the captive portal where users have to register before they access the internet server. That has been a huge challenge. They can improve the user login part and make it more user-friendly. It looks user-friendly, but it doesn't work as it is expected to work. They can also improve the reporting feature.

      They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper. 

      Its inability to provide content filtering for search results was a high-impact issue. We've been talking to them about this issue. It was a very sensitive issue for us because we had kids in year four who were exposed to images that they were not supposed to see. Because of Kerio Control, we failed to protect kids from such content, and we expected them to respond to it with the urgency it required, but their support was pathetic. The ticket was escalated, but we had to send them a couple of emails to let them know how serious the case was, and then we had a live call with their support team.

      We have had issues with its performance and stability. They can do better. We've had situations where we had a terrible performance on the network, and when you restart it, everything goes back to normal.

      For how long have I used the solution?

      I have been using this solution for six or seven years.

      What do I think about the stability of the solution?

      Its performance is average, and it isn't that stable. I would give it a 50 out of 100. 

      What do I think about the scalability of the solution?

      It is easy to scale. We have about 600 users.

      How are customer service and support?

      We've been talking to them about the content filtering issue. The ticket was escalated, but we had to wait for two days for it to be answered. We sent them a couple of emails to let them know how serious the case was, and then we had a live call with their support team. We found their support to be pathetic, and we really expected them to take it seriously.

      How was the initial setup?

      It is straightforward. It is easy to configure.

      What about the implementation team?

      We do it internally. On the maintenance part, it requires patching, seeing if we want to block anything from our network, and adding more rules.

      What's my experience with pricing, setup cost, and licensing?

      Its price is fair. There are no additional costs.

      Which other solutions did I evaluate?

      We are evaluating Juniper. In terms of monitoring, the response from Juniper was good. We requested a demo, and we got more than a demo. They went above and beyond to get a specialist in security who sat with the team. He presented not just what the product can do; he also presented what is involved in security. Their support seems good. From what they demonstrated, its monitoring, reporting, and intrusion detection features look pretty good.

      What other advice do I have?

      It is a good firewall. It does what it is required to do, but it needs improvements. Their support and reporting could improve, and they can also do some work on the user login part.

      For a campus, you can't depend on Kerio Control to provide everything. You need to look at some of the other tools if you're dealing with students, but for all other organizations, it is perfect as it is.

      I would rate it a seven out of 10. 

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      Flag as inappropriate
      PeerSpot user
      Alex Kimondo - PeerSpot reviewer
      ICT Manager at MEDS
      Real User
      Top 5
      It is a good firewall appliance, but it lacks local support and scalability
      Pros and Cons
      • "The firewall appliance itself is the most valuable feature."
      • "I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology."

      What is our primary use case?

      We use Kerio Control as our firewall.

      How has it helped my organization?

      The Kerio Product has come in handy in the area of Firewall management. Having visibility into the entire Organization through a dashboard. 

      What is most valuable?

      The firewall appliance itself is the most valuable feature.

      What needs improvement?

      I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. 

      The GFI features that come with Kerio are stated below. When paying for the licenses we pay for license for everything yet we only use 5 products.

      GFI Products

      GFI Endpoint Security

      In use

      GFI Mail Essentials

      Not in use

      Kerio Connect

      In use

      GFI Archiver

      Not in use

      GFI Fax Maker

      Not In use

      Kerio Control

      In Use

      GFI Lan Guard

      In use

      GFI Web Monitor

      In use

      Kerio Operator

      Not in use

      GFI Events Manager

      Not in use

      We only use 5 products out of the 10 we’ve paid for. We should have the option for paying for what we use not a blanket cost for everything

      Internet aggregation and SDWAN Technology: The firewall should  allow growth in terms of allowing connectivity to SDWAN technology available in other firewall appliances.Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses who need multiple links to the internet. They’re also useful where you are using multiple links and would like to connect to other sites, such as branch offices or cloud services.

      Its local support and scalability is  also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.

      Cloud Support: The Firewall should have cloud support especially hybrid cloud support.

      It should allow device identification without just stating that the devices are unrecognized-"unrecognized devices"

      Sandboxing is one of those important firewall features that end users don’t even know is there. It takes a file or executable as you’re downloading it and opens it in a completely isolated and separate “test” environment.This is missing.

      For how long have I used the solution?

      We have been using this solution for around one year. We are working with Kerio Control and other GFI products that come with it.

      What do I think about the stability of the solution?

      It has been a stable product. We haven't had any issues apart from yesterday when it somehow froze. It was the first time we experienced such an issue. 

      What do I think about the scalability of the solution?

      Scalability is a bit of a challenge because you need to buy a new product if you want to upgrade to new technology. 

      In other firewall products, you have options for scalability, but for this particular product, such an option is not available. For example, FortiGate firewall provides added technology capabilities that allow it to grow a bit. In Kerio Control, if I want to bring new technology like SD WAN, I need to buy a new product, or maybe do away with Kerio Control and use a new technology altogether.

      How are customer service and technical support?

      At the moment, there is no proper local support for Kerio Control here in Kenya. It is hard to get service or assistance for anything. This is the challenge that I faced in using a Kerio product or a GFI product.

      Which solution did I use previously and why did I switch?

      I used to work with Cisco products. We switched to Kerio because they promised a lot of products, and the initial cost was less as compared to other products.

      How was the initial setup?

      The initial setup is pretty straightforward. I learned this product on the job, and I never got any hands-on training. I just went to YouTube and oriented myself with it, and then I set it up quickly.

      What's my experience with pricing, setup cost, and licensing?

      Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products.

      What other advice do I have?

      I would rate Kerio Control a six out of ten. Its local support, scalability, and pricing model need to be improved.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: I am a real user, and this review is based on my own experience and opinions.
      PeerSpot user
      Senior Systems Tech/Admin at a computer software company with 1-10 employees
      Reseller
      Top 5Leaderboard
      Easy to manage, highly stable, and scalable
      Pros and Cons
      • "The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source."
      • "The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design."

      What is our primary use case?

      We use Kerio Control primarily for site-to-site VPN and client VPNs.

      What is most valuable?

      The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source.

      What needs improvement?

      The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design.

      For how long have I used the solution?

      I have been using Kerio Control for a long time.

      What do I think about the stability of the solution?

      Kerio Control stability is extremely stable. On the administration side, you have total control because of MyKerio. Which is a portal that allows you to control all your Kerio Controls and other Kerio solutions. Similar to other firewall vendors nowadays, they have their own portal to centralize the management of your firewalls. 

      What do I think about the scalability of the solution?

      The solution is scalable. If you are using virtualized machines you can have as much memory and much storage, but you do not need much storage for this solution. It is powerful and fast, although it can slow down the internet because of the filtering. For example, if you have most of your services running, such as antivirus, content filtering, and intrusion prevention. When all of those are all enabled and there is a lot of configuration and it might slow down your internet service to about 70%, instead of a direct simple router.

      How are customer service and support?

      The technical support is good as a reseller. We have direct connection with the technical support, we can send them an email and they will get back to us. If it requires phone calls, they phone us up or we phone them.

      How was the initial setup?

      The initial setup is straightforward. You receive a box and then you receive the activation keys. When you receive the activation keys, it will work fine. Without the activation keys, your subscription for firewall, antivirus, and web filter, is not going to work.

      If you are doing a fresh installation without the VPN, you have to set up all your routers on each different location to have a site-to-site VPN. However, if you are migrating from a firewall to Kerio Control, you have to migrate the users, DHCPs, and static IPs, that you want to have on the devices to keep you from losing service. For up to a five-site location, it could take approximately one hour for each location to set up the firewalls.

      What other advice do I have?

      To start out you are going to have to purchase the firewall hardware and the subscription itself which could be approximately $2,000 and for the annual subscription, it will be approximately $400. The subscription entails many aspects, such as you do not lose your antivirus upgrades or your web filtering does not stop.

      We are switching from Kerio Control to Sophos because of the sleek design of the devices. If you want a cheaper solution, you can choose Kerio Control, but if you want a much sleeker design, then should consider Sophos.

      I rate Kerio Control an eight out of ten.

      Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
      PeerSpot user
      MD at Comsque
      Real User
      Top 5
      A reliable solution offering robust performance and security.
      Pros and Cons
      • "The reporting needs to be improved. It is hard to get a domain."
      • "The reporting needs to be improved. It is hard to get a domain."

      What is our primary use case?

      Providing Firewall functionality, VPN connectivity and content filtering.

      How has it helped my organization?

      1. It decreased malware attacks in our network.

      2. It improved employee productivity and data security.

      What is most valuable?

      1. The built-in anti-virus and perimeter security. 

      2. The VPN feature.

      1. The anti-virus and perimeter security functionality minimizes vulnerabilities in our network and better secures our data. This also decreases downtime of devices due to viruses and malware attacks. 

      2. The VPN functionality has allowed staff to have stable remote connectivity on a secure and encrypted connection. This has improved the ability to get work done smarter and efficiently whilst working remotely (or from home).

      What needs improvement?

      1. More detailed reporting. 

       2. Sometimes you get a few challenges joining to a domain. 

      3. Improved and simplified User Interface.


      For how long have I used the solution?

      I have been using Kerio Control for over four years. 

      What do I think about the stability of the solution?

      It is a stable solution and we have not had any major stability issues in our four years of using it. 

      What do I think about the scalability of the solution?

      It is very scalable. If you are using a Virtual Appliance make sure your hardware specifications are good then you can easily add licenses as your users increase. On hardware Appliances you might have to upgrade to a bigger appliance as your users increase.

      How are customer service and technical support?

      The support is fine. The response time can improve. 

      Which solution did I use previously and why did I switch?

      Yes, we switched due to the favourable pricing, many features and robust performance of Kerio Control.

      How was the initial setup?

      The initial setup was straightforward. We deployed Hyper-V Appliances and everything worked as it should. Connecting the Appliances to MyKerio was pretty simple and hassle free.


      What about the implementation team?

      In-house.

      What was our ROI?

      Our ROI is very good. The savings we have made after deploying were good. We have saved on downtime of devices due to attacks and man hours of the IT staff attending to these issues. This enabled us to invest time and resources into profitable projects rather than to support.

      What's my experience with pricing, setup cost, and licensing?

      The setup cost is fair especially of the Virtual Appliances. The annual licensing is easy and priced fairly.

      Which other solutions did I evaluate?

      Yes we looked at Cyberoam and Sophos.

      What other advice do I have?

      Kerio Control is a good solution which is reliable and easy to use.

      Which deployment model are you using for this solution?

      On-premises
      Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
      PeerSpot user
      Buyer's Guide
      Download our free Kerio Control Report and get advice and tips from experienced pros sharing their opinions.
      Updated: August 2022
      Buyer's Guide
      Download our free Kerio Control Report and get advice and tips from experienced pros sharing their opinions.