KerioControl Reviews

Providing Firewall functionality, VPN connectivity and content filtering.

1. It decreased malware attacks in our network.

2. It improved employee productivity and data security.

1. The built-in anti-virus and perimeter security. 

2. The VPN feature.

1. The anti-virus and perimeter security functionality minimizes vulnerabilities in our network and better secures our data. This also decreases downtime of devices due to viruses and malware attacks. 

2. The VPN functionality has allowed staff to have stable remote connectivity on a secure and encrypted connection. This has improved the ability to get work done smarter and efficiently whilst working remotely (or from home).

1. More detailed reporting. 

 2. Sometimes you get a few challenges joining to a domain. 

3. Improved and simplified User Interface.

I have been using Kerio Control for over four years. 

It is a stable solution and we have not had any major stability issues in our four years of using it. 

It is very scalable. If you are using a Virtual Appliance make sure your hardware specifications are good then you can easily add licenses as your users increase. On hardware Appliances you might have to upgrade to a bigger appliance as your users increase.

The support is fine. The response time can improve. 

Yes, we switched due to the favourable pricing, many features and robust performance of Kerio Control.

The initial setup was straightforward. We deployed Hyper-V Appliances and everything worked as it should. Connecting the Appliances to MyKerio was pretty simple and hassle free.

In-house.

Our ROI is very good. The savings we have made after deploying were good. We have saved on downtime of devices due to attacks and man hours of the IT staff attending to these issues. This enabled us to invest time and resources into profitable projects rather than to support.

The setup cost is fair especially of the Virtual Appliances. The annual licensing is easy and priced fairly.

Yes we looked at Cyberoam and Sophos.

Kerio Control is a good solution which is reliable and easy to use.

It is mainly for user control, e.g., who is downloading the most.

We are using the latest version.

It helped a lot with the bandwidth because a lot of our clients complained that the Internet was really slow, then we found it's a Windows update or some guy inside the company using YouTube. With Kerio Control, we found out what was going on, blocked it, or pushed it down.

It helps the IT manager monitor their staff. As for the servers, it gives protection from the outside. Their intrusion protection works extremely well, so you can see if there are issues from outside in the log files. The whole system is just easy to read.

Right before the lockdown, we got requests for home connections like crazy from customers. We put all of them onto Kerio VPN, which is much easier for them. They log onto Kerio VPN and can see their local drives and servers, then they can work.

The VPN is a useful feature.

When you go under status to, "active host", you see what all your users are doing. We found that this is the most useful feature.

The security features are quite easy to use. It gives us everything we need in one product.

The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked.

The antivirus is good. Since they changed over to a new provider (GFI), we haven't had issues with it.

A little bit more info when we search on the client under active hosts. We would like to see a column to say what is going on: Is it encrypted? Is it HTTP or HTTPS? Is it connected to a gaming services?

I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN.

Since 2006.

The stability is good.

The VPN features are awesome. The only issue that we had is when they changed versions. They removed a security feature and blocked out all the old VPN connections. As a service provider, we had to do an update for a lot of clients' VPNs after their update came out, which created more work for us.

The scalability is awesome.

For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.

We have five to six support technicians who work with Kerio Control.

I have never used their technical support.

The initial setup is straightforward. It is easy to install. You just put in a memory stick and boot it up. Or, you just start up the device and follow the on-screen prompts. The deployment takes five minutes.

We do use the online services Kerio provides for our implementation strategy.

Our clients see ROI with Kerio Control, as they are saving bandwidth costs.

Kerio Control has saved time for the members of our team who manage security. It can save us two hours to a day, because if we use Mikrotik or something else, we have to sniff through the logs. With Kerio Control, we just log on and can see immediately what is wrong.

We tried FortiGate and Mikrotik, but they don't do what we want. Licensing is easier with Kerio Control. Also, troubleshooting and implementation on a network is much easier. You don't need to call support all the time. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on.

It tells you what your users are doing or what is happening on your network. It goes into detail and you don't find that on FortiGate.

The way that we sell Kerio is we show our customers what they can do with it. They don't really care much about licensing after they see that you can view each person one by one to see what they're doing. 

I would give the product a 10 out of 10. I have been using this solution for an extremely long time. It is very helpful. With clients that don't have Kerio and have issues with their network, then we'll install a demo version of Kerio, fix the errors and problems, showing them what Kerio does. After, we'll take it out and put them back onto their normal router. It will take about a week or two weeks later, then they will phone us and say, "Please send us a quote for Kerio."

We use the Kerio Control as the firewall, and we manage all the load balancing for it, as well as DHCP, bandwidth control, failover, and basic reports.

It has saved time for the members of our team who manage security, because everything can be done from the Kerio. If a problem arises or something needs changing, we can just put it into the same rule that we already have or make a new rule, a duplicated rule, which is quite easy  to do.

The most valuable features are the 

• firewall
• load balancing 
• bandwidth control
• routing.

We need these functions. We need to do what we do and then the Kerio is quite intuitive in terms of getting everything set up and managing it after. It has quite a nice UI which is fairly straightforward.

The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.

In addition, content filtering is good. We use that a lot. In terms of the content filtering we use all the basic ones that it already comes with, like phishing sites and peer-to-peer. We only use the VPN a little bit, for admin purposes, to go in and administer the other equipment onsite, like the switches.

The comprehensiveness of the security features Kerio Control provides seems good. And it seems to just work. I don't really get down into the detail of it too much, but I'm happy with what it picks up. We haven't really had any problems.

It is easy to use. We've never really used the wizards that are provided. We had a guy come in and set it all up for us in the first instance and then we built upon it by just using what he already did as a template, to do other things. But it's pretty straightforward.

We also use the failover. We have two internet lines going into it, and it works. We have a loss of connection at the minute because of a problem with BT, our ISP, so it has gone over to another line. It keeps our security going, which is good.

We have been implementing solutions with Kerio Control for our clients since about 2016.

The stability is very good. I don't think it's ever failed. 

We had one time where there was an update, a couple of years ago, and it changed a setting for the failover and load balancing. As a result, we almost needed to roll back to a different version. We ended up finding the right setting. But that was the only thing that's happened really. Apart from that, they update fine.

For the sorts of things we do, we'd only ever really need one Kerio in any one location. Scalability is beyond the Kerio, for what we do.

We have about 150 users of the solution.

We don't have plans to increase usage. It's been the same for about four years now and I think it will stay the same for at least another one or two. In the place where it's installed it's being used very extensively. It's the endpoint for the whole network so everything in the company ends up going through it.

I've never used their technical support.

We did not have a previous solution.

We hired a guy to do the initial set up for us. I think he was a Kerio reseller and we used him for consultancy before it started and then he actually did the work on the Kerio as well, and the network in general.

Our experience with him was excellent. We've used him a couple of times since. He's brilliant. His knowledge of everything is incredible. We tried to do it all ourselves at first, but he came in and knew exactly what the problems were. Something that had taken us about four days, he did in five minutes. He's just incredibly knowledgeable about everything to do with networks: Cisco, Kerio, everything.

I've set up another one since, for the same company. I just copied the configuration file of the one and put it straight onto the other. They're in separate buildings, but they wanted them exactly the same so it was really easy.

That deployment took an hour, but it was because we already had one set up.

As for deployment and maintenance of these solutions we generally need just one person: me.

The return on investment is the fact that the network keeps going. In that respect the ROI is good. But the licensing fee seems to be getting too expensive. I wouldn't say it's a waste of money, because it's required, but it would make us look at the possibility of using another solution in the future, if it keeps going up at the rate it is.

It's too expensive. The license, in the last year or so, has gone up by over £100. We're almost being out-priced by the annual license at the minute. If we do need to change, it will be because of the annual license fee, and we will have to get a different solution.

Ubiquiti is cloud-hosted. We use a lot of those as well. If that was around at the time, in the same way it is now, we probably would have used that to start with.

A solution like Kerio Control is a nice-to-have for a medium size business. It just works. It does what it is meant to do. The hardware itself isn't too expensive, it's just the licensing fee that has gone up and up every year.

I would recommend it. My advice would be to get a professional for the implementation.

Overall, I would rate the solution at seven out of 10, because of the licensing, and there are other things on the market now that are probably as good.

We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

On average, deployment of Kerio Control takes us maybe 30 minutes.

The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

Kerio Control is the primary firewall for our corporate network to the outside world. We use an IP transit that connects to an IP transit, so all the internet traffic in and out of the corporate network goes through the Kerio Control firewall. We use Kerio Control VPN Clients for our remote workers to dial into that corporate network with two-factor authentication.

We service all areas of Queensland in Australia and we've got clients from Thursday Island down to the border. We have regional sales guys, agents, and technicians throughout the state that require access to the corporate network for various reasons and that's how they get in. They require access for our call logging system and all that sort of stuff. It's the primary gateway for that. Apart from that, we also run Kerio devices in the field to do point to point VPNs.

We've had very few problems with the VPN features. Once we've set it up, it's pretty functionally user-friendly in terms of the firewall functions that we need to open and close ports on. Our users don't have a lot of problems with it. We've had to reboot it occasionally, but nothing extraordinary. Just standard maintenance rebates. Other than that, it just does the job.

We about 60 users that have access. Concurrently, there's probably only 10 concurrent users at only one time. Because of COVID, there's a lot more remote work going on. It would have been busier over that time, but I haven't actually looked at the stats since then. I know that it worked well and we didn't have any issues. Which is a nice thing not to have to worry about when there's a lot of other things on your plate.

There are only two of us that would really get in there and reconfigure the firewall. Most of the time we'll run that past TechPath anyway, just to make sure that we're not going to punch a hole. We don't intend to. In terms of checking problems, checking logs, in terms of people management as well, seeing who's been logged in, who hasn't, it's very easy to get online and get onto the device and do from anywhere. It's very easy and flexible to use.

Prior to Kerio, we couldn't uncover that data. Prior to Kerio, we were using a hardware device but it didn't have remote access or any of those features. It was something we had to do on-site and it wasn't very user-friendly. It wasn't something that management could do if they wanted to and yet this one's pretty easy if they had access.

The main example of how Kerio has improved my organization would be through the COVID shutdown in terms of just being able to scale. It scales very easily to users that weren't normally remote workers. The fact that it scales well at very little trouble to scale with the amount of users on there, and then to have no issues over that period with increased usage, it did the job. The less I know about it, the better it's doing.

It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good.

We turned on two-factor authentication just after the shutdown when we knew we were going to get more users using it. That was the only feature that I've used recently that was different and it worked fine. You only have to authenticate once every 30 days, once you've fully authenticated. It was easy. Technically, it's not a full implementation. It's two-factor on every login, but it's certainly more secure than it was.

In terms of the comprehensiveness of the security features, I know that we haven't had any breaches before. We've had security issues before but it hasn't been with the data center implementation. We have a technology partner that we use to consult for configuration and Kerio was their number one recommendation at the time. We've never had an issue since implementing that. While it works, it's not an issue for me. Best to our knowledge, we haven't had any data breaches.

We do a lot of audits in terms of data security. I don't know if that's ever been an issue here because a lot of our production stuff is actually walled off from our corporate network so it's of lesser risk factor. We were regulatory. We're a licensed regulatory body as well. We monitor gaming machines throughout the state. A lot of our security and the production network is a lot higher than our corporate. Not that corporate's not high, but there are a lot more freedoms for the user under the corporate network umbrella anyway. But it does what it needs to do. We haven't had an issue with it. The most we've had to do when we've had an issue is upgrade the VPN Client's software.

Before using Kerio, with another software, we did experience security breaches. Not so much with a firewalling product. We've had issues with breaches of user breaches. So phishing attempts and so forth. Just the general user stuff, but not through the corporate firewall. And honestly, we didn't handle all of that previously. We only took that on board about six or seven years ago when we changed ownership. So a lot of our services are in the cloud these days as well. Office 365 and so forth.

In a roundabout way, its security features played a role in our decision to go with it. We rely on the advice of our consultant and the consultant recommended this configuration, this software, and this appliance. So, it was more about the appliance. It was more about the flexibility than what we needed to do in a data center environment as well, to be able to manage it remotely and securely. It's been very easy to manage. 

The consultant was TechPath. TechPath is very good. I have full faith in TechPath. They're an MSP and we've just used them as a consultant when we initially set up our wide area networks and the security around it. They have good guys there. We don't have a lot of network engineers in what we do. That's their job. That's why we use another consultant.

Because it's all ID integrated, it's very easy for a user to get online step by step. And in terms of the actual configuration of the firewall itself, it's an intuitive interface if you know what you're doing, in terms of logging traffic, spanning, and the rest of it. The logging is fine. 

Remote work has been increased by 100%. We would have had around 25 - 30 remote users. That's probably increased to 60 over the shutdown, including contact center staff. That'll scale back a little bit as people come back into the office, but overall, people don't stay connected during office hours, it's more of an as-needed basis. We still only have 10 to 15 concurrent users, but in terms of licensing, we have under five concurrent users at any one time before that. There was an increase, but it was not a resource-hungry increase. We said to make sure the licenses were sourced in advance.

If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces. That's been more of an experience thing as well, you have to have some networking experience to understand what you're trying to do when you set up these things, whereas it could be a little bit more user-friendly, wizard-based.

I've been using Kerio Control for six years. It was introduced to us by a previous sister company. We started some of the systems that we took over that were using Kerio Clients and so forth.

We use it primarily to get into our corporate network through a data center appliance. So our off-site workers use Kerio Control VPN to get into the corporate network. We have a private data center space that we use for our production network as well. It's the primary gateway into our corporate network from remote workers. It's a private cloud. We've got our own rackspace in one of the data centers in Brisbane. And then we've got connectivity that lands in the DC to allow satellite sites.

The stability has been very good. I can only think of one or two occasions where we've had an issue and a restart of the firewall seems to bring it up again. I don't think I've ever had a major issue with it at all.

The high availability and failover protection haven't been that critical for us. The stability of it has been so good that we haven't needed to look at it. Because of the use case, an outage doesn't affect us as much as if it was a production network. And TechPath would be on standby with other hardware if we needed or with assistance. So we never really looked at the high availability stuff.

In terms of scalability, we did not see any limitation for the amount of users that we increased to. We had to add some licensing once we evaluated how many end users are going to be in the end but that was very quick as well. I think that came through in a day or two. We just added in the licensing to it and there we went. It was very easy to do. If there was a huge increase in numbers, as in if the appliance itself might need to be increased, but it's actually a virtual appliance anyway so resourcing is not that big a deal. We can increase the resources pretty easily.

Whether or not we increase usage depends on users. I don't think we'll exceed what we've currently grown in the last six months, based on the fact that everyone's currently working remotely. We don't have real plans to expand at this stage but it's nice to know that we can.

I would consider my company to be an SMB. We have 110 staff. Our company is part of a larger group of companies called the Federal Group. Our business unit is 110 employees, and we're fairly self-sufficient in that respect, but the Federal Group of companies is 1,800 employees and we run a number of different businesses around the country, hospitality businesses, casinos, cape transport, trucking companies, that sort of thing. For our size, definitely, it's worked flawlessly for what we needed it to do.

A lot of the IT is within the Federal Group. We've only actually been part of them for just over a year now. They have their own technical services group and a lot of those guys are hardcore Cisco nuts. They're based in Tasmania, which is the other end of the country for us. It's hard to get anything done when we've got to chase someone on the other side of the country. They've desegregated the business unit, so we can manage our own internal business decisions on that infrastructure. But I wouldn't be surprised if they did use Kerio in some form, I know that a lot of those guys are gold plated in what they do.

I haven't contacted their technical support. If there are any issues then I get a network engineer guy first and see if he can take care of it.

We have used SonicWall and I've also used Ubiquiti around the place a little bit, but nothing on a production level. We've played around with Ubiquiti internally. We used to implement SonicWall at our customers to do some deep-end firewalling on their gear but now we're mostly using Kerio devices at the moment in the field as well.

Our systems supplier became our sister company. We got bought and converged in a vertical integration, and then we got divested again. We checked the systems, and the staff from our sister company got taken away to our opposition company. SonicWall was something that we inherited and we weren't really familiar with its use. I was familiar with Kerio's configuration, so we moved to a Kerio device to do the same job.

For our main firewall, the setup was fairly complex at the time because we had multiple internal networks to deal with. We had test environments versus operational environments. We had a lot of rules we wanted to put in place for corporate, so it was complex. It wasn't confusing in terms of how to configure it, but it was fairly complex. 

We started off focusing on corporate first. This was the least risk and then we moved our production phases over to that as we were confident in that we were secure and connected up correctly, so to speak, or the data center configuration was the way we needed it to be. Then we did a little post-testing in the configuration, not just with the firewall and stuff, but overall with penetration testing.

The deployment didn't take very long. TechPath took care of most of it. In terms of the site to site stuff, we do that fairly regularly. It might take an hour to configure devices, but it's not onerous. You've just got to make sure you get the settings right. The setup required a few engineers from their end, myself, and another employee. 

We do maintenance once a month and it requires one person. It doesn't quite a lot of maintenance because we just give it a courtesy reboot more than anything like we do with a lot of our gear. We just make sure that the updates are up to date, from time to time.

I have definitely seen ROI since the shutdown. Given its stability and its function, it certainly hasn't slowed down our ability to produce in a diverse environment especially with the contact center. A lot of what they do is hybrid Software as a Service, telephony, and all the rest of it, so having corporate access was key to be able to do their jobs. We went from a very secure, regulated on-prem environment to a diverse working from home environment overnight, and Kerio was key to that.

I never had to go out there and try and find an alternate solution because Kerio just did the job. I don't know how long it would've taken or how much it would've cost, but it certainly would have been at best, a minimum of setting up a much more permanent type of secure connection from each user's premises. It would have been a lot harder to do.

I didn't even blink at the price but I can't even remember what it cost. It was pretty reasonable. The cost was very affordable. We just ended up licensing our own because we didn't know who was going to be working remotely at the end of the day. I think anyone that had a chance to work at home, they got the license. It wasn't a factor of having to do to a view and make sure that every user absolutely needed one. It is a very affordable solution.

There are no additional costs to the standard licensing that I know of. We maintain the highway that it sits on and obviously the data center space and there might be transit and costs and that sort of thing associated with it, but not with Kerio itself. 

We didn't really look into other solutions. We were using MikroTik routers to do some of the work, but not really. Rather than learn SonicWall, we just switched to Kerio, because we we're familiar with the interfacing.

The biggest lesson I've learned from using Kerio is that you can quite easily and securely diversify your network security and access without compromising on cost and central control. Since this all comes down to is that it's all centrally controlled, I have confidence that the users were accessing our systems remotely and securely.

We have used the Kerio Control appliances to do point to point VPNs at the customer sites quite a few times now, and that's the one we recommend. Customers have been using Ubiquiti and have issues so we replaced them with Kerio appliances and they seem to work great. They're moderately priced, good value, and I haven't had to reboot one of those devices in the field yet. These things run point to point VPN for some pretty business-critical functions, such as wide-area gaming systems that transfer money between venues. I haven't had any issues.

I would rate Kerio Control a nine out of ten.

For a small office, I'm using it for a firewall. This is the most obvious primary use, along with: 

• The Web Filter subscription for content that gives a bit of protection to users on the network when going to sites with known malware and so on. 
• The Antivirus module, which is good at scanning anything coming through, giving us a first line of defense. 
• Some other features in there, like VLAN. I have quite a few VLANs setup for keeping things separate for a build network and so on. 

I have the hardware appliance on-premise. However, I do use some of the features, like MyKerio cloud, for remote administration and backups. These are hosted on the Kerio site.

Knowing users on the network are confident that they are in a safe and secure network and can't really hurt themselves.

It's a combination of authentication, internal network DNS, filtering, and antivirus. It is a standalone product which has a lot of the features that a Windows domain might have. However, I don't need to have a whole lot of Windows or Mac infrastructure, as I can do all my network management from Kerio.

One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.

The solution’s firewall and intrusion detection features are pretty good. I have, at different times, connected directly to the Internet in bridge modes with the modem, and the noise in the logs is phenomenal. So, it does a good job. I can see that the intrusion prevention catches everything that is coming at it. I tend to not use it in that mode. I have it connect to a port on my modem router, so I let the modem router take all the initial intrusion noise, then not much gets through to Kerio. That just gives me a lot of confidence that I have a secure network.

For the content filter, I am pretty much running their default. I haven't added any rules to that myself. The default does a pretty good job at picking up things. I might have whitelisted one or two things that I use which it tends to pick up, but I know they are okay.

Kerio Control gives us everything we need in one product. 

The feature that I'm relying on: If the appliance died and I had to get another one, Kerio has a configuration backup. Therefore, it's pretty easy to restore to a new appliance.

There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.

One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.

I first used this solution when it was a piece of software called WinRoute. That would have been around the year 2000. I've been using the product in its various forms for quite a long time.

The stability is pretty good. It ticks along nicely. I occasionally have to reboot it. It starts throwing strange errors on different clients. There was a period where Kerio was releasing software updates at least once a month, which would force the reboot, but I think kept it pretty tidy. Over the last year, their updates haven't been very regular. When it gets to running for about 60 days or so, it does get a little funny and the reboot sorts it out. I don't know what's going on there and why their updates have slowed down.

A good thing with the Antivirus module is there are probably six or seven dozen updates every 24 hours to the antivirus signatures. Therefore, they do a pretty good job of keeping at the head of the game.

It is a very low-end device. I am using their base model appliance, so it's a very small piece of hardware with fairly low-end specs. Given the broadband connectivity that we have in Australia, which is pretty poor to start with, that's not really an impediment to me. Moving data around across the land and subnets seems to work fine. 

I have about three users most of the time and each of those users can have three devices. Then I have various servers and audio visual equipment. I'm probably up to about 20 or so IPs that could be used, but not everyone and everything is running at the same time. It seems to cope with the traffic I'm hitting it with.

Our users are mainly doing email, web browsing, a little bit of streaming, and a little bit of Zoom. There is not anything terribly intensive.

I probably utilize 70 percent of the features. I don't do things like VPN. I don't do anything with quotas, forcing people to log in, or bandwidth management. However, these are good features that would help some people.

I am not looking to increase usage at this stage. I know that if I did, it has those extra features that I could use. If I started pushing the performance, then I would need to upgrade to get some bigger hardware. I probably can't increase my usage too much at the moment because the hardware would max out.

To get one little unit and configure your whole network is good. It's also good too for a bigger business where you have a network and a small office somewhere. You could drop one of these in that office to run everything, as it's set and forget. You also have the remote administration of the appliance, which would be quite handy to a lot of businesses.

I found the technical support pretty good. They are very responsive and come back with an answer on things pretty quickly.

I have been using Kerio Control for quite a long time. I didn't use anything else previously.

It has a wizard to sort of get it up and running very quickly. I think I did start with that, then went into the manual configuration for setting up VLANs and DHCP scopes. They were fairly straightforward to set up. 

It's a product that you can get up and running pretty quickly. Then, if you want to get into advanced configuration, that's what takes a bit more time.

Out-of-the-box, I had something running in an hour or two, but that's probably because I've been using the product for quite a few years. I know what to look for. But as for the advanced configuration, that's days of work. It's ongoing with the administration and tuning the network. I spend maybe a couple of hours a month just making sure everything is configured and working correctly. The logs are pretty good too. It's good to keep an eye on the logs as it gives you an indication if anything's wrong or if things are going haywire.

You need to have a pretty good idea of how you want to structure unit work and what you want your network to do, especially when you want to set up things like authentication. You need to preplan your subnets and IP address ranges for different users so you can then map them to the user accounts. If you're going to a new organization and setting this up, then there is a bit of work in planning all that and what you want the device to do.

For deployment and maintenance, it takes me few hours here and there.

I have definitely seen ROI. It has saved in client software acquisitions, such as, antivirus or any dedicated security software. In my configuration, I haven't needed any Windows infrastructure because this device does all the network management for me. So, it has saved me from buying software and some amount of hardware. It gives three or four people antivirus, which is probably about $500 AUS a year just in client security software that I've saved. Plus, there are servers I haven't had to buy, which gets pretty expensive, especially with Windows licenses.

Kerio Control saves us time when it comes to managing security. Otherwise, I would have to invest in software running on clients, which get frustrating.

On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.

It gets expensive pretty quickly if you need to purchase license packs. In the previous model, I was buying packs of five. It was concurrent: If you had 10 address licenses, then you can have as many devices as you want, but if you hit 10 devices, you hit your license limit. People will get frustrated. They do appear to be expensive, but I don't have anything to really compare that against. I've not done any market evaluation for quite some time, because my model has unlimited addresses, so I haven't had to think about that.

The comprehensiveness of the security features this solution provides is the reason why I have stuck with them for so long. It has all the features that I need, and I haven't had to go and buy separate products. However, there are competing products that have a lot of these features in them. I did toy with the SonicWall product for a little while. SonicWall, who is a subsidiary of Dell EMC, offered an appliance, but it didn't do the internal network DNS nor was it good at authentication. I think the Kerio products are more rounded for running a small network out of a single appliance and not needing other infrastructure. SonicWall was frustrating because it didn't have a lot of the features that Kerio had.

SonicWall was my first foray into appliances. Up until that point I had been using the Kerio Control software edition. I liked the idea of appliances. If you're running something on a PC, you need to have a PC running, along with fans and hard drives spinning. Your appliances, even though they're lower spec hardware, are small and quiet. At the time, SonicWall was a fair bit cheaper, but that was how I discovered it was a false economy. It just didn't have the pool of features in it that Kerio had, so I would have needed to have a number of work arounds.

Looking at Cisco's documentation, they look a bit more complex to set up than Kerio Control.

The overall ease of use depends on your skill set. I have a networking background, so I find it okay. As you get into more advanced features, it's probably a bit technical, but I managed to find my way around it through the documentation to get things working. It has some good features in there, like you can create a firewall rule and the console lets you test that rule, which is helpful when you're trying to build a firewall rule.

One of the features that I haven't used yet is Kerio Control's high-availability/failover protection. However, it is something I would be interested in setting up in the future. We have started using it yet because we are small scale with a very small number of users.

Provides the simplicity of having a small appliance that you can rely on to configure. If someone wants a network that can be structured to keep things segregated and safe from each other, then it's a cost-effective device, which is easy enough to set up and configure.

I haven't had any security issues. However, back then, I would have been relying on an antivirus, running on clients, hoping that it would catch things.

I would rate it as a seven out of 10, but then I don't have a lot of experience with other products to compare it against. Though, from what I see and read, it's as good as anything out there. Everything is good. However, I'm a little bit concerned that I'm not getting a lot of updates. Probably if I needed more performance, it would get expensive fairly quickly.

It's the firewall and the router for our network. That includes both the public side and our private side as well.

We were having issues with feeling more secure. Keio Control has made me feel like our network is more secure. Also, the VPN feature was easier to manage and assign to different users. There's no more downtime with our VPN. It just works.

Kerio Control has saved time for the members of our team who manage security.

We've increased the amount of clients that use VPN. It's very easy to manage and very easy to setup. All we have to do is set them up with an account and then download the software to their computer. It just works. There has been a 50% increase.

The intrusion prevention is good. I like the fact that it's always up, it's always secure, and it never lets us down, never locks up. It just works.

As a firewall, it keeps our public and our private networks separated and also from any intrusions from the outside. 

In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.

It provides us with everything we need in one product.

Because of the reputation of Kerio as well as all of the great things my IT company recommended, it's easy to trust a company like this for our intrusion prevention and for our security. It's really easily laid out and it just works.

The malware and antivirus features keep themselves updated once it's turned on. You don't really have to worry about anything. It scans all the incoming email and it scans for web traffic. It just works in the background. You don't even know it's there until it finds something.

The VPN feature works great and it's secure as well. I'm impressed with the speed at which it works and how easy it is to access over the VPN.

There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.

I have been using Kerio Control for two years. 

It's extremely stable and the uptime is incredible in terms of how it stays connected, and we have had no issues in over two years of using it.

It can scale and grow as we grow. It has very impressive features. It is a little bit of overkill for what we use it for. But I think it's worth it. I really do. I don't mean for it to sound like a negative. I chose it on purpose, even though I knew it was a little bit more than we needed. Because of the security features and because of the reputation that it had coming from our IT company, I really saw no other option.

Only I manage the device and I'm head of our IT department.

We have roughly 10 VPN users and 20 or so computers. Then we have at least 75 to 100 devices that connect to it at one time on a Sunday. That connects to the internet and it's able to handle the traffic and the bandwidth management perfectly.

It's more than adequate for our size of business. I know it's made for larger companies than ours, with more employees. But it works very well for us and it's easy to manage. It's robust and very consistent. 

I've only had to use technical support once and it was on a VPN. They updated the VPN protocol and I had a question about it. They immediately got back with me. It was easy to deal with them. They immediately had the solution that I needed.

Our previous solution was off-brand. We upgraded because it did not have enough bandwidth to support our faster internet speeds. That's the real reason why we upgraded. It was not able to have a VLAN and a second LAN for our public site. That was another reason why we upgraded. We didn't feel it was as secure as Kerio.

The initial setup was straightforward, with the exception of the VLANs, and setting up a second LAN. Other than that, it was straightforward.

The deployment took two hours. 

The IT company went through and showed me all of the settings and gave me a tutorial on which features I needed to use and how to turn them on and what they meant. As far as the rest of our office staff is concerned, they just needed the VPN protocol setup. I was able to do that on my own because that was really straightforward and easy.

They set it up for me. They plugged it in for me and then explained all of the features to me and helped me set up some of the features. I was then able to easily find videos online and some instructions to set up other features that I wanted, like content filtering.

Having seen the process, I could easily do it again without their help. I just needed a little bit of a push from them.

We have seen ROI. 

I would encourage other people that when considering pricing, you really have to think about how important your network security is and how you're going to save time in the long run on managing your network. It's worth buying a product that's top-notch and the best quality. Your network is worth it and your employee's security is worth it.

We also looked into Ubiquiti UniFi system and decided to go with Kerio.

Kerio ended up being a much better solution. 

I would rate Kerio Control a ten out of ten. 

It's the Edge firewall for my business. I'm a small business IT consultancy and I'm subcontracted out to a larger organization. It's really just me working from home, which is a bit more permanent now, but we do have a couple of other side projects I work on with a couple of other partners. One of them is a financial trading solution, so we want Kerio to beef up the edge security to make sure that the solution itself was secured nicely because it meant building out a rack of a couple of rack-mounted servers and beefing up the solution. 

Being an SMB, we do find that Kerio fits our needs. It fits nicely in that space because any time that I've been to an enterprise it's pretty much dominated by Cisco products. A product like this probably wouldn't get much air time to get in the door of a really big organization, whereas a small to medium-size enterprise where they're big enough to have some sort of IT presence, it would probably fit in nicely. With an enterprise that's my size that doesn't have an IT presence, then they'll probably use some sort of managed service solution.

We wanted to beef up the firewall and not just run off some sort of IoT style firewall that's built into a modem. It didn't seem to be adequate for our needs. So that's where we went into Kerio because at the time, we had some remote desktop services running and we were getting a lot of attempted cyber attacks coming out of China and a few other places. Kerio was one of the few that could actually geo-block, which was really quite handy.

Its primary job is to protect us and give us a degree of comfort. We're putting a lot of effort into creating a financial trading system. We want some comfort that it's secure behind the quality firewall and that's really what beckoned its purchase. The fact that we've not had any issue indicates that it must be doing that job reasonably well, and the fact that we don't get any of those attempted attacks from the block in China, because of geo-blocking, is probably the strongest feature for us. I wouldn't say it improves what we do because it doesn't affect what we do. It's really just security.  It's a tool to improve our security profile for what we do.

We don't expose our remote desktop connected servers to the internet anymore. But when we did have that, because the security log is a really easy thing to set up, it would show you all the attempted, brute force attacks. That's now down to zero. We don't get any brute force attacks, but at the same time, we don't expose the Port 3389 out to the internet. We could achieve the same result with a domestic firewall in a domestic router. However, this gives us a degree of comfort that we can actually analyze any traffic that looks a bit suspicious, inbound, or outbound. That's a definite step change compared to what we'd have in an out-of-the-box type of router.

Security is there to slow things down and make things a bit tricky. That's its bottom line. If security is easy, it's probably being done wrong.

Certainly in the first few months of using it, it was quite time-consuming to get a configuration working that was reliable. Because I work from home, I originally had it protecting everything coming in and out of the home which didn't work well at all. It's protecting the home office and the server environment. Everything else just goes straight out of the domestic router out to the internet because we've got IPTV, with kids on devices. They don't need such a high level of protection. It would be nice to give them that because if you've got this perimeter that's protected by a really good quality product, you want to protect everything.  But when we tried that, it seemed to struggle with the high volume of traffic that was being generated by the IP cameras, the IPTV service, and the myriad of devices and iPads that we have in the house. So we stopped using it for that purpose.

The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

The geo-blocking is essential because the partners we deal with are typically either in the US or Australia. We know where our traffic needs to come from and we don't post anything publicly that the general world needs to see. It's just a few discreet services that need to be hosted on this financial trading stuff.

The integration of Active Directory is very good as well. We don't use the VPN service. We use VNC. We get mixed results from the QoS, but that's another good feature. Really, dashboarding, track, and monitoring are the most important features for us as well.

We are about to test the high availability and failover protection because one of the issues we have is the device or the Hyper-V host seems to need a regular rebooting, which isn't an issue directly in itself, but it would be nice if it could do that on its own. We can't find a feature to do that. That's the complaint I'd have of that and the HA might solve that problem for us. So we'll give that a go.

Out-of-the-box, the overall comprehensiveness of the security features is pretty good. It's not just a firewall, it's kind of a firewall proxy, reverse proxy, everything out-of-the-box sort of solution. It's pretty comprehensive. I can't imagine wanting anything else, because for me as a consultant, it's not just about protecting the environment. It's also about having something that's commercial-grade because when you go in as a consultant, you need to be exposed to these tools and you need a lab environment to test these tools out. This is as close to a good commercial tool that you could possibly ask for.

In terms of the availability issue, I've considered that there are hardware options as well, which is nice. We're not sure if that will be an improvement over using Hyper-V, but that's to be decided.

The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.

The last time we used the antivirus, it seemed to slow down some of the connections. I didn't dig too deep into it, we just turned it off and it seemed to rectify the problems. It's hard to say whether it was that directly but it seemed to be creating a bit of overhead on the connections.

The reliability is its biggest downfall. I don't expect to be rebooting a product like this every couple of days. In fact, it's become a start of day thing just to reboot so it doesn't let me down in the middle of a team's call or something like that. It's quite slow as well. I could be on a team call and it would drop the connection. Then we'll get a warning that we've got poor call quality and as soon as you restart the device all the problems go away. There's clearly maybe some sort of memory leak problem or something in there that's affecting its reliability.

We've just had our national broadband network connection today, which is a high throughput connection. We will be reconnecting the entire household through the device, to see how it copes and we'll see if it improves anything.

I have been using Kerio Control for two and a half years. 

If I came across a client that was a small to medium enterprise, I'd probably recommend it, but a lot of them have a solution in place now anyway. It's hard to get those opportunities for new business in that regard, but I reckon it would probably scale quite well. I'm at 25 licenses, but that's only because we have so many devices in this house. It looks like it probably would scale. As I said, with that level of reliability, that probably would be an issue if you wanted to scale 100 to 200 licenses.

We did try the proxy feature, but once again, that failed miserably. It ran well for a few weeks and then it died on us, and it was really quite hard to diagnose what had gone wrong. We turned it off and went back to a previous configuration which was a bit disappointing. It comes back to that reliability, whatever it is that makes it conk out is clearly a problem.

I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.

We tried a few different Windows-based products. That's how we found Kerio because it offered a Hyper-V solution and it also offered a hardware solution if you wanted. I'll try the software one first and see where we go. There were a couple of other products we used before. Originally, we used to use Microsoft, the ISA server back in the day because that got swallowed up by Fortinet and we didn't touch that. 

There was another Windows product, WinGate. That has a really bad reliability problem. It would stay up but the connections were very slow going through that thing. Maybe it was poorly configured on my part, but it just seemed to be incredibly slow at managing the connections. We'd notice a very latent response from web pages and it never, even though it had a massive caching there for caching pages, it just seemed to never be as quick as bypassing the WinGate software. That wasn't virtualized. That was running on a native Windows server at the time so that was really quite poor in terms of performance.

Given that it's a Linux deployment, the support it offered, like giving you a Hyper-V client out-of-the-box, is fantastic. It's a really clever idea because you're not then left with a painful configuration of spinning up some sort of Linux host and then trying to do an installation. The fact that it comes pre-packaged with Hyper-V images was a very smart and clever move because that made it a lot easier to get it going if you like. Getting that up and running was quick, it was just a configuration, and finding the right configuration was the hardest part.

The deployment was less than half an hour. It was very quick to get it up and running and get it operational. It was just fine-tuning that configuration to suit my environment that took the time, which I would expect of any device, no device is going to come out-of-the-box and just work like magic unless you've got a really simple environment. Whereas I've got a home environment, where it's just me as a small business, but I've got that many servers and hosts running.

Our strategy was to take it out-of-the-box and get it working.

The setup was pretty easy. The external remote control was really good and simple. It gave extra manageability on the road which was good. It was pretty straightforward.

In terms of maintenance, it's just me. In terms of my time, it doesn't take much time at all. I'll hardly make any changes to it. Now it's running fine. The only next thing I'll be doing is trying out the HOA.

With security, I don't think you can calculate ROI. It's not easy to call a return on investment with security products because anything security that's done properly is going to be a cost overhead. That's by its very nature. If security is quick or cheap it's probably wrong. I don't look at it as a return on investment, I see it as security. A bit like saying if I bought a new car and they said, "I can save you $500 if you say no to the airbags." For 99.9% of the time, you'd be saving $500, until one day it costs you lots of money and maybe your life. I see it the same way.

It's not an optional extra, it is an overhead that you have to pay if you want to secure an important asset. You've got to weigh up how important that asset is against how well you want to secure it, and that's where you say, "Well, it's going to cost you the price of a Kerio license, the price of a VNC license, sort of remote management. And that's what it costs to manage and secure properly those services." I'd say we've achieved that. It's hard to really put a return on investment with security.

I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that. It's not terrible. It's actually cheaper than what we pay for VNC. We probably could save money thereby utilizing the Kerio VPN and not VNC. For a firewall proxy solution, it's probably a bit on the higher side price-wise.

We have to provide our own Hyper-V host to spin it up or buy the Kerio hardware, but otherwise, there are no other costs.

I'm experienced in networking, but I'm not a network engineer per se, I'm more software development. The fact that I was able to get it set up and going with minimal fuss was definitely a plus for the product. I've seen products before where you can get them running, you make the slightest configuration change, and the whole thing comes crashing down. It's quite a stable product in that respect and it does look after itself quite well. For example, risk proxying solution and buying a GoDaddy certificate to secure a couple of APIs was a piece of cake. It really didn't hurt us at all. I think the important lesson there is, if we had tried to do the same thing with a NETGEAR sort of a firewall with a built-in firewall product, I think we would have had a hard time. Kerio definitely has made it easier.

I'd say give it a look for sure. I'd totally recommend it.

I would rate Kerio Control a seven out of ten. If I didn't have to reboot it so often, then it would probably score a nine.

It's not a cheap product and it's not a particularly reliable product at the same time which tends not to be a good mix. Something like this should be able to cope with my entire household, every device I throw at it, and it should be able to cope with that fine. It clearly didn't two years ago. We'll try it again in about 24 hours and we have to hook up this high-speed connection to it and we'll see how well it performs there. Reliability is about the only qualm I have with the product.