KerioControl Reviews

For a small office, I'm using it for a firewall. This is the most obvious primary use, along with: 

• The Web Filter subscription for content that gives a bit of protection to users on the network when going to sites with known malware and so on. 
• The Antivirus module, which is good at scanning anything coming through, giving us a first line of defense. 
• Some other features in there, like VLAN. I have quite a few VLANs setup for keeping things separate for a build network and so on. 

I have the hardware appliance on-premise. However, I do use some of the features, like MyKerio cloud, for remote administration and backups. These are hosted on the Kerio site.

Knowing users on the network are confident that they are in a safe and secure network and can't really hurt themselves.

It's a combination of authentication, internal network DNS, filtering, and antivirus. It is a standalone product which has a lot of the features that a Windows domain might have. However, I don't need to have a whole lot of Windows or Mac infrastructure, as I can do all my network management from Kerio.

One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.

The solution’s firewall and intrusion detection features are pretty good. I have, at different times, connected directly to the Internet in bridge modes with the modem, and the noise in the logs is phenomenal. So, it does a good job. I can see that the intrusion prevention catches everything that is coming at it. I tend to not use it in that mode. I have it connect to a port on my modem router, so I let the modem router take all the initial intrusion noise, then not much gets through to Kerio. That just gives me a lot of confidence that I have a secure network.

For the content filter, I am pretty much running their default. I haven't added any rules to that myself. The default does a pretty good job at picking up things. I might have whitelisted one or two things that I use which it tends to pick up, but I know they are okay.

Kerio Control gives us everything we need in one product. 

The feature that I'm relying on: If the appliance died and I had to get another one, Kerio has a configuration backup. Therefore, it's pretty easy to restore to a new appliance.

There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.

One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.

I first used this solution when it was a piece of software called WinRoute. That would have been around the year 2000. I've been using the product in its various forms for quite a long time.

The stability is pretty good. It ticks along nicely. I occasionally have to reboot it. It starts throwing strange errors on different clients. There was a period where Kerio was releasing software updates at least once a month, which would force the reboot, but I think kept it pretty tidy. Over the last year, their updates haven't been very regular. When it gets to running for about 60 days or so, it does get a little funny and the reboot sorts it out. I don't know what's going on there and why their updates have slowed down.

A good thing with the Antivirus module is there are probably six or seven dozen updates every 24 hours to the antivirus signatures. Therefore, they do a pretty good job of keeping at the head of the game.

It is a very low-end device. I am using their base model appliance, so it's a very small piece of hardware with fairly low-end specs. Given the broadband connectivity that we have in Australia, which is pretty poor to start with, that's not really an impediment to me. Moving data around across the land and subnets seems to work fine. 

I have about three users most of the time and each of those users can have three devices. Then I have various servers and audio visual equipment. I'm probably up to about 20 or so IPs that could be used, but not everyone and everything is running at the same time. It seems to cope with the traffic I'm hitting it with.

Our users are mainly doing email, web browsing, a little bit of streaming, and a little bit of Zoom. There is not anything terribly intensive.

I probably utilize 70 percent of the features. I don't do things like VPN. I don't do anything with quotas, forcing people to log in, or bandwidth management. However, these are good features that would help some people.

I am not looking to increase usage at this stage. I know that if I did, it has those extra features that I could use. If I started pushing the performance, then I would need to upgrade to get some bigger hardware. I probably can't increase my usage too much at the moment because the hardware would max out.

To get one little unit and configure your whole network is good. It's also good too for a bigger business where you have a network and a small office somewhere. You could drop one of these in that office to run everything, as it's set and forget. You also have the remote administration of the appliance, which would be quite handy to a lot of businesses.

I found the technical support pretty good. They are very responsive and come back with an answer on things pretty quickly.

I have been using Kerio Control for quite a long time. I didn't use anything else previously.

It has a wizard to sort of get it up and running very quickly. I think I did start with that, then went into the manual configuration for setting up VLANs and DHCP scopes. They were fairly straightforward to set up. 

It's a product that you can get up and running pretty quickly. Then, if you want to get into advanced configuration, that's what takes a bit more time.

Out-of-the-box, I had something running in an hour or two, but that's probably because I've been using the product for quite a few years. I know what to look for. But as for the advanced configuration, that's days of work. It's ongoing with the administration and tuning the network. I spend maybe a couple of hours a month just making sure everything is configured and working correctly. The logs are pretty good too. It's good to keep an eye on the logs as it gives you an indication if anything's wrong or if things are going haywire.

You need to have a pretty good idea of how you want to structure unit work and what you want your network to do, especially when you want to set up things like authentication. You need to preplan your subnets and IP address ranges for different users so you can then map them to the user accounts. If you're going to a new organization and setting this up, then there is a bit of work in planning all that and what you want the device to do.

For deployment and maintenance, it takes me few hours here and there.

I have definitely seen ROI. It has saved in client software acquisitions, such as, antivirus or any dedicated security software. In my configuration, I haven't needed any Windows infrastructure because this device does all the network management for me. So, it has saved me from buying software and some amount of hardware. It gives three or four people antivirus, which is probably about $500 AUS a year just in client security software that I've saved. Plus, there are servers I haven't had to buy, which gets pretty expensive, especially with Windows licenses.

Kerio Control saves us time when it comes to managing security. Otherwise, I would have to invest in software running on clients, which get frustrating.

On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.

It gets expensive pretty quickly if you need to purchase license packs. In the previous model, I was buying packs of five. It was concurrent: If you had 10 address licenses, then you can have as many devices as you want, but if you hit 10 devices, you hit your license limit. People will get frustrated. They do appear to be expensive, but I don't have anything to really compare that against. I've not done any market evaluation for quite some time, because my model has unlimited addresses, so I haven't had to think about that.

The comprehensiveness of the security features this solution provides is the reason why I have stuck with them for so long. It has all the features that I need, and I haven't had to go and buy separate products. However, there are competing products that have a lot of these features in them. I did toy with the SonicWall product for a little while. SonicWall, who is a subsidiary of Dell EMC, offered an appliance, but it didn't do the internal network DNS nor was it good at authentication. I think the Kerio products are more rounded for running a small network out of a single appliance and not needing other infrastructure. SonicWall was frustrating because it didn't have a lot of the features that Kerio had.

SonicWall was my first foray into appliances. Up until that point I had been using the Kerio Control software edition. I liked the idea of appliances. If you're running something on a PC, you need to have a PC running, along with fans and hard drives spinning. Your appliances, even though they're lower spec hardware, are small and quiet. At the time, SonicWall was a fair bit cheaper, but that was how I discovered it was a false economy. It just didn't have the pool of features in it that Kerio had, so I would have needed to have a number of work arounds.

Looking at Cisco's documentation, they look a bit more complex to set up than Kerio Control.

The overall ease of use depends on your skill set. I have a networking background, so I find it okay. As you get into more advanced features, it's probably a bit technical, but I managed to find my way around it through the documentation to get things working. It has some good features in there, like you can create a firewall rule and the console lets you test that rule, which is helpful when you're trying to build a firewall rule.

One of the features that I haven't used yet is Kerio Control's high-availability/failover protection. However, it is something I would be interested in setting up in the future. We have started using it yet because we are small scale with a very small number of users.

Provides the simplicity of having a small appliance that you can rely on to configure. If someone wants a network that can be structured to keep things segregated and safe from each other, then it's a cost-effective device, which is easy enough to set up and configure.

I haven't had any security issues. However, back then, I would have been relying on an antivirus, running on clients, hoping that it would catch things.

I would rate it as a seven out of 10, but then I don't have a lot of experience with other products to compare it against. Though, from what I see and read, it's as good as anything out there. Everything is good. However, I'm a little bit concerned that I'm not getting a lot of updates. Probably if I needed more performance, it would get expensive fairly quickly.

It's the Edge firewall for my business. I'm a small business IT consultancy and I'm subcontracted out to a larger organization. It's really just me working from home, which is a bit more permanent now, but we do have a couple of other side projects I work on with a couple of other partners. One of them is a financial trading solution, so we want Kerio to beef up the edge security to make sure that the solution itself was secured nicely because it meant building out a rack of a couple of rack-mounted servers and beefing up the solution. 

Being an SMB, we do find that Kerio fits our needs. It fits nicely in that space because any time that I've been to an enterprise it's pretty much dominated by Cisco products. A product like this probably wouldn't get much air time to get in the door of a really big organization, whereas a small to medium-size enterprise where they're big enough to have some sort of IT presence, it would probably fit in nicely. With an enterprise that's my size that doesn't have an IT presence, then they'll probably use some sort of managed service solution.

We wanted to beef up the firewall and not just run off some sort of IoT style firewall that's built into a modem. It didn't seem to be adequate for our needs. So that's where we went into Kerio because at the time, we had some remote desktop services running and we were getting a lot of attempted cyber attacks coming out of China and a few other places. Kerio was one of the few that could actually geo-block, which was really quite handy.

Its primary job is to protect us and give us a degree of comfort. We're putting a lot of effort into creating a financial trading system. We want some comfort that it's secure behind the quality firewall and that's really what beckoned its purchase. The fact that we've not had any issue indicates that it must be doing that job reasonably well, and the fact that we don't get any of those attempted attacks from the block in China, because of geo-blocking, is probably the strongest feature for us. I wouldn't say it improves what we do because it doesn't affect what we do. It's really just security.  It's a tool to improve our security profile for what we do.

We don't expose our remote desktop connected servers to the internet anymore. But when we did have that, because the security log is a really easy thing to set up, it would show you all the attempted, brute force attacks. That's now down to zero. We don't get any brute force attacks, but at the same time, we don't expose the Port 3389 out to the internet. We could achieve the same result with a domestic firewall in a domestic router. However, this gives us a degree of comfort that we can actually analyze any traffic that looks a bit suspicious, inbound, or outbound. That's a definite step change compared to what we'd have in an out-of-the-box type of router.

Security is there to slow things down and make things a bit tricky. That's its bottom line. If security is easy, it's probably being done wrong.

Certainly in the first few months of using it, it was quite time-consuming to get a configuration working that was reliable. Because I work from home, I originally had it protecting everything coming in and out of the home which didn't work well at all. It's protecting the home office and the server environment. Everything else just goes straight out of the domestic router out to the internet because we've got IPTV, with kids on devices. They don't need such a high level of protection. It would be nice to give them that because if you've got this perimeter that's protected by a really good quality product, you want to protect everything.  But when we tried that, it seemed to struggle with the high volume of traffic that was being generated by the IP cameras, the IPTV service, and the myriad of devices and iPads that we have in the house. So we stopped using it for that purpose.

The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

The geo-blocking is essential because the partners we deal with are typically either in the US or Australia. We know where our traffic needs to come from and we don't post anything publicly that the general world needs to see. It's just a few discreet services that need to be hosted on this financial trading stuff.

The integration of Active Directory is very good as well. We don't use the VPN service. We use VNC. We get mixed results from the QoS, but that's another good feature. Really, dashboarding, track, and monitoring are the most important features for us as well.

We are about to test the high availability and failover protection because one of the issues we have is the device or the Hyper-V host seems to need a regular rebooting, which isn't an issue directly in itself, but it would be nice if it could do that on its own. We can't find a feature to do that. That's the complaint I'd have of that and the HA might solve that problem for us. So we'll give that a go.

Out-of-the-box, the overall comprehensiveness of the security features is pretty good. It's not just a firewall, it's kind of a firewall proxy, reverse proxy, everything out-of-the-box sort of solution. It's pretty comprehensive. I can't imagine wanting anything else, because for me as a consultant, it's not just about protecting the environment. It's also about having something that's commercial-grade because when you go in as a consultant, you need to be exposed to these tools and you need a lab environment to test these tools out. This is as close to a good commercial tool that you could possibly ask for.

In terms of the availability issue, I've considered that there are hardware options as well, which is nice. We're not sure if that will be an improvement over using Hyper-V, but that's to be decided.

The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.

The last time we used the antivirus, it seemed to slow down some of the connections. I didn't dig too deep into it, we just turned it off and it seemed to rectify the problems. It's hard to say whether it was that directly but it seemed to be creating a bit of overhead on the connections.

The reliability is its biggest downfall. I don't expect to be rebooting a product like this every couple of days. In fact, it's become a start of day thing just to reboot so it doesn't let me down in the middle of a team's call or something like that. It's quite slow as well. I could be on a team call and it would drop the connection. Then we'll get a warning that we've got poor call quality and as soon as you restart the device all the problems go away. There's clearly maybe some sort of memory leak problem or something in there that's affecting its reliability.

We've just had our national broadband network connection today, which is a high throughput connection. We will be reconnecting the entire household through the device, to see how it copes and we'll see if it improves anything.

I have been using Kerio Control for two and a half years. 

If I came across a client that was a small to medium enterprise, I'd probably recommend it, but a lot of them have a solution in place now anyway. It's hard to get those opportunities for new business in that regard, but I reckon it would probably scale quite well. I'm at 25 licenses, but that's only because we have so many devices in this house. It looks like it probably would scale. As I said, with that level of reliability, that probably would be an issue if you wanted to scale 100 to 200 licenses.

We did try the proxy feature, but once again, that failed miserably. It ran well for a few weeks and then it died on us, and it was really quite hard to diagnose what had gone wrong. We turned it off and went back to a previous configuration which was a bit disappointing. It comes back to that reliability, whatever it is that makes it conk out is clearly a problem.

I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.

We tried a few different Windows-based products. That's how we found Kerio because it offered a Hyper-V solution and it also offered a hardware solution if you wanted. I'll try the software one first and see where we go. There were a couple of other products we used before. Originally, we used to use Microsoft, the ISA server back in the day because that got swallowed up by Fortinet and we didn't touch that. 

There was another Windows product, WinGate. That has a really bad reliability problem. It would stay up but the connections were very slow going through that thing. Maybe it was poorly configured on my part, but it just seemed to be incredibly slow at managing the connections. We'd notice a very latent response from web pages and it never, even though it had a massive caching there for caching pages, it just seemed to never be as quick as bypassing the WinGate software. That wasn't virtualized. That was running on a native Windows server at the time so that was really quite poor in terms of performance.

Given that it's a Linux deployment, the support it offered, like giving you a Hyper-V client out-of-the-box, is fantastic. It's a really clever idea because you're not then left with a painful configuration of spinning up some sort of Linux host and then trying to do an installation. The fact that it comes pre-packaged with Hyper-V images was a very smart and clever move because that made it a lot easier to get it going if you like. Getting that up and running was quick, it was just a configuration, and finding the right configuration was the hardest part.

The deployment was less than half an hour. It was very quick to get it up and running and get it operational. It was just fine-tuning that configuration to suit my environment that took the time, which I would expect of any device, no device is going to come out-of-the-box and just work like magic unless you've got a really simple environment. Whereas I've got a home environment, where it's just me as a small business, but I've got that many servers and hosts running.

Our strategy was to take it out-of-the-box and get it working.

The setup was pretty easy. The external remote control was really good and simple. It gave extra manageability on the road which was good. It was pretty straightforward.

In terms of maintenance, it's just me. In terms of my time, it doesn't take much time at all. I'll hardly make any changes to it. Now it's running fine. The only next thing I'll be doing is trying out the HOA.

With security, I don't think you can calculate ROI. It's not easy to call a return on investment with security products because anything security that's done properly is going to be a cost overhead. That's by its very nature. If security is quick or cheap it's probably wrong. I don't look at it as a return on investment, I see it as security. A bit like saying if I bought a new car and they said, "I can save you $500 if you say no to the airbags." For 99.9% of the time, you'd be saving $500, until one day it costs you lots of money and maybe your life. I see it the same way.

It's not an optional extra, it is an overhead that you have to pay if you want to secure an important asset. You've got to weigh up how important that asset is against how well you want to secure it, and that's where you say, "Well, it's going to cost you the price of a Kerio license, the price of a VNC license, sort of remote management. And that's what it costs to manage and secure properly those services." I'd say we've achieved that. It's hard to really put a return on investment with security.

I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that. It's not terrible. It's actually cheaper than what we pay for VNC. We probably could save money thereby utilizing the Kerio VPN and not VNC. For a firewall proxy solution, it's probably a bit on the higher side price-wise.

We have to provide our own Hyper-V host to spin it up or buy the Kerio hardware, but otherwise, there are no other costs.

I'm experienced in networking, but I'm not a network engineer per se, I'm more software development. The fact that I was able to get it set up and going with minimal fuss was definitely a plus for the product. I've seen products before where you can get them running, you make the slightest configuration change, and the whole thing comes crashing down. It's quite a stable product in that respect and it does look after itself quite well. For example, risk proxying solution and buying a GoDaddy certificate to secure a couple of APIs was a piece of cake. It really didn't hurt us at all. I think the important lesson there is, if we had tried to do the same thing with a NETGEAR sort of a firewall with a built-in firewall product, I think we would have had a hard time. Kerio definitely has made it easier.

I'd say give it a look for sure. I'd totally recommend it.

I would rate Kerio Control a seven out of ten. If I didn't have to reboot it so often, then it would probably score a nine.

It's not a cheap product and it's not a particularly reliable product at the same time which tends not to be a good mix. Something like this should be able to cope with my entire household, every device I throw at it, and it should be able to cope with that fine. It clearly didn't two years ago. We'll try it again in about 24 hours and we have to hook up this high-speed connection to it and we'll see how well it performs there. Reliability is about the only qualm I have with the product.

We have over 50 office staff that we use Kerio Control to protect, monitor web traffic, and cloud-host environments. We have a VPN tunnel from outside vendors that we keep connected to our environment and we use it as a switching device between some of our hardware in the hosting environment. We also use it for the security function. 

Our primary use case is for intrusion prevention from attackers, from wherever they may be. And also for doing the quality of service because we have a lot of remote users, especially during this pandemic. We can control the quality of service with phones and network devices, as well as the antivirus scanning. We use the whole gamut of pretty much everything that Kerio has to offer.

We're still a small company but we are pushing what the software is currently able to handle, while it seems to be geared towards small-medium business.

Content filtering used to be that you had to block specific websites that you didn't want somebody to access, or you had to write a specific rule to say that something is accessible or not accessible. We can apply Kerio-provided categories and rules without having to define large scopes of protocols or malicious websites. That part of it has come a long way in the last five to ten years.

The GUI is the best part of the product. If another team member needs to get in there to do something, it's a really quick click and it's done. There's no learning through command-line tools.

On an annual basis, we save not just hundreds of hours but also labor costs. Over the life of the product, I'm sure it's in the tens of thousands of hours because we don't need an inhouse specialist in Kerio technology.

The ease of use in the GUI itself is the most valuable feature. We like the traffic rules so we can control who has access. It's easy to determine the flow of the traffic itself so we don't have to educate on command lines and reading out command-driven output. It's a very easy-to-use interface.

The comprehensiveness of the security features is fairly good. There have been some suggestions that we've made to the GFI team that we would like to see for performance. As our company grows, we need Kerio to grow with us, and so we've suggested some ideas on making the Kerio Control appliance perform better for more users because it can become sluggish under heavy loads.

In terms of security features, Kerio gives us most of what we need. There are some granular items that we would find more useful when we want to stop a particular region from access. 

The firewall and intrusion detection features are really good, it just needs a little bit more fine-tuning.

The content filtering and VPN features are great. The vpn client is ssl based, so no key cipher matching is required when setting up without information in front of you.

The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a toll on performance. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time; it is currently running on an end of life linux kernel.

I personally have been using Kerio Control for 13 years but it's been at my company for close to 20 years.

The stability has actually improved quite a bit. There were some bugs found in previous versions up until about last spring, and then they concentrated on fixing some of the issues causing us some problems. As of the last update, it's very stable.

It's not very scalable when you start to get into the hundreds to thousands of users because the performance of all of the functionality isn't quite there yet. We're hoping that's remedied with some updates coming down the line.

Kerio is pretty much the backbone of everything that we do. Keeping all of our customers connected to us, keeping our staff safe online, and getting our staff into our cloud environment.

The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.

It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.

I did not have any experience with another similar solution. In fact, I had never heard of Kerio until I started at my company, primarily because Kerio was fairly small at the time. They were based out of California at the time. They were a small company and generally fit into the 100-users-or-less environment. When you would hear about other vendors, they generally ran in the thousands to tens of thousands of users and you just didn't hear about Kerio in that product line.

We take other solutions into consideration based on the growth needs that we have. As our cloud environment gets larger, if the Kerio technology is not able to keep up, that's always under consideration.

The process was pretty straightforward. Something that I expected to take days to weeks took about two or three hours.

Network security should not be planned around providing a return on your dollar in terms of a payback in the administration of the process. It should be planned around providing a level of comfort to management that intruders are being kept out of the network, errors and omissions are being kept to an acceptable level of risk.

Price-wise, it's very affordable. Whether you're a smaller or larger business, whether you're five users or a couple of hundred users, the pricing is very fair. The performance of it is what determines how you want to license it because you can purchase a Kerio appliance. We try to make use out of everything because we like to keep it in one place. It has fit our business size and needs.

Some of the main differences between the other solutions and Kerio is that Kerio has made their subscription service fairly universal. You get pretty much everything with one subscription. With some of the other vendors, you have to subscribe to each module that you want to use. On the other side of it, other firewall vendors tend to be able to handle in the millions of connections, hundreds of thousands to millions. And we see some of those limitations with the Kerio appliance because of some of the aging architecture of it.

My advice would be to follow the hardware requirements of Kerio and make sure the equipment that you have can run the connections for the number of users that you intend to run and are being planned out to be successful. Working with the Kerio team to determine your needs works out very well. 

Not all firewalls have to be difficult to learn. Kerio has made it a really easy-to-use product.

We mainly use Kerio Control for the phone systems. We use it like a VPN network so that I and a couple other guys can take our computers home and work from home. That's a great feature. We love that because you can sign in at home and be like you're in the store.

We have five locations and, for the person who controls it we have it set up in our main office. The ease of access, of being able to change a voice message, it links to that. The person who controls it can approve it and then she just plays it. That's great for when we have to do a holiday message or special events are happening. We love that feature. 

I love the VPN that we set up. A few of us have it on our computers so that if we leave, we can still access the stores. And we can work from home if needed. When I sign into that Kerio VPN, it links me like I'm sitting in the store. It puts me in our secure network so that I can sign on to each individual store and I can run numbers. We work through ICS Vision for our stores. We have a corporate plus five stores and it lets me link to all that. If I have to work from home, it's so much faster than the way we used to do it. It saves me a couple hours of each time I use it from home. It also saves me from having to drive in.

It's the overall ease of everything. It seems to have pretty seamless connectivity for linking our stores.

Also, the firewall and intrusion detection features seem to keep people out of our servers. I know it's a little bit of a process to try to link something new into it because the firewall is very secure, but we haven't had any issues with malware attacks on our end so it must be stopping them.

We haven't really had any major issues. But when we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly.

We have been using Kerio Control for about six years.

The stability has been fine. We have no concerns or complaints.

In terms of increasing usage, that's going to end up being discussed in a meeting with our IT guy to see what capabilities it has, how we could expand it, how we could grow with it, and how it could help out day-to-day business.

I've been with the company a little over three years now, but when I came in as general manager it was already in use. The upgrade is the closest that I've been to a deployment.

From start to finish, when doing the upgrade, we were back up in an hour, including the issue we had. Our IT guy let us know what was going on and that there was a series of events he had to do and he did them and we were good to go.

From the old way we used to do things, it's night and day. Before the company brought this on, it was pretty old-school in how it did its phone systems and messaging. The efficiency has doubled, but the company also used to use answering machines way back when.

I've never seen any additional costs incurred or involved, other than the initial.

The biggest lesson from using Kerio Control is the untapped potential there is to link to everything and streamline our business. That's really what it's about for us. Obviously, there's more out there for us to do with it.

As an SMB, Kerio Control is a good fit for our environment. It serves what we need done. I would recommend it for a smaller business because the ease of use and the access it allows us are great.

I use it as a service for my customers. My primary target is to help my customers in the best way to protect them from the dangerous things from the Internet. As a solution, it's easy to maintain. The product is a good solver that also depends on good support and its availability of engineers.

I am using the latest version of Kerio Control. It is an old type of configuration with VPN connections. I still like the product very much.

It is mostly installed on the Linux software appliance. That's what I mostly use for my customers.

Most customers are not able to understand the technology behind it. I am always trying to explain it to my customers. When I show my customers the interface of Kerio Control and all the reporting features along with the security features within the logging, they're very impressed. I have a very good relationship with my customers because this is mostly based on trust. I show them, and if they have doubts, I always say, "Just hire somebody to check my work." For example, a year and half ago in the travel industry, there were new rules for travel agencies who give out credit cards that they must comply with PCI DSS standards. There were some things that had to be adjusted and Kerio was able to adjust for that. So, it met the demands of PCI DSS standards.

When one of the employees of my customers was using a VPN Client, I created it so they will always get a message. When the VPN Client connects to Kerio Control from the outside, they will get an email so they know when they are connected and when they are disconnected what is happening to their network. I can, as an administrator, look in the logging and see what's happening. If I really wanted to manage what is happening over a month, then I could go deeply within Kerio Control and make a text file of the logging. I could then order an export to Excel to give the customer an impression of what is happening.

Our customers don't want to worry about their IP. If it's implemented well, Kerio Control is very good product for this.

• Security
• Ease of use
• Ease of install
• Ease to recover
• The load balancing is very easy to maintain.

The login appearances are very strong. In case of problems, you're able to find anything you want. I am always able to help my customers. I really love this product. It's very good. With its many features, there is no comparison. Over the years, I have seen other types of firewalls but they don't have these functionalities within them. 

You can create your users, groups, IP addresses, IP groups, and make rules. It can do protocol inspection and load balancing. You can have a backup line where all kinds of scenarios are possible. 

It has security features, like an open source Internet protection system. This is well-known and a good solution to protect you from guys who try to hack systems. They have also integrated a fire scanner, a protocol inspection, and web content filter. You can adjust things depending on the types of organizations who are using it. Over the years, it has been very easy to maintain. 

I haven't seen anything else that compares to the comprehensiveness of its security features because I'm working mostly with small to mid-range offices. Manageability is very important, and that is possible with it.

Kerio Control's firewall and intrusion detection system, Snort, uses tables that are available on the Internet and loads them automatically. Over the years, I never had problems with my customers. The stability is very important for the product. I use Kerio Control as a central security system for my customers. On the workstation, I mostly use a virus scan. There are also multiple virus detections through your firewall. 

The VPN Client for users is a strong feature within Kerio Control. An important thing within the VPN Client is it also has the possibility for two-factor authentication, which I really like. For some customers, this is very important.

I like its malware features.

This is a very robust the product.

With Kerio Connect, they blew it. They were not able to pace up with the competition. I am working with a variety of customers: lawyer offices, travel agencies, big shopping mall accounts, and small accountancy offices. They have all kinds of needs. Kerio Connect did a new launch in the Netherlands for the ACG and GDPR, which are very strict for some companies, like lawyer offices. It is important within the mail server product that you're able to encrypt your attachments and have two-factor authentication. All these type of things are not within Kerio Connect. Therefore, this product is not interesting anymore for my customers since the Dutch law is that strict. For example, there was a judgment from a judge this year when a company was hacked. There was a guy who maintained this network gave some advice to the customer, but the customer would not pay for that solution. He was held responsible for about 60 percent loss of this business, because there was a ransomware within in the organization. These are the things we have to deal with in the Netherlands and in Europe. Within the Netherlands, this is a very important thing, so you can probably understand how important it is that the product is okay with the market demands.

After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This is a cloud solution to have an overview of the statuses of all the firewalls that you maintain. When a firewall or primary interface goes down, then you get messages. It also has an app for iPhone or Android. You can then have a quick view about the status of the firewalls for your customers. If there is a problem with the Internet connection, whether it is down or there is an update, then you get a message. So, I can proactively help my customers. However, after the takeover, this has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening.

MyKerio is a cloud thing where you can easily see all the firewalls that you maintain for your customers along with the statuses behind them, providing a way to securely connect to your firewall appliances. This is a very strong feature of MyKerio. However, nowadays, I'm not really impressed about things they do with it. That needs improvement in my opinion.

Another thing is that you must be a specialist, like me, when you want to have more specific information, e.g., when there are incidents or things that are happening that need investigation, then you need to go to the shell prompts and logging, where you can perform anything. You can edit anything out of your log files. However, this is not possible within the Kerio Control admin interface. You can only search for one thing, but not for many things.

Kerio Control has a very good future, but it needs good marketing and knowledge around it.

I have been working with it since the beginning (1997). When it started, it was called WinRoute. Now, the name is Kerio Control.

It is a very stable product, which over the years has been very good. 

The scalability is good. The VPN connections may need improvement. Because of all the security features within Kerio Control, e.g., it can do a deep packet inspection, this can slow down the traffic. Sometimes that creates a problem. For example, Kerio Control offers protocol inspection for the services that are available, and sometimes that gives problems because people are complaining that it is slow. The VPN connections from remote are not always very fast, so I think the throughputs of the VPN need improvement.

In every software, sometimes there are problems. One of the strong things about Kerio was the support knowledge and the involvement of the employees within the support department. I used to have the impression that the people working there were part of the products. It was almost a pleasure to have contact with people who were really involved with the products. After the take over of Kerio Control and Kerio Connect by GFI, it was really disastrous because a lot of the people involved were gone. When I had a problem and I asked for support, then they are asking me questions that I think help, but they don't understand the product. This is logical, of course, because there was a takeover.

The GFI product support for Kerio Connect has been unacceptable for my customers and me because I had major businesses that were running with this software and very satisfied because of the user-friendliness. Error and problems cannot be cured, but they must be solved. For example, when I perform an update, the next thing will be a ruined email system, but nobody will be available for support. This is also when they know that an update is coming and I am calling after updating it. They promise to support us, but there is no support, which is terrible. This is the thing that I feel is very important when you use business-critical software, and they need to improve on. I want to be able to call their support and reach someone who has knowledge about the product. 

It has a very sophisticated logging system. I need to be able to connect to the engineers behind it, who develop it, and tell them, "Okay, that's wrong." If I'm not able to connect to first level engineers and make them understand that they're not able to help me or they need deeper knowledge of the product, then there is a problem. While this is not an issue with Kerio Control because they have proven with the product that they are able to maintain it, the major problem for me with Kerio Connect was they ruined things in the past and I was unable to go back. So, I'm very interested in how they are improving the support to make things work again with MyKerio, as it is very good feature.

I have worked with all the firewall systems, like Cisco. I see how people struggle of with it and also how much effort it takes to maintain it and implement rules. Kerio did a very good job with that. You can also, in a quick way, see inbound and outbound traffic and make your own filters.

A basic initial setup is very simple and straightforward. They offer a straightforward set of rules to make it work, then you can create all the rules you need for the customer depending on their demands. It can do almost anything.

The deployment time frame varies. For example, if I am deploying to a shopping mall, that shopping mall has all kinds of offices. Every office has its own demands regarding the IP system that they use. Every shop has its own software supply and concepts. Sometimes things get complex, then I start from scratch to make sure everything is maintainable, but this is very easy in Kerio Control if you know how to do your job.

Because of the coronavirus, for people who want to work at home, it is very easy to set up VPN Clients because that is a piece of cake.

When you look at Kerio Control, they are able to maintain it in a way that I had no problems because I was always careful with updates. I first test them on-premise before I roll it out to my customers. That's also no guarantee, but we are able to maintain it in a good way.

Implementation strategy changes per customer. Some customers have very strict policies about the sites that they can access via the Internet. Others have limited bandwidth. For example, I had a customer who could not visit some Internet sites because most of my customers have two Internet connections. I found out that connecting through the other interface wasn't a problem. It had to do this with the networks between them. It's very easy in Kerio Control to make another path where another Internet connection is used for that website.

I built a large network of freelancers over the years in the Netherlands and foreign countries to get the best solution for each customers. I am working with all types of people who are trustworthy and have good knowledge of the product. I tell my customers, "The IT world is the same as the medical world. You don't go to a heart specialist for an eye operation, and you don't go to your normal doctor for a heart operation. They're all specialists on their specific terrain." That is the way I operate for my customers.

I handle the deployment and maintenance of Kerio Control myself.

I have seen ROI over the years. It is part of the complete solution that I offer to my customers. Over the years, it has offered me a reliable platform for my customer and allowing me to build trust with my customers. That's the most important thing of Kerio Control.

If the support is not good, then I have a problem with my customers and it will cost me money. That's one of the things that GFI did after the takeover: It cost me a lot of money. Because there were a lot of problems, not with Kerio Control, but with Kerio Connect. It really cost me with unsatisfied customers.

It's not a very expensive solution from my point of view. Because it is not only about buying a product, but how much time does it cost to implement the features that the product offers? I haven't found another product that is able to do the things that Kerio Control can do for the money. 

It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product.

GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?

I don't use the Kerio hardware because they're too expensive and difficult to maintain.

Kerio Control has the ability if you buy it (it's a separate option) to know malware sites. Then, they will be blocked and the user is informed.

I have used Cisco, FortiGate, pfSense, and then more simple router things that have integrated software. However, mostly in business, I don't want to use just a router with integrated software. I don't believe in that concept. My customers are of a size that the stability of the product and the way it is maintained are very important to me. That's one of the strongest things about Kerio Control. It has proven to me over the years, and with my customers as well, that it's a very stable product. I haven't seen another product that compares to it within its price range. However, I also have to help my customers when they are having problems when connecting to a site or when they are having problems in general. When I contact their IT to find out what's happening on their side, it is difficult to get an answer why things are going wrong.

I can't find a comparable product to Kerio Control that offers the same set of features for the same money.

I found another product that can do a lot more than Kerio Connect, and that's IceWarp. IceWarp is a very strong product. IceWarp is a really strong competitor within this market. I was impressed with the software's ease of use because it's completely web-based. It's not only a mail server product, which offers secure attachments with out-of-the-box Office, but offers two-factor authentication. It also has a web-based text editor and Excel sheet, where you can make a basic presentation. With the same interface, there is the possibility to do OneDrive or Google Drive. They built it with the same depth that you need to log in to your IceWarp environment as a user. You can store your documents and sync them with a Mac or Windows PC. However, there is not much to find about this product.

Kerio Control is very good. The way that you can maintain it, it's very easy. I had an employee who built a copy of the product, which was a very basic interface for the open source community. You can find it on the Internet. He was impressed by the way Kerio built this firewall solver, because most firewalls are very difficult to maintain due to their complexity. If you are working in complex environments, it is not easy to maintain firewalls, because things are always changing. This is the part of Kerio that is very good.

Every IT guy that I show the interface of Kerio Control is impressed with the product because it's very easy to view how things are working (when you know what you're doing).

Ransomware is protected only when the system is able to detect, "Okay, this is coming from a link and that link is known, and it is within the protection."

I don't use the solution’s high-availability/failover protection because the hardware is needed as well and I wasn't able to test it. I want to test it first, because it's not only the testing, but what are the costs of ownership for the customer? Over the years, the Internet connections in the Netherlands are very stable. I always tell my customers that if they have an Internet connection that they should have a backup connection. The hardware that I use is mostly recent, stable hardware. So, it's not for my type of customers. This is not a very important feature because the hardware is well-maintained. However, that's a thing that I take care of since most hardware fails because there is not a good cooling environment or a lot of dust is in hardware. I make sure that things are running well as part of my services.

I'm still surprised that sometimes I need something which I thought was not within Kerio Control, and it was within Kerio Control. That's mostly the case.

Biggest lesson learnt: Stick with suppliers for software products who are able to give very good support.

I would rate the product as a nine (out of 10). It is very good.

We have our server in our head office, so we have offices that log into it from various other cities and run their accounting software on it.

We have several offices in different provinces across Canada and because of that, the connection has been very secure and reliable. We haven't had any downtime with it other than when we had the NG100 fail. Other than that, it's made the connection to our websites, our office, and our eCommerce sites all very reliable. That's been very important.

The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing.

The comprehensiveness of the security features is extremely good. 

Kerio offers everything I need in one product. 

The firewall and intrusion detection features are good. We've had some intrusion attempts that were stopped. The firewall has been doing extremely well for attempted hacks, as well as working well with the intrusion protection.

The VPN features are good They have a solid VPN client, which we found to be extremely good and reliable on various operating systems. Other than that, the VPN has been good. 

Kerio is extremely easy to use. They're easy to install and pre-configure. If you have to do any maintenance it's well handled through the system. Remote connection, logging in, and doing changes on the system is extremely well handled.

We do use the failover in our head office. The failover is working extremely well. The last test on that was May of 2000 and 2020. The failover seems to be working well and the security has been good, so they've felt very confident in having it up and working as it's supposed to be. It's configured as per the instructions and it's working really well.

Kerio has enabled us to double the number of VPN clients extended to those outside of our environment. It started a little bit before the pandemic but just because some of the companies started to work more from home to cut down on costs. But since COVID that's where it shows it's doubled.

One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to where the area of upload and download is extremely slow. There's too much content filtering at that point.

Quality control is another problem that needs to be handled better, particularly in the NG100 series. We have had to replace a couple of those. Other than that, the throttling down of the speed is too much. It is too heavy.

Other than that, I think they're good. 

We first started with Kerio back in 2003.

We have an NG300, NG100, NG300W, and we still have a couple of 1120s.

Other than the quality of the NG100, stability has been extremely good.

The scalability has been extremely well handled. We can very quickly figure out what size of a machine a customer needs and put it into position.

We have four people that do them, but usually, when we're shipping out, one person sets it up and then they deploy it remotely and have the customer follow their instructions remotely.

We don't have plans to increase usage because of the problems we have encountered with the company and the follow-up. We would have. We had quite a few of them, I don't know an exact count anymore because it's changed over but even now we've still got about 32 of them in use right now. But we've switched over probably triple that away from it.

GFI's technical support is improving but at the very beginning, it was very bad. There was no way to contact them. When you did call, you didn't get returned messages. It is improving, but it's still not at a level where we're happy with it.

We previously used SonicWall. We were looking for something that was really rock solid. We had a very bad experience with SonicWall and their support was very bad. We had a client that was down and they couldn't and didn't help us. We had to find something else in a hurry. 

One of our technicians had been reading up on Kerio so we brought one of their machines in and configured it. That's one of the first ones he did and he said that the setup was really good. He installed it and got the client back up and running, and then we started looking into it and found it was much better. Strangely enough, shortly after that, the sales rep we were dealing with at SonicWall left and he went to Kerio also.

Something that really bothers us about GFI, is that as a partner or a reseller, they believe that the customers belong to them. As a reseller, we take a lot of time building trust and confidence with our clients. We've been in business 30 odd years, and we still have clients with us that we took on back 30, 32, 37 years ago. They're still our clients, they deal with us, and they trust us. SonicWall did it and now GFI does it. They insist on all of the contact information for our customers if we sell them a machine. Then they start direct emailing them and our clients start saying, "I hired you to take care of this, why are these people sending me all this junk?"

Plus, we're in Canada and they send out this information and emails and it has U.S. pricing on it. They make a big deal about that it's only $100 or something, and then by the time we convert it to Canadian, we're looking at $135 and the clients forget that very quickly. It's very misleading to clients. Our customers don't like it. That's one of the other reasons that we're moving everybody from Kerio, because of what GFI's policy is of insisting on having all of our customer's names, addresses, phone numbers, emails, and everything else.

The initial setup is pretty good. The guys are used to it now. They've done a fair number of machines and they're very used to it.

It has become familiar and they're consistent from one model to another. The instructions are straightforward and a good tech should have no problem with it at all. The thing is that they're not a home machine, they're for business. If it has a tech working on it is no problem at all. It's quite simple.

An average deployment takes two and a half hours. 

Network engineers set it up. Even one of our web developers has set up some of them. They have been very happy with training other people to do them. They don't have any problems. It's quite simple. The engineer was the first one to start working with Kerio back when we took them on, and he found that even in the beginning, from learning on his own, it only took him about four to eight machines to feel confident that he could do it without having to follow the instructions every time.

The size of the companies we work with vary. We call them medium-size, but some of them are only one location with 5 to 20 employees. We host a lot of our e-commerce systems and clients have those on their machines so that when the e-commerce inquiries come in, they go through that router. They become a medium-sized business very quickly because of the amount of business they're doing.

Kerio is a good solution for companies of this size. It comes down to the same thing, reliable, cost-effective, the VPN connections are good for the security between the e-commerce sites. Our eCommerce site is dynamic, so it's connected between the customers' inventory, warehousing, shipping, and billing system, directly to the e-commerce site. It makes it a lot tighter and more security is required because they are connecting directly to the customers' business machines, as well as just e-commerce hosted sites. Reliability and security are very highly needed because it does run their e-commerce sites. 

We see ROI through the ease of setup. We have a flat fee for configuring one, we charge for one before we ship it out for installation or go and install it. A customer pays the retail price, converted to Canadian at the current exchange rate, and that's what we charge the customer for the machine based on Kerio's MSRP. Then we charge them a flat rate for configuring it, which is two hours and we charge them for two hours labor. Then we charge them for whatever time it takes to do it remotely on-site, or if we're going on-site and having to install it, we charge for that time. If you charge for your time and the value, then you're going to make a good return on it.

But if you go in undercutting prices, something has to suffer. We have never had a customer say to us that they're upset because we haven't taken care of them if they have a problem with one of the Kerio devices. There have been issues, they're machines, they're going to break down. But we've never had a customer say that it wasn't taken care of properly by us. When we had SonicWall that was a problem, we took care of the customer, we couldn't get the machine that he should have had properly under warranty, so we just went and got him a different machine, put it in and got him up and going.

That's where we have to charge for it. We did charge the customer for that, but he felt that we provided the service he needed. It just gave him a very bad taste in his mouth because he couldn't get it under warranty. Undercutting prices, either in your services or your pricing of the hardware is what's happening now on the internet, we see that people are buying Kerio cheaper. We say to them "If you insist on buying it and want us to install it, we're going to charge you to install it, and if there's a problem with DOA or anything like that, dead on arrival, that's up to you." We hand it back to them and say this machine's got a problem, you have to get it fixed.

The pricing is good. Our businesses have been around a long time and we've done that by not being the cheapest, but trying to be the best or one of the best. There's a lot of very good software and hardware companies out there, but a lot of them try to just undercut pricing and try to get the deal. We do not do that. We have a feeling we know what the value of our product is, if it's our own product. In a case where we have a router system, we know the value of it, we know what the value of the software licensing is for renewal and for the initial startup. We look at those things at the beginning, and we felt that Kerio was well in line. The price seems to be going up now, it hasn't gone up as bad as some of its competitors yet, but we'll keep an eye on that. Right now the pricing is valid for the product and the service they get.

We did look at and we're also an authorized Cisco reseller, but they're doing the same thing as SonicWall now. These big companies forget who puts all the work in. What they're trying to do, in my opinion, is get the little reseller to go out and hire the right people and go out and move their product, get them installed, and then they want to start going to them directly. I understand that smaller companies come and go but we've been here 37 years in total. They shouldn't go to our customers and start trying to direct sell to them and that type of thing. 

We were also a Dell reseller and we quit because we had to register every sale with them, and then they were going direct to the customers. It's not fair to the company that's gone out and done all the work.

The machine is a good value for the price and the software is extremely good value for the price. It's proven out to be good, but we're just disappointed in the company that now owns it and took over from it. They're improving, but it took too long to improve and it cost us a lot of money in that way. But I can't blame it on Kerio, I have to blame it on GFS.

I would rate Kerio Control a nine out of ten. 

Our biggest customer uses Kerio Control as a VPN on a campus network that we use to encrypt all of their heating and air. It's at the University of Mexico. It controls all of their heating, air, and security over their campus network. I have a hundred units doing that.

I'm a one-person team, and Kerio Control has saved me time. When I looked at the comparison between how much time I spend supporting a business installation of Kerio versus a FortiGate installation, just with the implementation, I have saved a few weeks of time. On a yearly basis, I have saved around 30 to 40 hours on one customer because they're bigger customers.

The VPN is the most valuable feature. We filter out outgoing NAT packets by port. So we locked down incoming and outgoing packets with the Kerio software. It's a lot less money than our FortiGate solutions that we installed, for instance. The value in it is money savings and flexibility.

Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio.

For the money, the comprehensiveness of the security feature is exceptional. The next level of security is the sandbox and FortiGate charges me $120,000 a year for that sandbox. I don't see that as something that Kerio would ever be adding. The next step is a big, drastic step up in company size. So for medium and small businesses, I think Kerio is about as good as I can get.

It gives us everything we need in one product for our small-size business.

For medium to small businesses, the firewall and intrusion detection features are very well priced and just excellent. The functionality for the amount that we're paying for them is excellent.

The malware and antivirus features are okay. I add stuff on top of Kerio, I have Malwarebytes. So I would give it an okay. Malwarebytes still catches quite a bit that Kerio doesn't.

I used the content filtering a little bit and it works alright. I've got a hundred VPNs at the University of New Mexico. I don't put it anywhere else though, so I don't know. I don't really have any kind of input on that, I suppose.

Their graphical user interface that allows me to open up particular ports to particular internal IPs with one external IP is very flexible and easy to use. It is also much clearer than when I go into my larger systems with two competitors, Cisco and FortiGate.

Kerio enables me to use one external IP address to cut it into multiples server solutions based on different port numbers. It saves them money if my customers are creative enough to use those features.

The overall speed needs improvement. Internet connectivity speed needs to be improved somehow.

If I buy one of Kerio's hardware boxes and put it between me and the Internet, the speed is reduced dramatically using their hardware.

I have been using Kerio Control for the last twenty years. 

We currently have one on Macintosh and one on Windows of the most current version of Kerio Control as well as Kerio Connect.

I found it to be fairly stable. Their updates have gone very smoothly, which is a nice thing. It doesn't crash during updates. I've had very good luck with that. Whereas I can't say the same thing with both Cisco and FortiGate.

If you buy their hardware box, it doesn't scale so nicely. I found if I put it on a higher-end computer, it does better. I guess it's okay if you put the right hardware in for it. I can't get through those to their boxes.

I had some customers that were running about 200 to 300 machines, those were my larger ones with Kerio. For the most part, I have them on between five and 20 users.

One of my customers had some issues that weren't pleasant. Support was pretty good and then it changed quite a bit when Lifeboat and GFI were involved. I personally haven't done too bad. I'm a one-person show, but I have a bunch of subcontractors. I personally have done alright with them. Although some of my people have had some not as good experiences over the last six months. They had time-related issues, about how long it took them to get back to them.

On average, it takes around one to two hours on a small to medium business to set it up. But it's totally dependent on their applications and that can vary up to quite a few hours if they've got some complex application issues. Typically, it's because I have to wait on getting responses from vendors. So we go out and we put in a default setup and modify off of that.

Our default setup pretty much locks their network up to only having HTTP, it turns off FTP and things of that nature. We have a pretty secure default setup and then we go open things.

After you've done it a few times it's pretty smooth.

Our ROI is money savings. We bill them every year for their renewal subscriptions, and that goes fairly smoothly. We don't have to spend a whole lot of time trying to figure out how to add a particular port or interface for a new function that the client needs to have access to. They never need the Internet. It takes us considerably less time to do it on Kerio than it does on the competing products that we also deal with. Which, from our perspective, is appropriate. For some people, it would be a mixed blessing because you are not getting as much billable time out of it, but we like to be as efficient as possible and so we appreciate that. We feel it's a good return on investment.

I think that licensing flows pretty smoothly. Make sure that you set them up so you support them over the my.kerio.com web interface because that lets you see all of your customers.

We don't use high availability or fail-over protection. We set one up once and almost gave up on it. You have to have pinnacle boxes and things, so we did set it up and test it but we haven't actually sold any of them.

I feel pretty comfortable having a Kerio firewall in a medium to small business. It can be deployed in an easy fashion, which is the same as everybody's Comcast, CenturyLink, or whatever their modem has. Then if you really spend the time doing it correctly, you can give somebody what, I feel, is an enterprise-quality solution in small business for a good price.

If I pinhole Kerio for small businesses, I would rate it a 10 out of ten but overall, I would give it a seven.

We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

I really like their general IT.

I like how it's possible for me to block other countries immediately if I see the need to do so.

The initial setup is a breeze.

The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

I've been using the solution for about five years now.

The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

I handled the implementation myself.

We're using the latest version of the solution.

I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.