KerioControl Reviews

Our client base is private yachts and on private yachts, we have different LAN connections, as well as different VLANs. Kerio Control allows us to maximize and control the different LAN connections, both from a performance and a financial standpoint.

The single largest component was the introduction of MyKerio and the ability to be able to remotely connect the challenge that we have with MyKerio. By yacht, I'm referring to the 1% of the 1% of the people that are out there with $50 million to $60 million yachts. They have satellite systems on board so one of the challenges that we have with MyKerio is the sensitivity to latency. What that means is that if you're on a landline like a DSL or a cellular connection, your ping time may be 20 milliseconds, but with satellite, because of the distances involved, those ping times could be 700 to even 1,100 milliseconds. This is a challenge that we have because just about any application or hardware device that is out in the market is not really designed to take that into account.

In this particular case, if we have a boat that is traveling from South Florida down to the Caribbean and the entire boat is on satellite and we need to be able to log into MyKerio for the boat, it's not optimized or set up for satellite communication. It sometimes becomes problematic in trying to connect to the vessel. Where if the entire boat, like on 4G or landline, then it's no big deal because MyKerio is optimized for that. 

That would be an area for improvement, but the benefit of it is that we can handle issues remotely. The other benefit is through a minimal amount of instruction to the boat, they can complete what I would refer to as basic tasks.

For example, if a boat is down in the Bahamas and the owner is on board, we typically have these in cellular and a landline connection and then on top of that, we'll have an owner, the crew, and guests. So in this particular case, we would want the owner on the fastest 4G connection. Then we would want to put the crew on the satellite connection, which may not be as fast. So it's just about optimizing the experience for the owner and being able to control the bandwidth.

The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.

It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.

I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.

I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.

Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.

In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes. 

From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.

It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.

It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment

I have been using Kerio Control for four years. 

It is deployed in our office, as well as at our customer sites. Our customer sites are private superyachts.

The only stability issue that we have is with regard to the latency and using MyKerio. A potential deficiency I've encountered has had to do with the actual physical ethernet ports on the device. They seem to be very susceptive to shock. We have had to replace a few units due to that. Especially if there are devices that are POE devices. Part of it has a POE that goes out to the antenna and then there's an ethernet connection that goes back to the Kerio. We've noticed that for whatever reason, that particular device or combination don't play well together.

The way it works now, we can take an NG300 with four ports, and then we can create ports on additional switches. So the only instance that we really use an NG500 is for two reasons. One of them is processing power, and then the other one is if they actually have the requirement for different or more connections than the Kerio has.

Three people in the company, more from a customer interface perspective, and about six people in the company from a technical support perspective use Kerio Control.

We have it deployed somewhere in the neighborhood of 60 to 75 remotes. We will increase usage if we can increase customers. 

I would say that we're a medium-sized business. We're certainly an established entity within the superyacht communications industry. Besides our office here in Florida, we have offices in France as well, and we're headquartered in Majorca, the point being is that we cover all of the Mediterranean, the US, as well as The Bahamas and Caribbean. So it has not been unheard of based upon an issue to helicopter somebody out to a boat kind of thing.

I have not used the technical support. My experience initially with Kerio was dealing directly with Kerio and then at a certain point, they offloaded their distribution to a company called Lifeboat and GFI, and that has been a bit difficult. In my opinion, it's made things a bit harder.

If I need to get an answer to a question, I have to go through Lifeboat or GFI, and then ultimately they in turn have to get with Kerio. So it's created a middleman process. The case in point is that we have an order and the order just kind of kept going and there were no updates, there was no tracking, there was no nothing. I would go to Lifeboat and Lifeboat would say, "Well, we're trying to get a hold of Kerio and there was just a breakdown in communication."

Kerio Control is something that's being added to most of the network of the boats that we deal with. We deal with a lot of boats that look fantastic on the outside, but on the inside as far as the nuts and bolts go, they are not well maintained or they have really old equipment. That's one of the things that we always deal with. One of the things I always talk to captains about when I go on a boat is I ask them, "What are the chances that the owner's going to come on board with a 10-year-old computer and a 10-year-old phone?" And he answers, "Zip to zilch." So I say "Well, your network's 10 years old." It's going to work based on what you have in the technology of anywhere from even five years ago compared to today. It's not just a matter of throwing a Kerio in and saying, "Everything's going to be fine." Typically, it's a component of a network upgrade to include switches and access points.

The initial setup is straightforward for us now because we've done it for so long. The other side of it is that there haven't been a lot of changes per se. There have been tweaks. The consistency of the platform has pretty much stayed the same. So while they have optimized certain components of it, it's kind of like Microsoft Word. You could go back to a version of Microsoft Word 10 years ago and know exactly how to use it because everything's going to be in the same place. It's just an evolution of the platform.

It takes around an hour and a half to license and configure.

We have a uniform deployment process and then that's followed by adjustments based on the client's specific requirements. They may have more LAN connections than somebody else, or they may have less of a need for additional VLANs. It's on a case by case basis. But I would say 95% of everything that we do is standardized.

I'm not the one that actually implements it. Full disclosure, I order the device, I get the device, I license the device, I update the device and then at that point in time, I have one of the engineers come remotely into the unit and then they do the final configuration.

On the licensing side, the way Kerio works, and this is what we have to tell boats, is that if you think that you're going to save some money one year by not licensing it and then next year, you're going to license it, you're going to end up paying for that back year. You're better off just keeping it up to date.

Boats are really like life. People want to spend money on things that are sexy, and software licensing isn't sexy. So that's one of the things that we have to go back and let them know that it's going to work as far as the basic functions go, but the features are not going to work and their security will be vulnerable.

There are no costs in addition to the standard licensing. 

Evaluating other solutions would be the responsibility of the CIO because everything that we do has to be agreed-upon on a standardized platform as we are the ones that are going to have to support it. We let any customers that we deal with that are possibly dealing with other brands know where our demarcation point of responsibility is because it's very much so once you touch it, you own it. If you go onto a boat and you touch one thing, you'll be getting a call for the next three weeks about it. It's an industry that you have to be very specific about what it is that you're doing and what it is that you're providing and supporting.

We have been made aware of boats that have had security breaches, but we were not engaged to support their network at that time. We may have just been only the satellite solution provider. It wasn't specifically Kerio Control, but the situation necessitated them to reevaluate their network and invest in their network rather than just have it as a passive source.

We don't necessarily use failover protection. If you have a failover seamlessly set, the boat or the customer won't know that there's been a failure. We don't use the failover because we want the boat to understand if there's an issue with one of their LAN connections.

For example, if you have a cellular and a satellite connection, and you have both of them set to failover to one or the other, if the satellite connection fails over to the cellular connection, nobody on the boat is going to know that it's failed over. Without the failover, they can identify that there's a problem and then that can be addressed. But if it fails over, nobody is going to be aware that there was an issue and then there's nobody working on solving or trying to figure out what that issue is.

My advice would be to have a plan. Have a plan in place and make sure that you document everything that you do. Certainly, if you're talking about multiple deployments, you don't want to run into a situation, for instance, where you have three different IT people and each one of them is doing a different type of configuration. You want to have a policy in place for a standardized configuration. From a support perspective, as well as a usability perspective, make sure those are being addressed.

I would rate it about a seven out of ten. The only reason why I would give it that rating is because MyKerio can be a complicated tool if you don't know how to use it. 

I was at the Monaco Yacht Show and I got a phone call from an engineer on a boat. They were very angry with the service speed of their satellite. We have customers that pay anywhere from $2,500 to $40,000 a month for satellite service. In this particular case, they actually had to send a tender in. They had to take me out to the yacht and I got out to the yacht and I figured out exactly what happened.

As I was getting off the yacht, they were explaining to me how one of the crew members had worked with Kerio in the past. When I got onto the boat, somebody had set a QoS monitor to limit the crew network for the satellite connection to only 5% of the allotted bandwidth, but it wasn't just the crew, it was the entire vessel. So the entire vessel was limited through Kerio to 5% of the speed of their satellite. That problem or that issue did not arise as a Kerio issue. They said, "This is a satellite issue. We're having a problem with our satellite." So that's an example of, if somebody doesn't know what they're doing, they can have a pretty detrimental effect on the network.

The thing about Kerio is that there's not going to be a dummies book for how to use a Kerio Control. It's really designed to be operated and certainly configured by somebody who is in the IT industry. From the perspective of users, if you're the administrator, you can log into this and you have full access to everything. Whereas if you're "just the user," we're going to hide all of this other stuff from you and the only thing that you're going to be able to do is say that the owner network can use the satellite connection and the crew network can use the connection. 

I would like to see a very limited or dumbed down version for the average user. You could literally just do a couple of checkboxes and throttle everything on the entire network and nobody would necessarily be the wiser.

We use the tool for hosting and virtualization.

The solution has an app manager and a portal where you can maintain all your Keri products. It is a firewall that includes antivirus and anti-malware, which adds security. The VPNs, both site-to-site and client VPNs, are pretty easy to set up.

The solution's VPNs help us to work from home or other locations. 

The solution's hardware is not that great and could use more improvement. However, the VM software and the virtualized KerioControl itself are pretty good. The software is good; it's just the hardware that needs improvement.

With KerioControl, it's much easier to see what areas to configure. Unlike Sophos and other devices, their security features are harder to navigate. But with KerioControl, it's just easy.

The tool's deployment is very easy. It can be easily accessed via a web browser or GFI web portal. One resource is enough to handle it. 

You can get ROI in months. 

There's a one-time fee. For KerioConnect, it's just a server. With KerioControl, you have an option. You can virtualize it on a VMware system or have the hardware. I think mid-range or desktop KerioControl hardware could cost around 2000 dollars for a 25 user client. You need annual renewal for additional features like antivirus. 

I rate the overall solution a ten out of ten. 

Primarily, I use Kerio Control as a firewall and for web-filtering user controls.

The filtering on the unlicensed version of Kerio Control is inefficient - you have to add each website manually, which isn't feasible. It also has no anti-spamming feature for emails.

I've been working with Kerio Control for four years.

Kerio Control's stability isn't good.

Kerio Control can be scaled easily.

The initial setup was very simple and took one or two days - it's on a Linux-based machine, so we just got the setup files and installed it. 

We used an in-house team.

I would give Kerio Control a rating of six out of ten.

I use Kerio Control as a firewall or IPS.

Kerio Control has helped my organization by hiding my private IP address behind the firewall and we use the proxy destination instead of my website.

I have found the most valuable features of Kerio Control to be the IPS and firewall.

Kerio Control could improve content filtering.

In the next release, it would be beneficial to have a new signature to the IPS technology. Additionally, some of the features are not able to be modified or configured, there needs to be more flexibility. 

I have been using Kerio Control for approximately four years.

The solution is stable.

I have found Kerio Control to be able to scale horizontally and vertically.

We have approximately 40 users using this solution. Many of them are administrators.

I do not use the technical support from Kerio Control. When I have an issue I find the solution by searching the internet.

The initial setup was simple, it was standard. It only takes a few minutes.

We have approximately two people that do the implementation and maintenance of the solution.

I pay approximately $50 for the solution on an annual basis.

I rate Kerio Control an eight out of ten.

Providing Firewall functionality, VPN connectivity and content filtering.

1. It decreased malware attacks in our network.

2. It improved employee productivity and data security.

1. The built-in anti-virus and perimeter security. 

2. The VPN feature.

1. The anti-virus and perimeter security functionality minimizes vulnerabilities in our network and better secures our data. This also decreases downtime of devices due to viruses and malware attacks. 

2. The VPN functionality has allowed staff to have stable remote connectivity on a secure and encrypted connection. This has improved the ability to get work done smarter and efficiently whilst working remotely (or from home).

1. More detailed reporting. 

 2. Sometimes you get a few challenges joining to a domain. 

3. Improved and simplified User Interface.

I have been using Kerio Control for over four years. 

It is a stable solution and we have not had any major stability issues in our four years of using it. 

It is very scalable. If you are using a Virtual Appliance make sure your hardware specifications are good then you can easily add licenses as your users increase. On hardware Appliances you might have to upgrade to a bigger appliance as your users increase.

The support is fine. The response time can improve. 

Yes, we switched due to the favourable pricing, many features and robust performance of Kerio Control.

The initial setup was straightforward. We deployed Hyper-V Appliances and everything worked as it should. Connecting the Appliances to MyKerio was pretty simple and hassle free.

In-house.

Our ROI is very good. The savings we have made after deploying were good. We have saved on downtime of devices due to attacks and man hours of the IT staff attending to these issues. This enabled us to invest time and resources into profitable projects rather than to support.

The setup cost is fair especially of the Virtual Appliances. The annual licensing is easy and priced fairly.

Yes we looked at Cyberoam and Sophos.

Kerio Control is a good solution which is reliable and easy to use.

It is mainly for user control, e.g., who is downloading the most.

We are using the latest version.

It helped a lot with the bandwidth because a lot of our clients complained that the Internet was really slow, then we found it's a Windows update or some guy inside the company using YouTube. With Kerio Control, we found out what was going on, blocked it, or pushed it down.

It helps the IT manager monitor their staff. As for the servers, it gives protection from the outside. Their intrusion protection works extremely well, so you can see if there are issues from outside in the log files. The whole system is just easy to read.

Right before the lockdown, we got requests for home connections like crazy from customers. We put all of them onto Kerio VPN, which is much easier for them. They log onto Kerio VPN and can see their local drives and servers, then they can work.

The VPN is a useful feature.

When you go under status to, "active host", you see what all your users are doing. We found that this is the most useful feature.

The security features are quite easy to use. It gives us everything we need in one product.

The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked.

The antivirus is good. Since they changed over to a new provider (GFI), we haven't had issues with it.

A little bit more info when we search on the client under active hosts. We would like to see a column to say what is going on: Is it encrypted? Is it HTTP or HTTPS? Is it connected to a gaming services?

I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN.

Since 2006.

The stability is good.

The VPN features are awesome. The only issue that we had is when they changed versions. They removed a security feature and blocked out all the old VPN connections. As a service provider, we had to do an update for a lot of clients' VPNs after their update came out, which created more work for us.

The scalability is awesome.

For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.

We have five to six support technicians who work with Kerio Control.

I have never used their technical support.

The initial setup is straightforward. It is easy to install. You just put in a memory stick and boot it up. Or, you just start up the device and follow the on-screen prompts. The deployment takes five minutes.

We do use the online services Kerio provides for our implementation strategy.

Our clients see ROI with Kerio Control, as they are saving bandwidth costs.

Kerio Control has saved time for the members of our team who manage security. It can save us two hours to a day, because if we use Mikrotik or something else, we have to sniff through the logs. With Kerio Control, we just log on and can see immediately what is wrong.

We tried FortiGate and Mikrotik, but they don't do what we want. Licensing is easier with Kerio Control. Also, troubleshooting and implementation on a network is much easier. You don't need to call support all the time. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on.

It tells you what your users are doing or what is happening on your network. It goes into detail and you don't find that on FortiGate.

The way that we sell Kerio is we show our customers what they can do with it. They don't really care much about licensing after they see that you can view each person one by one to see what they're doing. 

I would give the product a 10 out of 10. I have been using this solution for an extremely long time. It is very helpful. With clients that don't have Kerio and have issues with their network, then we'll install a demo version of Kerio, fix the errors and problems, showing them what Kerio does. After, we'll take it out and put them back onto their normal router. It will take about a week or two weeks later, then they will phone us and say, "Please send us a quote for Kerio."

We use Kerio Control as our firewall.

The Kerio Product has come in handy in the area of Firewall management. Having visibility into the entire Organization through a dashboard. 

The firewall appliance itself is the most valuable feature.

I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. 

The GFI features that come with Kerio are stated below. When paying for the licenses we pay for license for everything yet we only use 5 products.

We only use 5 products out of the 10 we’ve paid for. We should have the option for paying for what we use not a blanket cost for everything

Internet aggregation and SDWAN Technology: The firewall should  allow growth in terms of allowing connectivity to SDWAN technology available in other firewall appliances.Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses who need multiple links to the internet. They’re also useful where you are using multiple links and would like to connect to other sites, such as branch offices or cloud services.

Its local support and scalability is  also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.

Cloud Support: The Firewall should have cloud support especially hybrid cloud support.

It should allow device identification without just stating that the devices are unrecognized-"unrecognized devices"

Sandboxing is one of those important firewall features that end users don’t even know is there. It takes a file or executable as you’re downloading it and opens it in a completely isolated and separate “test” environment.This is missing.

We have been using this solution for around one year. We are working with Kerio Control and other GFI products that come with it.

It has been a stable product. We haven't had any issues apart from yesterday when it somehow froze. It was the first time we experienced such an issue. 

Scalability is a bit of a challenge because you need to buy a new product if you want to upgrade to new technology. 

In other firewall products, you have options for scalability, but for this particular product, such an option is not available. For example, FortiGate firewall provides added technology capabilities that allow it to grow a bit. In Kerio Control, if I want to bring new technology like SD WAN, I need to buy a new product, or maybe do away with Kerio Control and use a new technology altogether.

At the moment, there is no proper local support for Kerio Control here in Kenya. It is hard to get service or assistance for anything. This is the challenge that I faced in using a Kerio product or a GFI product.

I used to work with Cisco products. We switched to Kerio because they promised a lot of products, and the initial cost was less as compared to other products.

The initial setup is pretty straightforward. I learned this product on the job, and I never got any hands-on training. I just went to YouTube and oriented myself with it, and then I set it up quickly.

Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products.

I would rate Kerio Control a six out of ten. Its local support, scalability, and pricing model need to be improved.

It's the firewall and the router for our network. That includes both the public side and our private side as well.

We were having issues with feeling more secure. Keio Control has made me feel like our network is more secure. Also, the VPN feature was easier to manage and assign to different users. There's no more downtime with our VPN. It just works.

Kerio Control has saved time for the members of our team who manage security.

We've increased the amount of clients that use VPN. It's very easy to manage and very easy to setup. All we have to do is set them up with an account and then download the software to their computer. It just works. There has been a 50% increase.

The intrusion prevention is good. I like the fact that it's always up, it's always secure, and it never lets us down, never locks up. It just works.

As a firewall, it keeps our public and our private networks separated and also from any intrusions from the outside. 

In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.

It provides us with everything we need in one product.

Because of the reputation of Kerio as well as all of the great things my IT company recommended, it's easy to trust a company like this for our intrusion prevention and for our security. It's really easily laid out and it just works.

The malware and antivirus features keep themselves updated once it's turned on. You don't really have to worry about anything. It scans all the incoming email and it scans for web traffic. It just works in the background. You don't even know it's there until it finds something.

The VPN feature works great and it's secure as well. I'm impressed with the speed at which it works and how easy it is to access over the VPN.

There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.

I have been using Kerio Control for two years. 

It's extremely stable and the uptime is incredible in terms of how it stays connected, and we have had no issues in over two years of using it.

It can scale and grow as we grow. It has very impressive features. It is a little bit of overkill for what we use it for. But I think it's worth it. I really do. I don't mean for it to sound like a negative. I chose it on purpose, even though I knew it was a little bit more than we needed. Because of the security features and because of the reputation that it had coming from our IT company, I really saw no other option.

Only I manage the device and I'm head of our IT department.

We have roughly 10 VPN users and 20 or so computers. Then we have at least 75 to 100 devices that connect to it at one time on a Sunday. That connects to the internet and it's able to handle the traffic and the bandwidth management perfectly.

It's more than adequate for our size of business. I know it's made for larger companies than ours, with more employees. But it works very well for us and it's easy to manage. It's robust and very consistent. 

I've only had to use technical support once and it was on a VPN. They updated the VPN protocol and I had a question about it. They immediately got back with me. It was easy to deal with them. They immediately had the solution that I needed.

Our previous solution was off-brand. We upgraded because it did not have enough bandwidth to support our faster internet speeds. That's the real reason why we upgraded. It was not able to have a VLAN and a second LAN for our public site. That was another reason why we upgraded. We didn't feel it was as secure as Kerio.

The initial setup was straightforward, with the exception of the VLANs, and setting up a second LAN. Other than that, it was straightforward.

The deployment took two hours. 

The IT company went through and showed me all of the settings and gave me a tutorial on which features I needed to use and how to turn them on and what they meant. As far as the rest of our office staff is concerned, they just needed the VPN protocol setup. I was able to do that on my own because that was really straightforward and easy.

They set it up for me. They plugged it in for me and then explained all of the features to me and helped me set up some of the features. I was then able to easily find videos online and some instructions to set up other features that I wanted, like content filtering.

Having seen the process, I could easily do it again without their help. I just needed a little bit of a push from them.

We have seen ROI. 

I would encourage other people that when considering pricing, you really have to think about how important your network security is and how you're going to save time in the long run on managing your network. It's worth buying a product that's top-notch and the best quality. Your network is worth it and your employee's security is worth it.

We also looked into Ubiquiti UniFi system and decided to go with Kerio.

Kerio ended up being a much better solution. 

I would rate Kerio Control a ten out of ten.