KerioControl Reviews

It's the Edge firewall for my business. I'm a small business IT consultancy and I'm subcontracted out to a larger organization. It's really just me working from home, which is a bit more permanent now, but we do have a couple of other side projects I work on with a couple of other partners. One of them is a financial trading solution, so we want Kerio to beef up the edge security to make sure that the solution itself was secured nicely because it meant building out a rack of a couple of rack-mounted servers and beefing up the solution. 

Being an SMB, we do find that Kerio fits our needs. It fits nicely in that space because any time that I've been to an enterprise it's pretty much dominated by Cisco products. A product like this probably wouldn't get much air time to get in the door of a really big organization, whereas a small to medium-size enterprise where they're big enough to have some sort of IT presence, it would probably fit in nicely. With an enterprise that's my size that doesn't have an IT presence, then they'll probably use some sort of managed service solution.

We wanted to beef up the firewall and not just run off some sort of IoT style firewall that's built into a modem. It didn't seem to be adequate for our needs. So that's where we went into Kerio because at the time, we had some remote desktop services running and we were getting a lot of attempted cyber attacks coming out of China and a few other places. Kerio was one of the few that could actually geo-block, which was really quite handy.

Its primary job is to protect us and give us a degree of comfort. We're putting a lot of effort into creating a financial trading system. We want some comfort that it's secure behind the quality firewall and that's really what beckoned its purchase. The fact that we've not had any issue indicates that it must be doing that job reasonably well, and the fact that we don't get any of those attempted attacks from the block in China, because of geo-blocking, is probably the strongest feature for us. I wouldn't say it improves what we do because it doesn't affect what we do. It's really just security.  It's a tool to improve our security profile for what we do.

We don't expose our remote desktop connected servers to the internet anymore. But when we did have that, because the security log is a really easy thing to set up, it would show you all the attempted, brute force attacks. That's now down to zero. We don't get any brute force attacks, but at the same time, we don't expose the Port 3389 out to the internet. We could achieve the same result with a domestic firewall in a domestic router. However, this gives us a degree of comfort that we can actually analyze any traffic that looks a bit suspicious, inbound, or outbound. That's a definite step change compared to what we'd have in an out-of-the-box type of router.

Security is there to slow things down and make things a bit tricky. That's its bottom line. If security is easy, it's probably being done wrong.

Certainly in the first few months of using it, it was quite time-consuming to get a configuration working that was reliable. Because I work from home, I originally had it protecting everything coming in and out of the home which didn't work well at all. It's protecting the home office and the server environment. Everything else just goes straight out of the domestic router out to the internet because we've got IPTV, with kids on devices. They don't need such a high level of protection. It would be nice to give them that because if you've got this perimeter that's protected by a really good quality product, you want to protect everything.  But when we tried that, it seemed to struggle with the high volume of traffic that was being generated by the IP cameras, the IPTV service, and the myriad of devices and iPads that we have in the house. So we stopped using it for that purpose.

The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

The geo-blocking is essential because the partners we deal with are typically either in the US or Australia. We know where our traffic needs to come from and we don't post anything publicly that the general world needs to see. It's just a few discreet services that need to be hosted on this financial trading stuff.

The integration of Active Directory is very good as well. We don't use the VPN service. We use VNC. We get mixed results from the QoS, but that's another good feature. Really, dashboarding, track, and monitoring are the most important features for us as well.

We are about to test the high availability and failover protection because one of the issues we have is the device or the Hyper-V host seems to need a regular rebooting, which isn't an issue directly in itself, but it would be nice if it could do that on its own. We can't find a feature to do that. That's the complaint I'd have of that and the HA might solve that problem for us. So we'll give that a go.

Out-of-the-box, the overall comprehensiveness of the security features is pretty good. It's not just a firewall, it's kind of a firewall proxy, reverse proxy, everything out-of-the-box sort of solution. It's pretty comprehensive. I can't imagine wanting anything else, because for me as a consultant, it's not just about protecting the environment. It's also about having something that's commercial-grade because when you go in as a consultant, you need to be exposed to these tools and you need a lab environment to test these tools out. This is as close to a good commercial tool that you could possibly ask for.

In terms of the availability issue, I've considered that there are hardware options as well, which is nice. We're not sure if that will be an improvement over using Hyper-V, but that's to be decided.

The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.

The last time we used the antivirus, it seemed to slow down some of the connections. I didn't dig too deep into it, we just turned it off and it seemed to rectify the problems. It's hard to say whether it was that directly but it seemed to be creating a bit of overhead on the connections.

The reliability is its biggest downfall. I don't expect to be rebooting a product like this every couple of days. In fact, it's become a start of day thing just to reboot so it doesn't let me down in the middle of a team's call or something like that. It's quite slow as well. I could be on a team call and it would drop the connection. Then we'll get a warning that we've got poor call quality and as soon as you restart the device all the problems go away. There's clearly maybe some sort of memory leak problem or something in there that's affecting its reliability.

We've just had our national broadband network connection today, which is a high throughput connection. We will be reconnecting the entire household through the device, to see how it copes and we'll see if it improves anything.

I have been using Kerio Control for two and a half years. 

If I came across a client that was a small to medium enterprise, I'd probably recommend it, but a lot of them have a solution in place now anyway. It's hard to get those opportunities for new business in that regard, but I reckon it would probably scale quite well. I'm at 25 licenses, but that's only because we have so many devices in this house. It looks like it probably would scale. As I said, with that level of reliability, that probably would be an issue if you wanted to scale 100 to 200 licenses.

We did try the proxy feature, but once again, that failed miserably. It ran well for a few weeks and then it died on us, and it was really quite hard to diagnose what had gone wrong. We turned it off and went back to a previous configuration which was a bit disappointing. It comes back to that reliability, whatever it is that makes it conk out is clearly a problem.

I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.

We tried a few different Windows-based products. That's how we found Kerio because it offered a Hyper-V solution and it also offered a hardware solution if you wanted. I'll try the software one first and see where we go. There were a couple of other products we used before. Originally, we used to use Microsoft, the ISA server back in the day because that got swallowed up by Fortinet and we didn't touch that. 

There was another Windows product, WinGate. That has a really bad reliability problem. It would stay up but the connections were very slow going through that thing. Maybe it was poorly configured on my part, but it just seemed to be incredibly slow at managing the connections. We'd notice a very latent response from web pages and it never, even though it had a massive caching there for caching pages, it just seemed to never be as quick as bypassing the WinGate software. That wasn't virtualized. That was running on a native Windows server at the time so that was really quite poor in terms of performance.

Given that it's a Linux deployment, the support it offered, like giving you a Hyper-V client out-of-the-box, is fantastic. It's a really clever idea because you're not then left with a painful configuration of spinning up some sort of Linux host and then trying to do an installation. The fact that it comes pre-packaged with Hyper-V images was a very smart and clever move because that made it a lot easier to get it going if you like. Getting that up and running was quick, it was just a configuration, and finding the right configuration was the hardest part.

The deployment was less than half an hour. It was very quick to get it up and running and get it operational. It was just fine-tuning that configuration to suit my environment that took the time, which I would expect of any device, no device is going to come out-of-the-box and just work like magic unless you've got a really simple environment. Whereas I've got a home environment, where it's just me as a small business, but I've got that many servers and hosts running.

Our strategy was to take it out-of-the-box and get it working.

The setup was pretty easy. The external remote control was really good and simple. It gave extra manageability on the road which was good. It was pretty straightforward.

In terms of maintenance, it's just me. In terms of my time, it doesn't take much time at all. I'll hardly make any changes to it. Now it's running fine. The only next thing I'll be doing is trying out the HOA.

With security, I don't think you can calculate ROI. It's not easy to call a return on investment with security products because anything security that's done properly is going to be a cost overhead. That's by its very nature. If security is quick or cheap it's probably wrong. I don't look at it as a return on investment, I see it as security. A bit like saying if I bought a new car and they said, "I can save you $500 if you say no to the airbags." For 99.9% of the time, you'd be saving $500, until one day it costs you lots of money and maybe your life. I see it the same way.

It's not an optional extra, it is an overhead that you have to pay if you want to secure an important asset. You've got to weigh up how important that asset is against how well you want to secure it, and that's where you say, "Well, it's going to cost you the price of a Kerio license, the price of a VNC license, sort of remote management. And that's what it costs to manage and secure properly those services." I'd say we've achieved that. It's hard to really put a return on investment with security.

I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that. It's not terrible. It's actually cheaper than what we pay for VNC. We probably could save money thereby utilizing the Kerio VPN and not VNC. For a firewall proxy solution, it's probably a bit on the higher side price-wise.

We have to provide our own Hyper-V host to spin it up or buy the Kerio hardware, but otherwise, there are no other costs.

I'm experienced in networking, but I'm not a network engineer per se, I'm more software development. The fact that I was able to get it set up and going with minimal fuss was definitely a plus for the product. I've seen products before where you can get them running, you make the slightest configuration change, and the whole thing comes crashing down. It's quite a stable product in that respect and it does look after itself quite well. For example, risk proxying solution and buying a GoDaddy certificate to secure a couple of APIs was a piece of cake. It really didn't hurt us at all. I think the important lesson there is, if we had tried to do the same thing with a NETGEAR sort of a firewall with a built-in firewall product, I think we would have had a hard time. Kerio definitely has made it easier.

I'd say give it a look for sure. I'd totally recommend it.

I would rate Kerio Control a seven out of ten. If I didn't have to reboot it so often, then it would probably score a nine.

It's not a cheap product and it's not a particularly reliable product at the same time which tends not to be a good mix. Something like this should be able to cope with my entire household, every device I throw at it, and it should be able to cope with that fine. It clearly didn't two years ago. We'll try it again in about 24 hours and we have to hook up this high-speed connection to it and we'll see how well it performs there. Reliability is about the only qualm I have with the product.

• Firewall
• Security
• VPN

I use it both within my company and with its clients. I work with Windows Servers, small to medium-sized businesses, and under 100 users.

For product versions, we use the 1100 and 1300 series along with NG100, NG300, and NG500.

Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great.

The solution has increased the number of VPN clients extended to those outside my environment by 30 percent. 

My clients are pretty lax about the content filter, but it works well. For the most part, they want to keep their employees pretty happy. Therefore, they are not too strict about what they are viewing. Obviously, they don't want them surfing any adult sites or anything like that. But, for the most part, they do allow shopping at work and things like that. They're more relaxed about it, to a certain degree.

The VPN and security are the most valuable features. In the current climate, with people working more remotely, it is nice to have a solution that is flexible and provides multiple features, such as, being a firewall and VPN.

The antivirus works pretty well.

The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects.

The malware features could be improved. In the large systems, it could use a better alert system, as far as things happening. I get a lot more information from Kerio Connect, as far as alerts, but not so many through the Control products.

It's pretty easy to use. Although, the interface could be improved upon. Certain settings are thin to a certain degree, whereas they should be put more to the forefront and right in front of your face. I would give it a seven out of a 10 for its ease of use.

Almost a decade.

It's pretty stable. I don't have too many complaints about the product.

I'm a sole proprietor. I don't have any employees, so it's just me.

I deal mostly with small businesses, so it scales well for that.

When GFI first took over, there were issues. There were issues contacting them. Even recently, there have been some issues with the MyKerio site. I was getting false notifications, and that basically took a month to resolve, which I thought was wrong in today's environment. I rely on notifications, and it was giving me false notifications. I had no idea if systems were down or not, so I was a bit disappointed.

I have used a couple of other brands, like SonicWall, but not in a long time. 

Kerio Control has more flexibility, e.g., VPN with the Kerio Control Boxes. Though, some of the other products do have better reporting.

The initial setup was pretty straightforward and intuitive. I just need to have some of the information of my clients in front of me. The only thing would be to tweak bug filters and content filters a bit, depending upon your client requirements. However, getting it up and running, it's pretty straightforward. 

There are wizards. You can just follow the wizard, pay attention, and be all right.

I haven't used all the features yet, e.g., I still don't integrate Active Directory.

I use the Kerio Control Boxes. So, I receive it, test it, register it, and update it, then take it out to the client, reconfigure it, and tweak it. This takes three hours.

The solution has saved time for me. It saves me five or six hours a month, where I would have to go run back and forth between clients. If I'm out in the field, I would have to run back to the office to get something or check something. Therefore, it has saved time for me while being onsite and having to access information that I need quickly. For the most part, the security has been good. I haven't had too many issues. Though, the reporting could be better, so I can see specific data on their systems.

I've used them for VPN tunnels to connect offices. For one of my clients, the return on investment is rather good, because there are software products out there that charge on a yearly basis for subscriptions. Using the Kerio Control VPN, there are no yearly subscriptions. So, it has saved them money.

It gives us a lot. It does prove to be a very robust product for the cost.

The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue.

The solution’s firewall and intrusion detection features are average. They're not spectacular, but they do the job. For the price point though, it's very good.

The solution is pretty reliable. It is flexible, e.g., if you have an old workstation, you can turn that into a Kerio Control Box, which is nice. I'll continue using them. However, I believe that their end of life and maintenance fees could be a little more flexible, as far as the cost of the maintenance fee and the length of the lifecycle of these devices. 

I would give the solution an eight out of 10.

We have over 50 office staff that we use Kerio Control to protect, monitor web traffic, and cloud-host environments. We have a VPN tunnel from outside vendors that we keep connected to our environment and we use it as a switching device between some of our hardware in the hosting environment. We also use it for the security function. 

Our primary use case is for intrusion prevention from attackers, from wherever they may be. And also for doing the quality of service because we have a lot of remote users, especially during this pandemic. We can control the quality of service with phones and network devices, as well as the antivirus scanning. We use the whole gamut of pretty much everything that Kerio has to offer.

We're still a small company but we are pushing what the software is currently able to handle, while it seems to be geared towards small-medium business.

Content filtering used to be that you had to block specific websites that you didn't want somebody to access, or you had to write a specific rule to say that something is accessible or not accessible. We can apply Kerio-provided categories and rules without having to define large scopes of protocols or malicious websites. That part of it has come a long way in the last five to ten years.

The GUI is the best part of the product. If another team member needs to get in there to do something, it's a really quick click and it's done. There's no learning through command-line tools.

On an annual basis, we save not just hundreds of hours but also labor costs. Over the life of the product, I'm sure it's in the tens of thousands of hours because we don't need an inhouse specialist in Kerio technology.

The ease of use in the GUI itself is the most valuable feature. We like the traffic rules so we can control who has access. It's easy to determine the flow of the traffic itself so we don't have to educate on command lines and reading out command-driven output. It's a very easy-to-use interface.

The comprehensiveness of the security features is fairly good. There have been some suggestions that we've made to the GFI team that we would like to see for performance. As our company grows, we need Kerio to grow with us, and so we've suggested some ideas on making the Kerio Control appliance perform better for more users because it can become sluggish under heavy loads.

In terms of security features, Kerio gives us most of what we need. There are some granular items that we would find more useful when we want to stop a particular region from access. 

The firewall and intrusion detection features are really good, it just needs a little bit more fine-tuning.

The content filtering and VPN features are great. The vpn client is ssl based, so no key cipher matching is required when setting up without information in front of you.

The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a toll on performance. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time; it is currently running on an end of life linux kernel.

I personally have been using Kerio Control for 13 years but it's been at my company for close to 20 years.

The stability has actually improved quite a bit. There were some bugs found in previous versions up until about last spring, and then they concentrated on fixing some of the issues causing us some problems. As of the last update, it's very stable.

It's not very scalable when you start to get into the hundreds to thousands of users because the performance of all of the functionality isn't quite there yet. We're hoping that's remedied with some updates coming down the line.

Kerio is pretty much the backbone of everything that we do. Keeping all of our customers connected to us, keeping our staff safe online, and getting our staff into our cloud environment.

The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.

It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.

I did not have any experience with another similar solution. In fact, I had never heard of Kerio until I started at my company, primarily because Kerio was fairly small at the time. They were based out of California at the time. They were a small company and generally fit into the 100-users-or-less environment. When you would hear about other vendors, they generally ran in the thousands to tens of thousands of users and you just didn't hear about Kerio in that product line.

We take other solutions into consideration based on the growth needs that we have. As our cloud environment gets larger, if the Kerio technology is not able to keep up, that's always under consideration.

The process was pretty straightforward. Something that I expected to take days to weeks took about two or three hours.

Network security should not be planned around providing a return on your dollar in terms of a payback in the administration of the process. It should be planned around providing a level of comfort to management that intruders are being kept out of the network, errors and omissions are being kept to an acceptable level of risk.

Price-wise, it's very affordable. Whether you're a smaller or larger business, whether you're five users or a couple of hundred users, the pricing is very fair. The performance of it is what determines how you want to license it because you can purchase a Kerio appliance. We try to make use out of everything because we like to keep it in one place. It has fit our business size and needs.

Some of the main differences between the other solutions and Kerio is that Kerio has made their subscription service fairly universal. You get pretty much everything with one subscription. With some of the other vendors, you have to subscribe to each module that you want to use. On the other side of it, other firewall vendors tend to be able to handle in the millions of connections, hundreds of thousands to millions. And we see some of those limitations with the Kerio appliance because of some of the aging architecture of it.

My advice would be to follow the hardware requirements of Kerio and make sure the equipment that you have can run the connections for the number of users that you intend to run and are being planned out to be successful. Working with the Kerio team to determine your needs works out very well. 

Not all firewalls have to be difficult to learn. Kerio has made it a really easy-to-use product.

We mainly use Kerio Control for the phone systems. We use it like a VPN network so that I and a couple other guys can take our computers home and work from home. That's a great feature. We love that because you can sign in at home and be like you're in the store.

We have five locations and, for the person who controls it we have it set up in our main office. The ease of access, of being able to change a voice message, it links to that. The person who controls it can approve it and then she just plays it. That's great for when we have to do a holiday message or special events are happening. We love that feature. 

I love the VPN that we set up. A few of us have it on our computers so that if we leave, we can still access the stores. And we can work from home if needed. When I sign into that Kerio VPN, it links me like I'm sitting in the store. It puts me in our secure network so that I can sign on to each individual store and I can run numbers. We work through ICS Vision for our stores. We have a corporate plus five stores and it lets me link to all that. If I have to work from home, it's so much faster than the way we used to do it. It saves me a couple hours of each time I use it from home. It also saves me from having to drive in.

It's the overall ease of everything. It seems to have pretty seamless connectivity for linking our stores.

Also, the firewall and intrusion detection features seem to keep people out of our servers. I know it's a little bit of a process to try to link something new into it because the firewall is very secure, but we haven't had any issues with malware attacks on our end so it must be stopping them.

We haven't really had any major issues. But when we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly.

We have been using Kerio Control for about six years.

The stability has been fine. We have no concerns or complaints.

In terms of increasing usage, that's going to end up being discussed in a meeting with our IT guy to see what capabilities it has, how we could expand it, how we could grow with it, and how it could help out day-to-day business.

I've been with the company a little over three years now, but when I came in as general manager it was already in use. The upgrade is the closest that I've been to a deployment.

From start to finish, when doing the upgrade, we were back up in an hour, including the issue we had. Our IT guy let us know what was going on and that there was a series of events he had to do and he did them and we were good to go.

From the old way we used to do things, it's night and day. Before the company brought this on, it was pretty old-school in how it did its phone systems and messaging. The efficiency has doubled, but the company also used to use answering machines way back when.

I've never seen any additional costs incurred or involved, other than the initial.

The biggest lesson from using Kerio Control is the untapped potential there is to link to everything and streamline our business. That's really what it's about for us. Obviously, there's more out there for us to do with it.

As an SMB, Kerio Control is a good fit for our environment. It serves what we need done. I would recommend it for a smaller business because the ease of use and the access it allows us are great.

I use Kerio Control is several different places. I use it at home. I also have a firewall at my grocery store. I have a server on the internet that uses Kerio Connect, and I have Kerio Control in front of it.

It has improved my organization because I am able to back the mail server through the tunnel to my house. All the video cameras at the store get copied and backed up to my house as well. For example, if I had a break-in and someone took the video server, I would still have copies of all the videos.

Kerio has saved time for those who manage security. It notifies me whenever there's a problem or when something goes wrong so we don't have to constantly watch the screen. It saves us 20 to 30 man-hours a week. 

The custom firewalling is pretty intuitive. You don't have to sit there and learn a new language or anything like that. You can just block this, open that, allow this, just allow that. With a lot of firewalls nowadays, you have to know a language. You have to sit there at the keyboard and type in special commands, and those commands are not used anywhere, just for that particular brand of firewall. Connecting the two up in two different locations for a tunnel is easy.

The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature.

Kerio Control gives us everything in one solution.

The firewall and intrusion detection features are pretty good. I haven't had an issue that I know of. I hope no one's gotten any. I think it's good.

I also like the malware and antivirus features. It's sitting in front of my email server and the email server has antivirus too. The firewall catches it before the email server even catches it, so they work pretty well.

I like the VPN but I don't use content filtering that much. It works pretty well but a lot of times kids can get around that kind of stuff. I don't have kids that age anymore, so I don't have to worry about it. I don't use the content filtering that much.

Kerio is easy to use. If you don't know tech, you can't just get up and do it. Nothing can be that easy, but you don't have to be a rocket scientist to do it. `

The only thing that I have a problem with is not so much the product itself, but back when Kerio had it, I could call up Kerio or send an email and do an upgrade online. I could renew my subscription online. But now, I have to go through a third-party, and it seems clumsy. 

I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working. I used to be able to go to Kerio's website and then add the stuff to my cart, use my credit card, and it would bill me. Everything would be working in a few minutes. But now, if your subscription is getting ready to expire, you better give it a week or two.

I have been using Kerio Control since the late nineties when it was called WinRoute Firewall.

The stability is really good. I haven't had any issues whatsoever. 

I'm not a large enterprise, so I don't know how well it scales. But I imagine if you were to throw bigger hardware at it, it would scale really well.

I'm the owner, so nobody else touches Kerio except for me. Everybody else uses it as part of their job. They don't really know it's there.

My company is small-sized and Kerio is good for it. It's good for small and medium businesses. I've never used it on a large or an extra-large enterprise, so I couldn't give my opinion on that. I would imagine it could, I just don't have any experience.

I haven't used GFI, but back when Kerio had it, they were very good.

They were very responsive. A lot of times you call the company tech support and they want to treat you like you don't know what you're doing. It's a "Is the power plugged into the wall" kind of a thing. They're very fast to understand that it's not the user that they're talking to on the phone. That the user they're talking to on the phone knows what they're doing to an extent and needs some extra help. It saves time. But I haven't had to call GFI yet, other than when my key wasn't working. It was an email. When I renewed my subscription, the keys didn't update. They had a problem with their update process, so the person had to go and manually update all my subscriptions. It took a few days. 

At first, they didn't understand, because they said it's just automatic. Which it's supposed to be. The next day I told them that it didn't update. Then finally looked and they did one subscription, and then I told them that my other subscriptions didn't update. 

At first, I was supposed to read a manual on how to do it. But I was doing everything that was shown, it just that their process behind the scene wasn't working. It's the online thing, so it was updated. However, my server wouldn't get the notification that it was updated. They thought I was not doing the website properly because they would tell me to go to the website and hit update. It first started as if I was a user that didn't know how to do anything and then they realized we had a problem. I fixed it. It should have been a lot faster.

I did try out another solution called Unify but it wouldn't work very well. I couldn't get the VPN tunneling to work. The GUI was not intuitive and it was all over the place. Things were not all in the same spot. 

I actually bought several of them. I was going to go away from Kerio. I didn't like the way Unify worked. You had to have a gateway key in order for it to work. You took two devices to make one device work. I ended up scrapping that project and kept Kerio.

For the initial setup, it walks you through a wizard. I've just never used that. But the wizard can set up a very basic bare bones, don't let anything in kind of a setup, which works. My setup is more complex. I have VPNs and tunnels. Any IP on my network has to be logged in, in order to get out. Mine is more of a complex setup. The ease of setup is pretty easy if you use the wizard. It just asks you a few questions and that's it. It's a bit more complex when you do it yourself. 

The deployment took a couple of hours. 

I have seen ROI. All the attacks, malware, and viruses that have been stopped are nonstop. The people out there are attacking all the time. It's nonstop, it never stops.

We have peace of mind that our solution stops all those attacks.

Get the GFI unlimited, unless you're only going to have it at one spot. The pricing for the unlimited is a pretty good deal.

I looked into Palo Alto, that had a lot of features and everything else. But when I tried to contact them to get a price, they didn't give me the time of day. They wouldn't even return my call. At the time I was a director for a very large company and they still ignored me.

Make sure the person that's doing it knows what they're doing. If you're not getting overly complicated, pretty much anybody can do it. But if you're going to get complex, you'll need to have somebody that knows their way around or else you might make yourself vulnerable.

If you have a tunnel and you have to change certificates because they expired, you do it in the right order, or else you might have to travel long ways to accept the key on the other side. If you create a new key for the tunnel and apply it, the tunnel is down until the other side accepts the key. If going through the tunnel was your only way there, then you're now traveling unnecessarily or long ways. Luckily for me, it was not too far away. But if you have city to city and you have no one on the other end that has the ability to log in and accept the key, then you're going there.

I would rate Kerio Control an eight out of ten. 

I haven't had a lot of experience with the new owners and I'm worried that they're going to sunset it or not give it the attention it needs. That's just my thought, I have no proof or anything like that. 

I use Kerio Control because it is one of the few firewalls which allows easy failover from two separate internet providers. It also has virus protection built-in. I use it to have reliable access to the internet, which is virus-free and which fails over if one of my internet providers drops — and they do sometimes when it rains. Those were the reasons I wanted Kerio Control. And it just works; provides internet.

We are a very small company, and started with two users. We have now four users who use it on and off. There are nine or 10 computers. I, myself have three or four computers working at the same time. I'm not really dependent on cloud, but I use internet very much in a lot of situations.

It's deployed onsite but as a virtual machine in a Windows server.

Being an SMB, Kerio Control is nice-to-have. It fulfills my needs completely. 

It allows the users I have to use email without any problem, without their having to know anything about the fact that there is a firewall which protects them in different ways. I might spend an hour per month on maintenance of the Kerio system. So it's very transparent and very hidden. The best thing is the fact that nobody notices it.

It has helped me save time. It allows me to get on with my main work, without spending any time on security or worrying about threats to the data I have. Without it, I would have lost a lot of time. A long time ago, I spent a lot of time cleaning computers, removing viruses, etc. That has all gone away since I have had this set up, as part of a three-layer defense.

The failover has no effect on security. It only affects the availability. There used to be a situation where I had two internet providers with different speeds. If my main provider was down, it would be backed up by the other and I wouldn't notice that it was a little slower, and I wouldn't notice that one of my internet providers was unavailable. This guarantees that I always have internet availability. We had some technical problems with one of the lines which was very sensitive to rain — which sounds weird, but okay. And this setup allowed me to not think about it anymore. Since then, internet speeds have grown and at the moment it's not a big issue, but I'm sure that both of the providers drop once a year for a day. But I don't notice it, and that's very important for me.

The most valuable features include 

• being able to attach to two different internet providers
• the ability to map which ports you will allow in and out of the VPN, which is built-in 
• the fact that it reliably works without any attention.

I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN. This VPN is different from most other VPNs, although they have used a standard version. It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there.

I have one or two VPN clients, at most, that are active at one time, so it's there if needed when I'm not working at this location. It helps me a lot to have a reliable VPN client. I have no performance issues when working through VPN.

Kerio Control also has some authorizations so I am able to block internet access for certain hours for certain people.

Overall, the security features are adequate. They do what I need. I don't have much experience with anything else, so I can't compare, but they completely solved my problems.

The firewall and intrusion detection features don't hinder me, and I haven't had any attacks, as far as I can see. I want a firewall to be unobtrusive. I don't want to notice it's there. It should just do its work and protect me and not hinder me when doing real work, and that's what it does. It's very good because it shouldn't be noticed, and it's good at not being noticed and doing its work.

Overall, I don't have any problem using Kerio Control. For me, it's very easy, but I've been working in software for some 50 years.

I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is.

It might also be interesting to have a GFI-approved, Docker-containerized version of the Kerio Control system.

I have been using Kerio Control for more than 10 years.

I don't remember any glitches. I haven't had problems with it for a very long time. But I use it very specifically for a certain purpose and that works fine.

It's very hard for me to give a correct estimate of the scalability, since a lot of overhead in my situation is caused by the fact that I run it in a virtual machine. That means the bandwidth which it can process, which would be scalable, is downgraded because it's in a virtual machine. That's not Kerio's fault.

I have no plans to increase the usage in the future. For me, it's adequate because I have a lot of leeway. I have enough bandwidth available to fulfill my needs.

The problems I've had with Kerio, when I wanted to change something, have always been solved by consulting the Knowledge Base.

We are located in Holland and there is supposed to be Dutch tech support, and there is an American tech support, as far as I know. The bad thing about the American tech support is that reaching them by phone is difficult and by mail there's a certain turnaround. So, I'd rather rely on the Knowledge Base so that I'm not really dependent on the person on the other side.

They have an extensive Knowledge Base and, if you can't find something there, you can check the internet and there's enough available.

I switched because I wanted something which had the possibility to handle two different internet providers, two network cards, and do load switching and load balancing. The other solution I used didn't have that.

The initial setup is easy. I know what I want to configure so it's easy, no problem at all. 

The biggest problem I have is using it as a container on a virtual machine. You have to connect your hardware network cards to the internal virtual machine. That's a problem that Kerio won't be able to solve because it's the environment I have to create to let Kerio work in the way I work, and that is probably different than most users. But if you use it on a simple PC, it's no problem at all.

I reinstalled it recently and it took me about half an hour, and part of that was getting backups right, etc.

As for an implementation strategy, I changed the system my Kerio was installed on, so I first did a trial-install to figure out if everything worked. After that, when I did the actual production install, it was done very fast because I had tried it out before.

It does its job. Converted into hours, it doesn't cost more than five hours per year to pay the price for the 10 users I have. That's a good deal for me.

Having good internet access is a very large requirement for me to do my work. Internet is one of the basic tools I have and I need a firewall. Your internet provider will give you a box that has a simple firewall in it, but that doesn't suffice for me. I need something like this and it's not an option for me not to buy a product like this. I'm really not even thinking of return on investment. If I don't have something like this, I just can't work. It's a basic necessity.

I don't think it's expensive. I'd recommend it to others.

I haven't evaluated any other options. I started using Kerio Control and it was sufficient. I haven't spent any time looking at alternatives. I've seen constant improvements in Kerio; they actively enhance the product. That's a good sign for me. I also use the GFI mail server and I prefer to use one company for my tools.

My general advice is always: Read the manual, check your hardware and see if you have everything you need, and if it will suit your needs.

It's hard for me to assess its malware and antivirus protection because Kerio is one part of a three-part defense against malware and antivirus. I'm not sure which part picks up which problem. My philosophy is that no single protocol picks up all the problems, so if you have several of them, you'll fight the virus or malware at some point. That's why I have three different tools with different focus points, and together they keep me safe. Malwarebytes specializes more in malware, ESET is a normal desktop antivirus system, and this system is a general anti-malware and antivirus system of another type. They compliment each other.

I have an internet speed of 200 megabits per second, and 15 might be enough. So the only point I don't know about Kerio is whether it takes a lot of performance out of the maximum you could get if you didn't have a firewall.

Overall, I would give it a nine out of ten, but with the comment that I haven't compared it with anything else. On my scale, 10s are very rare. They're for things that go beyond my expectations and Kerio does exactly what I expect and it does it well.

It's just an essential which does it's work. I don't think about it normally. It's just there and it works.

I use it as a service for my customers. My primary target is to help my customers in the best way to protect them from the dangerous things from the Internet. As a solution, it's easy to maintain. The product is a good solver that also depends on good support and its availability of engineers.

I am using the latest version of Kerio Control. It is an old type of configuration with VPN connections. I still like the product very much.

It is mostly installed on the Linux software appliance. That's what I mostly use for my customers.

Most customers are not able to understand the technology behind it. I am always trying to explain it to my customers. When I show my customers the interface of Kerio Control and all the reporting features along with the security features within the logging, they're very impressed. I have a very good relationship with my customers because this is mostly based on trust. I show them, and if they have doubts, I always say, "Just hire somebody to check my work." For example, a year and half ago in the travel industry, there were new rules for travel agencies who give out credit cards that they must comply with PCI DSS standards. There were some things that had to be adjusted and Kerio was able to adjust for that. So, it met the demands of PCI DSS standards.

When one of the employees of my customers was using a VPN Client, I created it so they will always get a message. When the VPN Client connects to Kerio Control from the outside, they will get an email so they know when they are connected and when they are disconnected what is happening to their network. I can, as an administrator, look in the logging and see what's happening. If I really wanted to manage what is happening over a month, then I could go deeply within Kerio Control and make a text file of the logging. I could then order an export to Excel to give the customer an impression of what is happening.

Our customers don't want to worry about their IP. If it's implemented well, Kerio Control is very good product for this.

• Security
• Ease of use
• Ease of install
• Ease to recover
• The load balancing is very easy to maintain.

The login appearances are very strong. In case of problems, you're able to find anything you want. I am always able to help my customers. I really love this product. It's very good. With its many features, there is no comparison. Over the years, I have seen other types of firewalls but they don't have these functionalities within them. 

You can create your users, groups, IP addresses, IP groups, and make rules. It can do protocol inspection and load balancing. You can have a backup line where all kinds of scenarios are possible. 

It has security features, like an open source Internet protection system. This is well-known and a good solution to protect you from guys who try to hack systems. They have also integrated a fire scanner, a protocol inspection, and web content filter. You can adjust things depending on the types of organizations who are using it. Over the years, it has been very easy to maintain. 

I haven't seen anything else that compares to the comprehensiveness of its security features because I'm working mostly with small to mid-range offices. Manageability is very important, and that is possible with it.

Kerio Control's firewall and intrusion detection system, Snort, uses tables that are available on the Internet and loads them automatically. Over the years, I never had problems with my customers. The stability is very important for the product. I use Kerio Control as a central security system for my customers. On the workstation, I mostly use a virus scan. There are also multiple virus detections through your firewall. 

The VPN Client for users is a strong feature within Kerio Control. An important thing within the VPN Client is it also has the possibility for two-factor authentication, which I really like. For some customers, this is very important.

I like its malware features.

This is a very robust the product.

With Kerio Connect, they blew it. They were not able to pace up with the competition. I am working with a variety of customers: lawyer offices, travel agencies, big shopping mall accounts, and small accountancy offices. They have all kinds of needs. Kerio Connect did a new launch in the Netherlands for the ACG and GDPR, which are very strict for some companies, like lawyer offices. It is important within the mail server product that you're able to encrypt your attachments and have two-factor authentication. All these type of things are not within Kerio Connect. Therefore, this product is not interesting anymore for my customers since the Dutch law is that strict. For example, there was a judgment from a judge this year when a company was hacked. There was a guy who maintained this network gave some advice to the customer, but the customer would not pay for that solution. He was held responsible for about 60 percent loss of this business, because there was a ransomware within in the organization. These are the things we have to deal with in the Netherlands and in Europe. Within the Netherlands, this is a very important thing, so you can probably understand how important it is that the product is okay with the market demands.

After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This is a cloud solution to have an overview of the statuses of all the firewalls that you maintain. When a firewall or primary interface goes down, then you get messages. It also has an app for iPhone or Android. You can then have a quick view about the status of the firewalls for your customers. If there is a problem with the Internet connection, whether it is down or there is an update, then you get a message. So, I can proactively help my customers. However, after the takeover, this has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening.

MyKerio is a cloud thing where you can easily see all the firewalls that you maintain for your customers along with the statuses behind them, providing a way to securely connect to your firewall appliances. This is a very strong feature of MyKerio. However, nowadays, I'm not really impressed about things they do with it. That needs improvement in my opinion.

Another thing is that you must be a specialist, like me, when you want to have more specific information, e.g., when there are incidents or things that are happening that need investigation, then you need to go to the shell prompts and logging, where you can perform anything. You can edit anything out of your log files. However, this is not possible within the Kerio Control admin interface. You can only search for one thing, but not for many things.

Kerio Control has a very good future, but it needs good marketing and knowledge around it.

I have been working with it since the beginning (1997). When it started, it was called WinRoute. Now, the name is Kerio Control.

It is a very stable product, which over the years has been very good. 

The scalability is good. The VPN connections may need improvement. Because of all the security features within Kerio Control, e.g., it can do a deep packet inspection, this can slow down the traffic. Sometimes that creates a problem. For example, Kerio Control offers protocol inspection for the services that are available, and sometimes that gives problems because people are complaining that it is slow. The VPN connections from remote are not always very fast, so I think the throughputs of the VPN need improvement.

In every software, sometimes there are problems. One of the strong things about Kerio was the support knowledge and the involvement of the employees within the support department. I used to have the impression that the people working there were part of the products. It was almost a pleasure to have contact with people who were really involved with the products. After the take over of Kerio Control and Kerio Connect by GFI, it was really disastrous because a lot of the people involved were gone. When I had a problem and I asked for support, then they are asking me questions that I think help, but they don't understand the product. This is logical, of course, because there was a takeover.

The GFI product support for Kerio Connect has been unacceptable for my customers and me because I had major businesses that were running with this software and very satisfied because of the user-friendliness. Error and problems cannot be cured, but they must be solved. For example, when I perform an update, the next thing will be a ruined email system, but nobody will be available for support. This is also when they know that an update is coming and I am calling after updating it. They promise to support us, but there is no support, which is terrible. This is the thing that I feel is very important when you use business-critical software, and they need to improve on. I want to be able to call their support and reach someone who has knowledge about the product. 

It has a very sophisticated logging system. I need to be able to connect to the engineers behind it, who develop it, and tell them, "Okay, that's wrong." If I'm not able to connect to first level engineers and make them understand that they're not able to help me or they need deeper knowledge of the product, then there is a problem. While this is not an issue with Kerio Control because they have proven with the product that they are able to maintain it, the major problem for me with Kerio Connect was they ruined things in the past and I was unable to go back. So, I'm very interested in how they are improving the support to make things work again with MyKerio, as it is very good feature.

I have worked with all the firewall systems, like Cisco. I see how people struggle of with it and also how much effort it takes to maintain it and implement rules. Kerio did a very good job with that. You can also, in a quick way, see inbound and outbound traffic and make your own filters.

A basic initial setup is very simple and straightforward. They offer a straightforward set of rules to make it work, then you can create all the rules you need for the customer depending on their demands. It can do almost anything.

The deployment time frame varies. For example, if I am deploying to a shopping mall, that shopping mall has all kinds of offices. Every office has its own demands regarding the IP system that they use. Every shop has its own software supply and concepts. Sometimes things get complex, then I start from scratch to make sure everything is maintainable, but this is very easy in Kerio Control if you know how to do your job.

Because of the coronavirus, for people who want to work at home, it is very easy to set up VPN Clients because that is a piece of cake.

When you look at Kerio Control, they are able to maintain it in a way that I had no problems because I was always careful with updates. I first test them on-premise before I roll it out to my customers. That's also no guarantee, but we are able to maintain it in a good way.

Implementation strategy changes per customer. Some customers have very strict policies about the sites that they can access via the Internet. Others have limited bandwidth. For example, I had a customer who could not visit some Internet sites because most of my customers have two Internet connections. I found out that connecting through the other interface wasn't a problem. It had to do this with the networks between them. It's very easy in Kerio Control to make another path where another Internet connection is used for that website.

I built a large network of freelancers over the years in the Netherlands and foreign countries to get the best solution for each customers. I am working with all types of people who are trustworthy and have good knowledge of the product. I tell my customers, "The IT world is the same as the medical world. You don't go to a heart specialist for an eye operation, and you don't go to your normal doctor for a heart operation. They're all specialists on their specific terrain." That is the way I operate for my customers.

I handle the deployment and maintenance of Kerio Control myself.

I have seen ROI over the years. It is part of the complete solution that I offer to my customers. Over the years, it has offered me a reliable platform for my customer and allowing me to build trust with my customers. That's the most important thing of Kerio Control.

If the support is not good, then I have a problem with my customers and it will cost me money. That's one of the things that GFI did after the takeover: It cost me a lot of money. Because there were a lot of problems, not with Kerio Control, but with Kerio Connect. It really cost me with unsatisfied customers.

It's not a very expensive solution from my point of view. Because it is not only about buying a product, but how much time does it cost to implement the features that the product offers? I haven't found another product that is able to do the things that Kerio Control can do for the money. 

It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product.

GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?

I don't use the Kerio hardware because they're too expensive and difficult to maintain.

Kerio Control has the ability if you buy it (it's a separate option) to know malware sites. Then, they will be blocked and the user is informed.

I have used Cisco, FortiGate, pfSense, and then more simple router things that have integrated software. However, mostly in business, I don't want to use just a router with integrated software. I don't believe in that concept. My customers are of a size that the stability of the product and the way it is maintained are very important to me. That's one of the strongest things about Kerio Control. It has proven to me over the years, and with my customers as well, that it's a very stable product. I haven't seen another product that compares to it within its price range. However, I also have to help my customers when they are having problems when connecting to a site or when they are having problems in general. When I contact their IT to find out what's happening on their side, it is difficult to get an answer why things are going wrong.

I can't find a comparable product to Kerio Control that offers the same set of features for the same money.

I found another product that can do a lot more than Kerio Connect, and that's IceWarp. IceWarp is a very strong product. IceWarp is a really strong competitor within this market. I was impressed with the software's ease of use because it's completely web-based. It's not only a mail server product, which offers secure attachments with out-of-the-box Office, but offers two-factor authentication. It also has a web-based text editor and Excel sheet, where you can make a basic presentation. With the same interface, there is the possibility to do OneDrive or Google Drive. They built it with the same depth that you need to log in to your IceWarp environment as a user. You can store your documents and sync them with a Mac or Windows PC. However, there is not much to find about this product.

Kerio Control is very good. The way that you can maintain it, it's very easy. I had an employee who built a copy of the product, which was a very basic interface for the open source community. You can find it on the Internet. He was impressed by the way Kerio built this firewall solver, because most firewalls are very difficult to maintain due to their complexity. If you are working in complex environments, it is not easy to maintain firewalls, because things are always changing. This is the part of Kerio that is very good.

Every IT guy that I show the interface of Kerio Control is impressed with the product because it's very easy to view how things are working (when you know what you're doing).

Ransomware is protected only when the system is able to detect, "Okay, this is coming from a link and that link is known, and it is within the protection."

I don't use the solution’s high-availability/failover protection because the hardware is needed as well and I wasn't able to test it. I want to test it first, because it's not only the testing, but what are the costs of ownership for the customer? Over the years, the Internet connections in the Netherlands are very stable. I always tell my customers that if they have an Internet connection that they should have a backup connection. The hardware that I use is mostly recent, stable hardware. So, it's not for my type of customers. This is not a very important feature because the hardware is well-maintained. However, that's a thing that I take care of since most hardware fails because there is not a good cooling environment or a lot of dust is in hardware. I make sure that things are running well as part of my services.

I'm still surprised that sometimes I need something which I thought was not within Kerio Control, and it was within Kerio Control. That's mostly the case.

Biggest lesson learnt: Stick with suppliers for software products who are able to give very good support.

I would rate the product as a nine (out of 10). It is very good.

We mostly use Kerio Control as a virtual firewall solution, and the user accounts let people have access to the internet through the firewall. We also have a few cases where we use the VPN. But it's mostly a firewall solution with multiple VLANs and the network behind it.

It's deployed on-premises, both virtual and hardware solutions. The NG100 is the smallest solution for smaller businesses, but we mostly use the virtual appliance.

Most of our customers are small to medium companies, where there are between five and 40 work spaces. Everyone has a PC and they have a VoIP phone and their own phones, and they have tablets. Most of the time, it's one to four devices per user. The biggest client we have is around 30 users.

It has made it easier for us and our employees to manage and add settings to the firewall, as opposed to another brand where you have to use command-line or really complicated layouts. The ease of use is a big plus.

The solution has also saved us a lot of time in managing security. We have to adjust the content rules and now we have one place where we can enter them. We have a customer with about 20 Kerio Controls and we don't have to set all the rules on each firewall. When we have to add some rules to each of the firewalls, it can be done within one minute. Normally, it would take 20 to 30 minutes, depending on if they're all online — and we would have to check them manually. Now, we just have to enter them and, when they come online, they sync with the global rule sets.

The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data.

The content filtering is pretty good for our needs, especially with the global rules you can define. We can define global rules and use them on multiple Kerio Control installations. So we have one place to set all the rules for different customers. That's very good. The rules that it auto-updates and that are automatically available — for example, spam or indecent websites, or whatever else is in the firewall by default — are good.

The VPN works pretty well, especially with the Kerio Control VPN software. Some products don't have their own VPN software and, with Windows, sometimes it's just better to have a piece of software. That's especially true for some of our customers because they only have to open the software and press "Connect." Windows can be a little bit weird when it comes to that, and it breaks connections. You really don't see when Windows loses a connection or if you have to reconnect. The Kerio Control VPN client is pretty good at that.

The antivirus is either on or off, but we can't really see or measure how well it is doing. Sometimes we get the feeling that some files get past it and then they get caught on the antivirus of the client PC. We would like to have more control with the antivirus.

Also, we have multiple employees working on firewalls and if one employee changes a rule and traffic that shouldn't be there suddenly comes through the firewall, it's hard to pinpoint which rule is affecting that traffic because there is some overlap. It's not clear if it's getting past it because it's not decrypted. It needs more logging or more in-depth diagnostics about which traffic is hitting which rule on the firewall. Sometimes we have 20 or 30 rules and it becomes a whole job to figure that out.

When it comes to QOS, the quality of service, you have to set a fixed bandwidth. But sometimes, when we have multiple connections in front of it, it's a fallback line. For example, when we use Kerio aboard a ship, there is the satellite connection but there is also a 3G or 4G connection. We always have to set a fixed limit for the connection. If we set the fixed limit to 4G and it switches to navigation, one user can use up all the bandwidth for the entire ship. It would be better if there were something more dynamic, where it could sense the total and we could use percentages. For example, we could say a user has always 5 percent of the connection. But now we have 5 percent of a fixed connection number. The fixed limit on a line for QOS is a problem because we don't always know which connection is in front of it.

Also, if you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically "find out for yourself."

We've also had some problems with how to set the rules, but that's when more than one rule is overlapping and cancels out all the other rules. However, that's more our fault.

I have been using Kerio Control for around six years.

It's pretty stable. We had some problems with Kerio Control virtual appliances. If it was running more than 20 days, it would become really slow and sometimes it would just stop working. When we rebooted the solution it would come back up. But that was something that was happening a year-and-a-half ago. Since then, we haven't had any more problems with it. 

We had a few solutions that just went corrupt. We're not sure if that was the disk or Kerio itself. We always have an installation of the virtual appliance on the server, so we can set up a new one, load the backup back in, and be up and running again in 15 minutes.

It's been a while since we contacted support, but back when we did it was pretty hard to get a hold of someone. We didn't get a lot of feedback. Most of the time, it was, "Look at the documentation." It was hard to get someone to look over our shoulder and help us with the problem. I think that was before GFI took over.

We did not have a previous solution. 

As I said, if there were best practices or a template, the setup would be a lot easier because you start and then you change the setup according to what you think is right. But later on, when you encounter problems and look in the documentation, you see that another way is better. That was a bit of a problem when setting up. It all works, but in managing or adding rules, for example, or we just didn't do it properly. It was a bit of trial and error and that was a problem. It's too much trial and error when you start.

Deployment time, for some customers, is fairly quick. A basic setup can be up and running in 15 or 30 minutes. With other customers that have a lot of rules we do testing so it could take three or four hours.

For our implementation strategy, we just look at what the client wants. For some clients, we have a basic template now, where we always use a backup from an existing Kerio. If it's a new customer, we check if we have an existing Kerio that's pretty much the same, or we just do it from scratch if there aren't too many rules or networking behind it.

We see ROI because the ease of use is a lot better, so we spend less time on maintenance, administrating, changing rules, and checking usage.

If you have a lot of users, the licensing can be a bit of a problem because we have a lot of customers who don't use the user feature, but we have five devices per user, and we have to extend the license every time. The fixed model of users and devices is a bit of a problem for us. We want to be able to expand it fast and not have to contact our supplier first to get a license. That takes another one or two days and the customer is waiting.

It might be better if they offered a fixed monthly or yearly price instead of the user-based price. That's really keeping us from deploying with some of our smaller customers or customers that have a more dynamic user base. If they had a larger fixed price with unlimited users or devices, that would help. Now, it's five users each time. A pack of 100 or 200 users for a certain price would make it more dynamic and user-scalable.

We looked at pfSense and some paid firewall solutions, but in terms of how user-friendly it is for our employees and my colleagues, and how well we could manage it from a remote portal, Kerio Control was better, in our opinion.

Kerio Control is a nice-to-have for a small business like ours.

My advice would be to look at best practices or get someone to show you how to properly set it up before you try anything and it gets too messy. The biggest lesson I have learned from using this solution is to look out when it comes to firewall rules. Don't use too many firewall rules or content rules because it can get really messy, really quickly, if you don't have a decent strategy for that.

We always try to use auto-update, so most of the time we're on the most recent version. We have some examples where we use Kerio Control aboard ships where the bandwidth is really limited. In those cases we use our own timeframe to update Kerio Control, but it's normally done within a month or two, so most of them are up to date.

We haven't seen anything yet in the antivirus and we haven't had any problems with malware with our systems. I don't know if malware is being detected that well, because sometimes the clients still have some malware. I don't know if it's because it's an HTTPS site or something else.

In our company, most of the work with Kerio is done by about 10 people. Everyone does the same tasks: administrating, changing rules, and installing new Kerios. I work on it in my role as a system admin team lead and developer. As of late, I've been more of a developer than administrator. The others are system administrators, business consultants, and there are two other developers.