Coming October 25: PeerSpot Awards will be announced! Learn more

KerioControl OverviewUNIXBusinessApplication

KerioControl is #8 ranked solution in top Intrusion Detection and Prevention Software and #24 ranked solution in best firewalls. PeerSpot users give KerioControl an average rating of 7.8 out of 10. KerioControl is most commonly compared to pfSense: KerioControl vs pfSense. KerioControl is popular among the large enterprise segment, accounting for 48% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 35% of all views.
KerioControl Buyer's Guide

Download the KerioControl Buyer's Guide including reviews and more. Updated: September 2022

What is KerioControl?

Kerio Control is a popular security product for small and medium-sized businesses. It is a next-generation firewall that provides unified threat management without complexity. Kerio Control provides advanced anti-virus protection and industry-leading web and content application filtering, and has a secure VPN.

With Kerio Control you can:

  • Preserve the integrity of your network.
  • Manage bandwidth to streamline traffic flows.
  • Improve productivity with filtering capabilities.

Kerio Control Features

Some of Kerio Control’s most valuable features include:

High availability, deployment flexibility, deep packet inspection, advanced routing, usage reporting, quick administering, intrusion detection and prevention (IPS), gateway anti-virus, VPN, web and content application filtering, and centralized administration with MyKerio.

Kerio Control Benefits

  • Eliminate downtime risks: Because Kerio Control offers high availability and failover protection, you can eliminate the risk and cost of connectivity or threat protection downtime.

  • Detailed reports: Kerio Control makes it easy to view individual users’ internet activity through detailed reports.

  • Traffic monitoring: Traffic monitoring allows you to manage bandwidth and makes it possible for you to control access to streaming video and peer-to-peer networks.

  • Server protection: Using Kerio Control’s advanced networking routing and deep packet inspection, you can protect servers.

  • Easily create policies: With Kerio Control, you can create both inbound and outbound traffic policies, and can also restrict communication by specific URLs, applications, traffic type, content category, or even time of day.

  • Snort-based analysis: Kerio Control gives you the ability to add a transparent layer of intrusion prevention with snort-based analysis along with a database of rule and blacklisted IP addresses that is regularly refreshed.

  • Optionally integrated anti-virus: WIth this feature, you can prevent viruses, Trojans, or spyware from entering your networks.

Reviews from Real Users

Here is some feedback from some of our users who are currently using the solution:

PeerSpot user Brian C., Senior Technology Specialist, VP at Unified Technology Solutions, writes "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work on what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."

Andy D., IT Manager at Flare Technologies, praises how easy it is to use and says, "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."



KerioControl Customers

Triton Technical, McDonald's

KerioControl Video

Archived KerioControl Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Alex Kimondo - PeerSpot reviewer
ICT Manager at MEDS
Real User
Top 20
It is a good firewall appliance, but it lacks local support and scalability
Pros and Cons
  • "The firewall appliance itself is the most valuable feature."
  • "I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. Its local support and scalability are also not good. I am looking forward to a more scalable product that will be able to grow with time and technology."

What is our primary use case?

We use Kerio Control as our firewall.

How has it helped my organization?

The Kerio Product has come in handy in the area of Firewall management. Having visibility into the entire Organization through a dashboard. 

What is most valuable?

The firewall appliance itself is the most valuable feature.

What needs improvement?

I find it a bit costly to pay for the products that I am not using. They need to change their model in such a way that you don't have to pay for the products that you are not using. 

The GFI features that come with Kerio are stated below. When paying for the licenses we pay for license for everything yet we only use 5 products.

GFI Products

GFI Endpoint Security

In use

GFI Mail Essentials

Not in use

Kerio Connect

In use

GFI Archiver

Not in use

GFI Fax Maker

Not In use

Kerio Control

In Use

GFI Lan Guard

In use

GFI Web Monitor

In use

Kerio Operator

Not in use

GFI Events Manager

Not in use

We only use 5 products out of the 10 we’ve paid for. We should have the option for paying for what we use not a blanket cost for everything

Internet aggregation and SDWAN Technology: The firewall should  allow growth in terms of allowing connectivity to SDWAN technology available in other firewall appliances.Link aggregation and SD-WAN (Software-defined Wide Area Network) are great features for businesses who need multiple links to the internet. They’re also useful where you are using multiple links and would like to connect to other sites, such as branch offices or cloud services.

Its local support and scalability is  also not good. I am looking forward to a more scalable product that will be able to grow with time and technology.

Cloud Support: The Firewall should have cloud support especially hybrid cloud support.

It should allow device identification without just stating that the devices are unrecognized-"unrecognized devices"

Sandboxing is one of those important firewall features that end users don’t even know is there. It takes a file or executable as you’re downloading it and opens it in a completely isolated and separate “test” environment.This is missing.

Buyer's Guide
KerioControl
September 2022
Learn what your peers think about KerioControl. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,590 professionals have used our research since 2012.

For how long have I used the solution?

We have been using this solution for around one year. We are working with Kerio Control and other GFI products that come with it.

What do I think about the stability of the solution?

It has been a stable product. We haven't had any issues apart from yesterday when it somehow froze. It was the first time we experienced such an issue. 

What do I think about the scalability of the solution?

Scalability is a bit of a challenge because you need to buy a new product if you want to upgrade to new technology. 

In other firewall products, you have options for scalability, but for this particular product, such an option is not available. For example, FortiGate firewall provides added technology capabilities that allow it to grow a bit. In Kerio Control, if I want to bring new technology like SD WAN, I need to buy a new product, or maybe do away with Kerio Control and use a new technology altogether.

How are customer service and support?

At the moment, there is no proper local support for Kerio Control here in Kenya. It is hard to get service or assistance for anything. This is the challenge that I faced in using a Kerio product or a GFI product.

Which solution did I use previously and why did I switch?

I used to work with Cisco products. We switched to Kerio because they promised a lot of products, and the initial cost was less as compared to other products.

How was the initial setup?

The initial setup is pretty straightforward. I learned this product on the job, and I never got any hands-on training. I just went to YouTube and oriented myself with it, and then I set it up quickly.

What's my experience with pricing, setup cost, and licensing?

Its initial cost is less as compared to other products. It becomes a bit costly when you pay for the products that you don't use. We paid for almost all the products through subscription, but we are using only a few products. We use EndPointSecurity, Kerio Connect, WebMonitor, and LanGuard. We don't use the rest of the products.

What other advice do I have?

I would rate Kerio Control a six out of ten. Its local support, scalability, and pricing model need to be improved.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chris Bristow - PeerSpot reviewer
Account Manager (Technical) at Redfortress Ltd
Real User
Provides good content filtering and failover, but licensing is becoming too expensive
Pros and Cons
  • "The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem."

    What is our primary use case?

    We use the Kerio Control as the firewall, and we manage all the load balancing for it, as well as DHCP, bandwidth control, failover, and basic reports.

    How has it helped my organization?

    It has saved time for the members of our team who manage security, because everything can be done from the Kerio. If a problem arises or something needs changing, we can just put it into the same rule that we already have or make a new rule, a duplicated rule, which is quite easy  to do.

    What is most valuable?

    The most valuable features are the 

    • firewall
    • load balancing 
    • bandwidth control
    • routing.

    We need these functions. We need to do what we do and then the Kerio is quite intuitive in terms of getting everything set up and managing it after. It has quite a nice UI which is fairly straightforward.

    The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.

    In addition, content filtering is good. We use that a lot. In terms of the content filtering we use all the basic ones that it already comes with, like phishing sites and peer-to-peer. We only use the VPN a little bit, for admin purposes, to go in and administer the other equipment onsite, like the switches.

    The comprehensiveness of the security features Kerio Control provides seems good. And it seems to just work. I don't really get down into the detail of it too much, but I'm happy with what it picks up. We haven't really had any problems.

    It is easy to use. We've never really used the wizards that are provided. We had a guy come in and set it all up for us in the first instance and then we built upon it by just using what he already did as a template, to do other things. But it's pretty straightforward.

    We also use the failover. We have two internet lines going into it, and it works. We have a loss of connection at the minute because of a problem with BT, our ISP, so it has gone over to another line. It keeps our security going, which is good.

    For how long have I used the solution?

    We have been implementing solutions with Kerio Control for our clients since about 2016.

    What do I think about the stability of the solution?

    The stability is very good. I don't think it's ever failed. 

    We had one time where there was an update, a couple of years ago, and it changed a setting for the failover and load balancing. As a result, we almost needed to roll back to a different version. We ended up finding the right setting. But that was the only thing that's happened really. Apart from that, they update fine.

    What do I think about the scalability of the solution?

    For the sorts of things we do, we'd only ever really need one Kerio in any one location. Scalability is beyond the Kerio, for what we do.

    We have about 150 users of the solution.

    We don't have plans to increase usage. It's been the same for about four years now and I think it will stay the same for at least another one or two. In the place where it's installed it's being used very extensively. It's the endpoint for the whole network so everything in the company ends up going through it.

    How are customer service and technical support?

    I've never used their technical support.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution.

    How was the initial setup?

    We hired a guy to do the initial set up for us. I think he was a Kerio reseller and we used him for consultancy before it started and then he actually did the work on the Kerio as well, and the network in general.

    Our experience with him was excellent. We've used him a couple of times since. He's brilliant. His knowledge of everything is incredible. We tried to do it all ourselves at first, but he came in and knew exactly what the problems were. Something that had taken us about four days, he did in five minutes. He's just incredibly knowledgeable about everything to do with networks: Cisco, Kerio, everything.

    I've set up another one since, for the same company. I just copied the configuration file of the one and put it straight onto the other. They're in separate buildings, but they wanted them exactly the same so it was really easy.

    That deployment took an hour, but it was because we already had one set up.

    As for deployment and maintenance of these solutions we generally need just one person: me.

    What was our ROI?

    The return on investment is the fact that the network keeps going. In that respect the ROI is good. But the licensing fee seems to be getting too expensive. I wouldn't say it's a waste of money, because it's required, but it would make us look at the possibility of using another solution in the future, if it keeps going up at the rate it is.

    What's my experience with pricing, setup cost, and licensing?

    It's too expensive. The license, in the last year or so, has gone up by over £100. We're almost being out-priced by the annual license at the minute. If we do need to change, it will be because of the annual license fee, and we will have to get a different solution.

    Which other solutions did I evaluate?

    Ubiquiti is cloud-hosted. We use a lot of those as well. If that was around at the time, in the same way it is now, we probably would have used that to start with.

    What other advice do I have?

    A solution like Kerio Control is a nice-to-have for a medium size business. It just works. It does what it is meant to do. The hardware itself isn't too expensive, it's just the licensing fee that has gone up and up every year.

    I would recommend it. My advice would be to get a professional for the implementation.

    Overall, I would rate the solution at seven out of 10, because of the licensing, and there are other things on the market now that are probably as good.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Buyer's Guide
    KerioControl
    September 2022
    Learn what your peers think about KerioControl. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
    634,590 professionals have used our research since 2012.
    Arie De Kruijf - PeerSpot reviewer
    EMP Specialist at Global EPM BV
    Real User
    Can be used with our customers' certificates; they can see their connections are properly secured
    Pros and Cons
    • "The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us."
    • "The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser."

    What is our primary use case?

    We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

    We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

    How has it helped my organization?

    Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

    The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

    What is most valuable?

    The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

    Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

    The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

    What needs improvement?

    The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

    The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

    Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

    Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

    What do I think about the stability of the solution?

    The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

    When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

    The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

    What do I think about the scalability of the solution?

    As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

    Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

    How are customer service and technical support?

    GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

    But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

    But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

    We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

    How was the initial setup?

    For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

    On average, deployment of Kerio Control takes us maybe 30 minutes.

    The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

    What's my experience with pricing, setup cost, and licensing?

    Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

    But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

    The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

    By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

    With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

    As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

    Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

    Which other solutions did I evaluate?

    We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

    I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

    What other advice do I have?

    Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

    Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

    The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

    We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

    The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
    PeerSpot user
    Liam Bartlett - PeerSpot reviewer
    IT & Installations Manager at Odyssey Gaming
    Real User
    Good value and I haven't had to reboot one of the devices in the field
    Pros and Cons
    • "It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good."
    • "If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces."

    What is our primary use case?

    Kerio Control is the primary firewall for our corporate network to the outside world. We use an IP transit that connects to an IP transit, so all the internet traffic in and out of the corporate network goes through the Kerio Control firewall. We use Kerio Control VPN Clients for our remote workers to dial into that corporate network with two-factor authentication.

    We service all areas of Queensland in Australia and we've got clients from Thursday Island down to the border. We have regional sales guys, agents, and technicians throughout the state that require access to the corporate network for various reasons and that's how they get in. They require access for our call logging system and all that sort of stuff. It's the primary gateway for that. Apart from that, we also run Kerio devices in the field to do point to point VPNs.

    We've had very few problems with the VPN features. Once we've set it up, it's pretty functionally user-friendly in terms of the firewall functions that we need to open and close ports on. Our users don't have a lot of problems with it. We've had to reboot it occasionally, but nothing extraordinary. Just standard maintenance rebates. Other than that, it just does the job.

    We about 60 users that have access. Concurrently, there's probably only 10 concurrent users at only one time. Because of COVID, there's a lot more remote work going on. It would have been busier over that time, but I haven't actually looked at the stats since then. I know that it worked well and we didn't have any issues. Which is a nice thing not to have to worry about when there's a lot of other things on your plate.

    There are only two of us that would really get in there and reconfigure the firewall. Most of the time we'll run that past TechPath anyway, just to make sure that we're not going to punch a hole. We don't intend to. In terms of checking problems, checking logs, in terms of people management as well, seeing who's been logged in, who hasn't, it's very easy to get online and get onto the device and do from anywhere. It's very easy and flexible to use.

    Prior to Kerio, we couldn't uncover that data. Prior to Kerio, we were using a hardware device but it didn't have remote access or any of those features. It was something we had to do on-site and it wasn't very user-friendly. It wasn't something that management could do if they wanted to and yet this one's pretty easy if they had access.

    How has it helped my organization?

    The main example of how Kerio has improved my organization would be through the COVID shutdown in terms of just being able to scale. It scales very easily to users that weren't normally remote workers. The fact that it scales well at very little trouble to scale with the amount of users on there, and then to have no issues over that period with increased usage, it did the job. The less I know about it, the better it's doing.

    It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good.

    What is most valuable?

    We turned on two-factor authentication just after the shutdown when we knew we were going to get more users using it. That was the only feature that I've used recently that was different and it worked fine. You only have to authenticate once every 30 days, once you've fully authenticated. It was easy. Technically, it's not a full implementation. It's two-factor on every login, but it's certainly more secure than it was.

    In terms of the comprehensiveness of the security features, I know that we haven't had any breaches before. We've had security issues before but it hasn't been with the data center implementation. We have a technology partner that we use to consult for configuration and Kerio was their number one recommendation at the time. We've never had an issue since implementing that. While it works, it's not an issue for me. Best to our knowledge, we haven't had any data breaches.

    We do a lot of audits in terms of data security. I don't know if that's ever been an issue here because a lot of our production stuff is actually walled off from our corporate network so it's of lesser risk factor. We were regulatory. We're a licensed regulatory body as well. We monitor gaming machines throughout the state. A lot of our security and the production network is a lot higher than our corporate. Not that corporate's not high, but there are a lot more freedoms for the user under the corporate network umbrella anyway. But it does what it needs to do. We haven't had an issue with it. The most we've had to do when we've had an issue is upgrade the VPN Client's software.

    Before using Kerio, with another software, we did experience security breaches. Not so much with a firewalling product. We've had issues with breaches of user breaches. So phishing attempts and so forth. Just the general user stuff, but not through the corporate firewall. And honestly, we didn't handle all of that previously. We only took that on board about six or seven years ago when we changed ownership. So a lot of our services are in the cloud these days as well. Office 365 and so forth.

    In a roundabout way, its security features played a role in our decision to go with it. We rely on the advice of our consultant and the consultant recommended this configuration, this software, and this appliance. So, it was more about the appliance. It was more about the flexibility than what we needed to do in a data center environment as well, to be able to manage it remotely and securely. It's been very easy to manage. 

    The consultant was TechPath. TechPath is very good. I have full faith in TechPath. They're an MSP and we've just used them as a consultant when we initially set up our wide area networks and the security around it. They have good guys there. We don't have a lot of network engineers in what we do. That's their job. That's why we use another consultant.

    Because it's all ID integrated, it's very easy for a user to get online step by step. And in terms of the actual configuration of the firewall itself, it's an intuitive interface if you know what you're doing, in terms of logging traffic, spanning, and the rest of it. The logging is fine. 

    Remote work has been increased by 100%. We would have had around 25 - 30 remote users. That's probably increased to 60 over the shutdown, including contact center staff. That'll scale back a little bit as people come back into the office, but overall, people don't stay connected during office hours, it's more of an as-needed basis. We still only have 10 to 15 concurrent users, but in terms of licensing, we have under five concurrent users at any one time before that. There was an increase, but it was not a resource-hungry increase. We said to make sure the licenses were sourced in advance.

    What needs improvement?

    If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces. That's been more of an experience thing as well, you have to have some networking experience to understand what you're trying to do when you set up these things, whereas it could be a little bit more user-friendly, wizard-based.

    For how long have I used the solution?

    I've been using Kerio Control for six years. It was introduced to us by a previous sister company. We started some of the systems that we took over that were using Kerio Clients and so forth.

    We use it primarily to get into our corporate network through a data center appliance. So our off-site workers use Kerio Control VPN to get into the corporate network. We have a private data center space that we use for our production network as well. It's the primary gateway into our corporate network from remote workers. It's a private cloud. We've got our own rackspace in one of the data centers in Brisbane. And then we've got connectivity that lands in the DC to allow satellite sites.

    What do I think about the stability of the solution?

    The stability has been very good. I can only think of one or two occasions where we've had an issue and a restart of the firewall seems to bring it up again. I don't think I've ever had a major issue with it at all.

    The high availability and failover protection haven't been that critical for us. The stability of it has been so good that we haven't needed to look at it. Because of the use case, an outage doesn't affect us as much as if it was a production network. And TechPath would be on standby with other hardware if we needed or with assistance. So we never really looked at the high availability stuff.

    What do I think about the scalability of the solution?

    In terms of scalability, we did not see any limitation for the amount of users that we increased to. We had to add some licensing once we evaluated how many end users are going to be in the end but that was very quick as well. I think that came through in a day or two. We just added in the licensing to it and there we went. It was very easy to do. If there was a huge increase in numbers, as in if the appliance itself might need to be increased, but it's actually a virtual appliance anyway so resourcing is not that big a deal. We can increase the resources pretty easily.

    Whether or not we increase usage depends on users. I don't think we'll exceed what we've currently grown in the last six months, based on the fact that everyone's currently working remotely. We don't have real plans to expand at this stage but it's nice to know that we can.

    I would consider my company to be an SMB. We have 110 staff. Our company is part of a larger group of companies called the Federal Group. Our business unit is 110 employees, and we're fairly self-sufficient in that respect, but the Federal Group of companies is 1,800 employees and we run a number of different businesses around the country, hospitality businesses, casinos, cape transport, trucking companies, that sort of thing. For our size, definitely, it's worked flawlessly for what we needed it to do.

    A lot of the IT is within the Federal Group. We've only actually been part of them for just over a year now. They have their own technical services group and a lot of those guys are hardcore Cisco nuts. They're based in Tasmania, which is the other end of the country for us. It's hard to get anything done when we've got to chase someone on the other side of the country. They've desegregated the business unit, so we can manage our own internal business decisions on that infrastructure. But I wouldn't be surprised if they did use Kerio in some form, I know that a lot of those guys are gold plated in what they do.

    How are customer service and technical support?

    I haven't contacted their technical support. If there are any issues then I get a network engineer guy first and see if he can take care of it.

    Which solution did I use previously and why did I switch?

    We have used SonicWall and I've also used Ubiquiti around the place a little bit, but nothing on a production level. We've played around with Ubiquiti internally. We used to implement SonicWall at our customers to do some deep-end firewalling on their gear but now we're mostly using Kerio devices at the moment in the field as well.

    Our systems supplier became our sister company. We got bought and converged in a vertical integration, and then we got divested again. We checked the systems, and the staff from our sister company got taken away to our opposition company. SonicWall was something that we inherited and we weren't really familiar with its use. I was familiar with Kerio's configuration, so we moved to a Kerio device to do the same job.

    How was the initial setup?

    For our main firewall, the setup was fairly complex at the time because we had multiple internal networks to deal with. We had test environments versus operational environments. We had a lot of rules we wanted to put in place for corporate, so it was complex. It wasn't confusing in terms of how to configure it, but it was fairly complex. 

    We started off focusing on corporate first. This was the least risk and then we moved our production phases over to that as we were confident in that we were secure and connected up correctly, so to speak, or the data center configuration was the way we needed it to be. Then we did a little post-testing in the configuration, not just with the firewall and stuff, but overall with penetration testing.

    The deployment didn't take very long. TechPath took care of most of it. In terms of the site to site stuff, we do that fairly regularly. It might take an hour to configure devices, but it's not onerous. You've just got to make sure you get the settings right. The setup required a few engineers from their end, myself, and another employee. 

    We do maintenance once a month and it requires one person. It doesn't quite a lot of maintenance because we just give it a courtesy reboot more than anything like we do with a lot of our gear. We just make sure that the updates are up to date, from time to time.

    What was our ROI?

    I have definitely seen ROI since the shutdown. Given its stability and its function, it certainly hasn't slowed down our ability to produce in a diverse environment especially with the contact center. A lot of what they do is hybrid Software as a Service, telephony, and all the rest of it, so having corporate access was key to be able to do their jobs. We went from a very secure, regulated on-prem environment to a diverse working from home environment overnight, and Kerio was key to that.

    I never had to go out there and try and find an alternate solution because Kerio just did the job. I don't know how long it would've taken or how much it would've cost, but it certainly would have been at best, a minimum of setting up a much more permanent type of secure connection from each user's premises. It would have been a lot harder to do.

    What's my experience with pricing, setup cost, and licensing?

    I didn't even blink at the price but I can't even remember what it cost. It was pretty reasonable. The cost was very affordable. We just ended up licensing our own because we didn't know who was going to be working remotely at the end of the day. I think anyone that had a chance to work at home, they got the license. It wasn't a factor of having to do to a view and make sure that every user absolutely needed one. It is a very affordable solution.

    There are no additional costs to the standard licensing that I know of. We maintain the highway that it sits on and obviously the data center space and there might be transit and costs and that sort of thing associated with it, but not with Kerio itself. 

    Which other solutions did I evaluate?

    We didn't really look into other solutions. We were using MikroTik routers to do some of the work, but not really. Rather than learn SonicWall, we just switched to Kerio, because we we're familiar with the interfacing.

    What other advice do I have?

    The biggest lesson I've learned from using Kerio is that you can quite easily and securely diversify your network security and access without compromising on cost and central control. Since this all comes down to is that it's all centrally controlled, I have confidence that the users were accessing our systems remotely and securely.

    We have used the Kerio Control appliances to do point to point VPNs at the customer sites quite a few times now, and that's the one we recommend. Customers have been using Ubiquiti and have issues so we replaced them with Kerio appliances and they seem to work great. They're moderately priced, good value, and I haven't had to reboot one of those devices in the field yet. These things run point to point VPN for some pretty business-critical functions, such as wide-area gaming systems that transfer money between venues. I haven't had any issues.

    I would rate Kerio Control a nine out of ten.

    Which deployment model are you using for this solution?

    Private Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    ICT Consultant at D-R Consulting Pty Ltd
    Consultant
    Users on the network are confident that they are in a safe and secure network. You can't assign WiFi channels to the VLAN on the low-end device.
    Pros and Cons
    • "One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system."
    • "One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not."

    What is our primary use case?

    For a small office, I'm using it for a firewall. This is the most obvious primary use, along with: 

    • The Web Filter subscription for content that gives a bit of protection to users on the network when going to sites with known malware and so on. 
    • The Antivirus module, which is good at scanning anything coming through, giving us a first line of defense. 
    • Some other features in there, like VLAN. I have quite a few VLANs setup for keeping things separate for a build network and so on. 

    I have the hardware appliance on-premise. However, I do use some of the features, like MyKerio cloud, for remote administration and backups. These are hosted on the Kerio site.

    How has it helped my organization?

    Knowing users on the network are confident that they are in a safe and secure network and can't really hurt themselves.

    What is most valuable?

    It's a combination of authentication, internal network DNS, filtering, and antivirus. It is a standalone product which has a lot of the features that a Windows domain might have. However, I don't need to have a whole lot of Windows or Mac infrastructure, as I can do all my network management from Kerio.

    One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.

    The solution’s firewall and intrusion detection features are pretty good. I have, at different times, connected directly to the Internet in bridge modes with the modem, and the noise in the logs is phenomenal. So, it does a good job. I can see that the intrusion prevention catches everything that is coming at it. I tend to not use it in that mode. I have it connect to a port on my modem router, so I let the modem router take all the initial intrusion noise, then not much gets through to Kerio. That just gives me a lot of confidence that I have a secure network.

    For the content filter, I am pretty much running their default. I haven't added any rules to that myself. The default does a pretty good job at picking up things. I might have whitelisted one or two things that I use which it tends to pick up, but I know they are okay.

    Kerio Control gives us everything we need in one product. 

    The feature that I'm relying on: If the appliance died and I had to get another one, Kerio has a configuration backup. Therefore, it's pretty easy to restore to a new appliance.

    What needs improvement?

    There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.

    One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.

    For how long have I used the solution?

    I first used this solution when it was a piece of software called WinRoute. That would have been around the year 2000. I've been using the product in its various forms for quite a long time.

    What do I think about the stability of the solution?

    The stability is pretty good. It ticks along nicely. I occasionally have to reboot it. It starts throwing strange errors on different clients. There was a period where Kerio was releasing software updates at least once a month, which would force the reboot, but I think kept it pretty tidy. Over the last year, their updates haven't been very regular. When it gets to running for about 60 days or so, it does get a little funny and the reboot sorts it out. I don't know what's going on there and why their updates have slowed down.

    A good thing with the Antivirus module is there are probably six or seven dozen updates every 24 hours to the antivirus signatures. Therefore, they do a pretty good job of keeping at the head of the game.

    What do I think about the scalability of the solution?

    It is a very low-end device. I am using their base model appliance, so it's a very small piece of hardware with fairly low-end specs. Given the broadband connectivity that we have in Australia, which is pretty poor to start with, that's not really an impediment to me. Moving data around across the land and subnets seems to work fine. 

    I have about three users most of the time and each of those users can have three devices. Then I have various servers and audio visual equipment. I'm probably up to about 20 or so IPs that could be used, but not everyone and everything is running at the same time. It seems to cope with the traffic I'm hitting it with.

    Our users are mainly doing email, web browsing, a little bit of streaming, and a little bit of Zoom. There is not anything terribly intensive.

    I probably utilize 70 percent of the features. I don't do things like VPN. I don't do anything with quotas, forcing people to log in, or bandwidth management. However, these are good features that would help some people.

    I am not looking to increase usage at this stage. I know that if I did, it has those extra features that I could use. If I started pushing the performance, then I would need to upgrade to get some bigger hardware. I probably can't increase my usage too much at the moment because the hardware would max out.

    To get one little unit and configure your whole network is good. It's also good too for a bigger business where you have a network and a small office somewhere. You could drop one of these in that office to run everything, as it's set and forget. You also have the remote administration of the appliance, which would be quite handy to a lot of businesses.

    How are customer service and technical support?

    I found the technical support pretty good. They are very responsive and come back with an answer on things pretty quickly.

    Which solution did I use previously and why did I switch?

    I have been using Kerio Control for quite a long time. I didn't use anything else previously.

    How was the initial setup?

    It has a wizard to sort of get it up and running very quickly. I think I did start with that, then went into the manual configuration for setting up VLANs and DHCP scopes. They were fairly straightforward to set up. 

    It's a product that you can get up and running pretty quickly. Then, if you want to get into advanced configuration, that's what takes a bit more time.

    Out-of-the-box, I had something running in an hour or two, but that's probably because I've been using the product for quite a few years. I know what to look for. But as for the advanced configuration, that's days of work. It's ongoing with the administration and tuning the network. I spend maybe a couple of hours a month just making sure everything is configured and working correctly. The logs are pretty good too. It's good to keep an eye on the logs as it gives you an indication if anything's wrong or if things are going haywire.

    You need to have a pretty good idea of how you want to structure unit work and what you want your network to do, especially when you want to set up things like authentication. You need to preplan your subnets and IP address ranges for different users so you can then map them to the user accounts. If you're going to a new organization and setting this up, then there is a bit of work in planning all that and what you want the device to do.

    What about the implementation team?

    For deployment and maintenance, it takes me few hours here and there.

    What was our ROI?

    I have definitely seen ROI. It has saved in client software acquisitions, such as, antivirus or any dedicated security software. In my configuration, I haven't needed any Windows infrastructure because this device does all the network management for me. So, it has saved me from buying software and some amount of hardware. It gives three or four people antivirus, which is probably about $500 AUS a year just in client security software that I've saved. Plus, there are servers I haven't had to buy, which gets pretty expensive, especially with Windows licenses.

    Kerio Control saves us time when it comes to managing security. Otherwise, I would have to invest in software running on clients, which get frustrating.

    What's my experience with pricing, setup cost, and licensing?

    On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.

    It gets expensive pretty quickly if you need to purchase license packs. In the previous model, I was buying packs of five. It was concurrent: If you had 10 address licenses, then you can have as many devices as you want, but if you hit 10 devices, you hit your license limit. People will get frustrated. They do appear to be expensive, but I don't have anything to really compare that against. I've not done any market evaluation for quite some time, because my model has unlimited addresses, so I haven't had to think about that.

    Which other solutions did I evaluate?

    The comprehensiveness of the security features this solution provides is the reason why I have stuck with them for so long. It has all the features that I need, and I haven't had to go and buy separate products. However, there are competing products that have a lot of these features in them. I did toy with the SonicWall product for a little while. SonicWall, who is a subsidiary of Dell EMC, offered an appliance, but it didn't do the internal network DNS nor was it good at authentication. I think the Kerio products are more rounded for running a small network out of a single appliance and not needing other infrastructure. SonicWall was frustrating because it didn't have a lot of the features that Kerio had.

    SonicWall was my first foray into appliances. Up until that point I had been using the Kerio Control software edition. I liked the idea of appliances. If you're running something on a PC, you need to have a PC running, along with fans and hard drives spinning. Your appliances, even though they're lower spec hardware, are small and quiet. At the time, SonicWall was a fair bit cheaper, but that was how I discovered it was a false economy. It just didn't have the pool of features in it that Kerio had, so I would have needed to have a number of work arounds.

    Looking at Cisco's documentation, they look a bit more complex to set up than Kerio Control.

    What other advice do I have?

    The overall ease of use depends on your skill set. I have a networking background, so I find it okay. As you get into more advanced features, it's probably a bit technical, but I managed to find my way around it through the documentation to get things working. It has some good features in there, like you can create a firewall rule and the console lets you test that rule, which is helpful when you're trying to build a firewall rule.

    One of the features that I haven't used yet is Kerio Control's high-availability/failover protection. However, it is something I would be interested in setting up in the future. We have started using it yet because we are small scale with a very small number of users.

    Provides the simplicity of having a small appliance that you can rely on to configure. If someone wants a network that can be structured to keep things segregated and safe from each other, then it's a cost-effective device, which is easy enough to set up and configure.

    I haven't had any security issues. However, back then, I would have been relying on an antivirus, running on clients, hoping that it would catch things.

    I would rate it as a seven out of 10, but then I don't have a lot of experience with other products to compare it against. Though, from what I see and read, it's as good as anything out there. Everything is good. However, I'm a little bit concerned that I'm not getting a lot of updates. Probably if I needed more performance, it would get expensive fairly quickly.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Andy Dibble - PeerSpot reviewer
    IT Manager at Flare Technologies
    Real User
    With VPN, any of our guys can log in to the system and effectively be on board; helps with our customers all over the world
    Pros and Cons
    • "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."
    • "There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release."

    What is our primary use case?

    Our main customer base is superyachts, and they have the Kerio for traffic rules and bandwidth management of the various networks on board. They can optimize traffic for crew versus owners and guests, the VIPs that might be on board. They also use it for bandwidth sharing. They usually have a mixture of the VSAT satellite internet and 4G internet access. Sometimes they have WiFi, for example if they connect to a WiFi hotspot in a marina, as well as shoreline or fixed DSL. They use it to manipulate the internet traffic, so they can say the crew uses the slower VSAT and the guest gets the fast 4G or shoreline.

    They also use it to see what's going on. If the boss complains that the internet's slow, they can quickly see if someone is downloading a load of updates or streaming Netflix and they can block them. They just want to have control, as the product name suggests, over the internet traffic.

    In-house, we use the NG300, but because we are a partner, we use various hardware platforms. At the moment it's nearly all the NG series, the 100, 200, and 500. The most common that we use is the NG500. I'm interested in using the next-generation, which is due out in the next couple of months, but I've also used the virtual Kerio platform on a VMware hypervisor.

    There's a virtual appliance, but also software installed on a Windows PC. We build our own virtual "guest" on a host, we've done a couple of those, and then attached it to a switch with VLANs, so we've covered all platforms.

    We have these Kerios on anything from a 30-meter Sunseeker, with five or six crew members, four guest cabins, and a couple of master cabins, or a master and a VIP. They might have 20 guests so there would be a total of about 30 users and some 50 devices for those users. There is also all the AV equipment. And we've gone right up to a 120-meter superyacht, with 50 to 100 crew and space for about 200 guests. We've also got a couple of ski chalets, and a private island in Ibiza. A few hundred users is its top end, but as far as network-connected endpoints go, it could be in the few thousands of devices.

    How has it helped my organization?

    The way it improves the way our company functions is through the VPN, because we offer support services. Normally, we would have to rely on TeamViewer to a computer on board, or to get on the phone and tell somebody to take pictures or press buttons, where we can't see what's going on. 

    In the last year or two, after setting up the VPN, any of our guys can log straight in to the system and they are effectively on board. That is a big help because our customers are all over the world. They could be in Ibiza one day, but then they're heading to the South of France and then they're going off to Greece or crossing the Atlantic. Sometimes it's difficult to send somebody out to them quickly. They might not want to pay for somebody to come out. It could be two or three days of round-trip travel for a half-hour job. The VPN makes it more efficient. We can jump in and see what's going on. We can mimic our engineer's being on board the vessel via the VPN. That's the biggest benefit. And it's instant. Someone rings me up and I've got a single VPN connection and I can get to their networks.

    What is most valuable?

    The most common feature is the Traffic Rules, so the users can define which network or which users access which internet interface. But bandwidth management and content filtering are also commonly used.

    With the Traffic Rules we define all the different sources, such as various user groups or network interfaces for the crew. And we show them that if they want the guests to access 4G internet, this is how they do it. They're defining who gets what, in the Traffic Rules. 

    If they've only got a single connection, and everyone's sharing it, then they would jump into bandwidth management and prioritize the boss, but also allow the crew a little bit of internet, just to get by, for WhatsApp messages and emails. 

    Content filtering is to stop malicious content. They don't want people accessing the various categories in the filter. The default is usually pretty good for them, things like BitTorrent, downloads, and sharing, but also the more "adult" parts of the internet.

    It gives our customers pretty much everything they need in one product, in terms of security features. It's a firewall, but generally for what they want, it works.

    What our customers like about it is that it has a nice interface. It's been around in the yacht sector for a long time. I was introduced to Kerio by the yacht customers. They were saying they want this firewall and I hadn't really heard of it. They're usually comfortable with it because it's a familiar interface.

    By default, the firewall stops everything coming in but allows everything going out. For everything we've needed, it's done the job. If we've needed to open something up or block something we've managed to do it.

    We also use the VPN quite a lot. We have an NG500 in our data center and we actually create a VPN tunnel between and our data center and each of our current customers who have a Kerio. Technically, it's one-way because they don't talk to each other via VPN. All the customers are separate, but as a support company, we can VPN from our laptops to our data center and from there we can access all our customers' networks. That is handy for us because we can log on to their IT switches or their AV equipment to offer support. We also use it for delivering email for some customers, whereby because they don't always have a guaranteed fixed IP address, we give them one, in a sense. We have a pool of IPs in our data center. All the mail hits their assigned IP address and is sent over the VPN to their email servers on board.

    We also have some third-party subcontractors and we can give them access to specific customers. We can give them an account on our firewall and through our own traffic rules we can allow them or deny them access to specific customers and specific parts of that customer's network. Because they're hitting the central point, we don't necessarily want them to access all our customers. The customers themselves don't often have a big, remote-work environment because the crew is either on board or off. But we have seen a small increase in customers wanting to use VPN to access files on board, and during the COVID outbreak some of the ETOs (electronic technical officers) and the technical guys have not actually been able to get to the yacht, physically. So we've set them up with VPN so they can actually continue to do certain work. When we first started using Kerio we never really used VPN. Now, pretty much every Kerio we supply gets on the VPN.

    The ease of use of Kerio is very good. Everything's there, once you know where to go or how to find things. One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly.

    The learning curve is pretty quick. It helps if someone has a general IT understanding of networking, for certain aspects. What we don't always have on a customer's site is somebody who is familiar with all aspects of the Kerio, such as interfaces, VLANs, and IP subnetting. They don't always understand DHCP, what it is and how it works. They pick it up pretty quickly, but it usually helps if someone has at least some knowledge of IT and networking. Normally, though, we find it's quite a decent balance because they will do what they want to do after a little bit of training. Anything else they'll leave to us or they'll ask us the question, and then we can either do it or go and figure it out and then come back and do it.

    What needs improvement?

    Sometimes it might not be detailed enough, or it might have more details but the customers just don't know where to look. The issue is usually when it comes to specific packets. Sometimes they find it slightly difficult to see exactly what's going on.

    For example, we had a customer who was using the content filter. They tried to block Facebook using the web filter categories, and in combination with that they wanted to always require that a user was authenticated before accessing web pages. What would happen was that even though they had the content filter enabled to block social networking — Facebook may even be a category — it still allowed them to get in through mobile apps. If they went to the website, it would prompt them for login and then it would deny it, but they would get into the app and they weren't even logged in. That might have been an HTTPS issue and the way that the app was talking, rather than an actual website or what page. We always managed to find a way around. They'll come to us with a question and then we'll figure it out and usually they're happy enough with that.

    There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release.

    Finally, the customers sometimes want to use the VPN link for outbound traffic. But at the moment, it appears that there is an all-or-nothing solution, so either everything uses the VPN and breaks out at the remote site or nothing does. The simple example is for the email system we've put in. We can direct traffic in over the VPN, but we'd also like to send that same email traffic out of their server over the VPN to break out on a specific IP address in our data center. We would like to see a little bit of functionality in prioritizing of internet interfaces.

    For how long have I used the solution?

    I have been using Kerio Control for about 10 years. 

    What do I think about the stability of the solution?

    The stability is good. 

    There have only been a couple of occasions where we've had high RAM usage of the Kerio, where it may be a more complex network. What we found is that over the course of a week or 10 days, the RAM utilization would slowly increase to a point where it would be 100 percent usage and then you couldn't do anything with the box. You would have to physically power it off. 

    We do have cases open for Kerio with GFI and they're looking into it. Apparently there is going to be quite a big software update coming soon, which will change the backend workings. That's hopefully going to make a big difference, but the problem has only happened in one or two cases. Other than that, it's generally pretty solid.

    What do I think about the scalability of the solution?

    If you've got a hardware appliance, then you are generally limited to its own specifications, in terms of throughput and power. That's what you've got. If you start hitting that, then it's time for a new box, or you need to look for something else.

    On the NG500 you can increase the RAM slightly and you can also increase the storage space.

    But there is no way of changing processing power. So you have to specify the right box. You can increase physical network interfaces if you want to. You attach a switch to it and scale it that way if you need more physical interfaces. We haven't needed to do that. Or if you wanted to have fibre connections; you would have to attach it to something else. 

    It would be nice to see SFP slots in new hardware, which I think is coming in one of the models. 

    Overall, you'll hit a point with the box where you can't really scale any higher. But if you've got a virtual appliance, if you want to give it more processing power you can. If you want to give it loads of memory or storage, I would find it quite easy to really scale it up in terms of hardware resources.

    How are customer service and technical support?

    Technical support is pretty good. They're quick to respond. You get an answer straight away, although it might not be the final answer. 

    I have learned a few things from contacting support, things that I probably wouldn't have ever found out just researching online or playing with it myself. 

    At the moment, the particular questions we have are a bit more complicated than just, "How do I configure this traffic rule to do this job?" We've got a problem with RAM being utilized and we don't know why, and I had to send them system logs. I've had to do full system resets, complete erase and recovery. It's a bit tricky. It's more development-type work rather than user support. I think they're holding back from really getting involved with that because they are developing the new system. At the moment, our workaround is just to reboot the box every two weeks, which is inconvenient, but if they're going to solve this, then we just have to wait.

    How was the initial setup?

    The setup is straight out-of-the-box. Take it out of the box, run through the wizard, configure it with the settings that you should already know, and then it works and you get in online. That's the basic setup, because the Traffic Rules, by default, allow everything out and stop everything coming in. That's enough to just get online.

    You then go to start defining your networks and your traffic rules. Putting multiple VLANs in there is easy. Even as it gets to be a more complex configuration, it's easy to do.

    Sometimes it's time-consuming if it's a large configuration, but that's just what it is. It takes time to click boxes if it's a large network with lots of different scenarios, and to type in all the IP addresses.

    But it's easy out-of-the-box for a basic configuration and still fairly easy if you've got that knowledge of the Kerio and networking. Just a little time-consuming. If there were some kind of import or bulk add, that would be nice, but that's on a wish list. It's really not that necessary.

    If a customer just wants something out-of-the-box, we plug it in, make it work, and it probably takes a couple of hours, at the most. If it's a bit more complex, it might take a day. It might take longer if you don't know what you're doing.

    I've always told customers that there is no fixed configuration. This thing will work and do what you want it to do. As time progresses, it evolves with the changing requirements. So we can give them a solution. They can give us some key config points telling us "Okay, we want this many networks and we want these users, and these particular rules," etc. We configure all that  in a day and test it the next day. After that, it's ongoing. They might decide, "Oh, we actually want to change the bandwidth allocation," or "We've got a new internet interface," or we want to block Facebook at a specific time. It's ongoing.

    What was our ROI?

    We have definitely seen return on investment with Kerio Control because it would take us a lot longer to fix something in a lot of support calls we get. We might be stuck on the phone for four hours just to try and talk someone through something that we could fix in 20 minutes, because they're not looking in the right place or they don't see something that is relevant. Whereas, we've been able to use the VPN through Kerio, so we can sometimes fix a problem before they've even finished describing it. It has definitely helped us a lot.

    Kerio's VPN has easily saved us 50 percent, maybe more, in terms of time spent on support. We're connected in seconds. We can see things quickly. We can be connected to five different customers at once through a single connection.

    What's my experience with pricing, setup cost, and licensing?

    Pricing depends on the requirements. The more powerful boxes, like the NG500, are more expensive on licensing terms, depending on how you license them. At the moment, the NG500 doesn't have an unlimited user option. I believe they took it away, although I might be wrong. 

    Figure out how many users you're going to need because there's no point in configuring or licensing it for 200 users "just in case," when you might only need 50. It's obviously going to cost you four times as much. 

    There is an option to have GFI Unlimited, which is their all-in-one licensing model, which includes Kerio Control. It works for hardware boxes as well the software virtual appliances. Depending on the number of users, it might be more beneficial to go for GFI Unlimited. It can work out cheaper.

    Which other solutions did I evaluate?

    The other real experience I've had is with Cisco ASA, Palo Alto, and WatchGuard. 

    The Cisco was more complicated and people didn't really like it because it was a more complicated interface or it seemed more complicated for them.

    The WatchGuard and, from what I saw, the Palo Alto are good firewalls; some would say better as firewalls than Kerio. But they don't have all the other features and they didn't seem as easy. They may have more specific options you could set in the actual firewall rules; you could drill it down a bit further. But my experience has been pretty limited, so it might have just been that they looked like they did more, but in fact they just looked more complicated and only gave the impression they would do more. But these devices didn't have all the features of Kerio like the users, the groups, domain logins, bandwidth management, and content filters. They were just firewalls.

    Generally, our customers are all small to medium, if you were to compare them with a typical business. They're not "enterprise" technically, even though they do run a lot of enterprise hardware, like full Cisco networks, etc. They just don't really have the same configuration. They've got the budget, but they just don't always want to spend it. I think Kerio could work in an enterprise. A lot of the time, it depends on who is running the security and what they prefer and what is approved by any governing bodies.

    Kerio seems to have a reputation, for some people, not to be a true firewall. It's just a feeling that people get, but that's biased towards what they prefer to work with.

    On the same price point, you can't compare them. If you're looking at a Kerio box that might be £3,000 a box plus a year's license every year, versus our £100,000 security system, you can't really compare them. But for devices and hardware/software in the same price range, I wouldn't knock it back for something else.

    What other advice do I have?

    Regardless of whether you get a box or virtual, the interface is nearly always the same. There are very few changes between versions. Research what you think you're going to need. Don't just buy the biggest box or the most expensive box because you think it's going to be better.

    The biggest lesson I have learned from using this solution is that you don't always have to be onsite to fix something.

    The malware and antivirus features are pretty good. We generally have other malware and antivirus protection as well. A lot of the time, things come in via email so we do have services from Symantec, which filters that out beforehand. Very occasionally I have seen a false positive, where it's blocking something that's actually allowed, but then I can usually figure it out and just allow it. When I've seen something has been blocked or someone has reported they're trying to do something and they can't access or download a file, I can quickly see in the logs that something has been blocked because of the antivirus detection. And I've managed to go from there, allow the file.

    One feature we haven't used yet is the solution's high availability failover protection. It's something that I've not even tested myself. I was interested in it when it was first announced, but I was reading about it and a few people said that some of the early implementations were a little bit buggy. I have a feeling it's gotten better now. But I've not used it and no one has asked for it either.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Silver Partner with GFI
    PeerSpot user
    Head of IT at Glorious Way Church
    Real User
    Keeps our public and private networks separated and protected from any intrusions from the outside
    Pros and Cons
    • "In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, and content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful."
    • "There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out."

    What is our primary use case?

    It's the firewall and the router for our network. That includes both the public side and our private side as well.

    How has it helped my organization?

    We were having issues with feeling more secure. Keio Control has made me feel like our network is more secure. Also, the VPN feature was easier to manage and assign to different users. There's no more downtime with our VPN. It just works.

    Kerio Control has saved time for the members of our team who manage security.

    We've increased the amount of clients that use VPN. It's very easy to manage and very easy to setup. All we have to do is set them up with an account and then download the software to their computer. It just works. There has been a 50% increase.

    What is most valuable?

    The intrusion prevention is good. I like the fact that it's always up, it's always secure, and it never lets us down, never locks up. It just works.

    As a firewall, it keeps our public and our private networks separated and also from any intrusions from the outside. 

    In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.

    It provides us with everything we need in one product.

    Because of the reputation of Kerio as well as all of the great things my IT company recommended, it's easy to trust a company like this for our intrusion prevention and for our security. It's really easily laid out and it just works.

    The malware and antivirus features keep themselves updated once it's turned on. You don't really have to worry about anything. It scans all the incoming email and it scans for web traffic. It just works in the background. You don't even know it's there until it finds something.

    The VPN feature works great and it's secure as well. I'm impressed with the speed at which it works and how easy it is to access over the VPN.

    What needs improvement?

    There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.

    For how long have I used the solution?

    I have been using Kerio Control for two years. 

    What do I think about the stability of the solution?

    It's extremely stable and the uptime is incredible in terms of how it stays connected, and we have had no issues in over two years of using it.

    What do I think about the scalability of the solution?

    It can scale and grow as we grow. It has very impressive features. It is a little bit of overkill for what we use it for. But I think it's worth it. I really do. I don't mean for it to sound like a negative. I chose it on purpose, even though I knew it was a little bit more than we needed. Because of the security features and because of the reputation that it had coming from our IT company, I really saw no other option.

    Only I manage the device and I'm head of our IT department.

    We have roughly 10 VPN users and 20 or so computers. Then we have at least 75 to 100 devices that connect to it at one time on a Sunday. That connects to the internet and it's able to handle the traffic and the bandwidth management perfectly.

    It's more than adequate for our size of business. I know it's made for larger companies than ours, with more employees. But it works very well for us and it's easy to manage. It's robust and very consistent. 

    How are customer service and technical support?

    I've only had to use technical support once and it was on a VPN. They updated the VPN protocol and I had a question about it. They immediately got back with me. It was easy to deal with them. They immediately had the solution that I needed.

    Which solution did I use previously and why did I switch?

    Our previous solution was off-brand. We upgraded because it did not have enough bandwidth to support our faster internet speeds. That's the real reason why we upgraded. It was not able to have a VLAN and a second LAN for our public site. That was another reason why we upgraded. We didn't feel it was as secure as Kerio.

    How was the initial setup?

    The initial setup was straightforward, with the exception of the VLANs, and setting up a second LAN. Other than that, it was straightforward.

    The deployment took two hours. 

    The IT company went through and showed me all of the settings and gave me a tutorial on which features I needed to use and how to turn them on and what they meant. As far as the rest of our office staff is concerned, they just needed the VPN protocol setup. I was able to do that on my own because that was really straightforward and easy.

    They set it up for me. They plugged it in for me and then explained all of the features to me and helped me set up some of the features. I was then able to easily find videos online and some instructions to set up other features that I wanted, like content filtering.

    Having seen the process, I could easily do it again without their help. I just needed a little bit of a push from them.

    What was our ROI?

    We have seen ROI. 

    What's my experience with pricing, setup cost, and licensing?

    I would encourage other people that when considering pricing, you really have to think about how important your network security is and how you're going to save time in the long run on managing your network. It's worth buying a product that's top-notch and the best quality. Your network is worth it and your employee's security is worth it.

    Which other solutions did I evaluate?

    We also looked into Ubiquiti UniFi system and decided to go with Kerio.

    Kerio ended up being a much better solution. 

    What other advice do I have?

    I would rate Kerio Control a ten out of ten. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Freddie Lewis - PeerSpot reviewer
    Solutions Architect at Clockwork Solutions
    Real User
    Geo-blocking enables us to know where our traffic needs to come from but the antivirus is a bit laggy
    Pros and Cons
    • "The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing."
    • "The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it."

    What is our primary use case?

    It's the Edge firewall for my business. I'm a small business IT consultancy and I'm subcontracted out to a larger organization. It's really just me working from home, which is a bit more permanent now, but we do have a couple of other side projects I work on with a couple of other partners. One of them is a financial trading solution, so we want Kerio to beef up the edge security to make sure that the solution itself was secured nicely because it meant building out a rack of a couple of rack-mounted servers and beefing up the solution. 

    Being an SMB, we do find that Kerio fits our needs. It fits nicely in that space because any time that I've been to an enterprise it's pretty much dominated by Cisco products. A product like this probably wouldn't get much air time to get in the door of a really big organization, whereas a small to medium-size enterprise where they're big enough to have some sort of IT presence, it would probably fit in nicely. With an enterprise that's my size that doesn't have an IT presence, then they'll probably use some sort of managed service solution.

    We wanted to beef up the firewall and not just run off some sort of IoT style firewall that's built into a modem. It didn't seem to be adequate for our needs. So that's where we went into Kerio because at the time, we had some remote desktop services running and we were getting a lot of attempted cyber attacks coming out of China and a few other places. Kerio was one of the few that could actually geo-block, which was really quite handy.

    How has it helped my organization?

    Its primary job is to protect us and give us a degree of comfort. We're putting a lot of effort into creating a financial trading system. We want some comfort that it's secure behind the quality firewall and that's really what beckoned its purchase. The fact that we've not had any issue indicates that it must be doing that job reasonably well, and the fact that we don't get any of those attempted attacks from the block in China, because of geo-blocking, is probably the strongest feature for us. I wouldn't say it improves what we do because it doesn't affect what we do. It's really just security.  It's a tool to improve our security profile for what we do.

    We don't expose our remote desktop connected servers to the internet anymore. But when we did have that, because the security log is a really easy thing to set up, it would show you all the attempted, brute force attacks. That's now down to zero. We don't get any brute force attacks, but at the same time, we don't expose the Port 3389 out to the internet. We could achieve the same result with a domestic firewall in a domestic router. However, this gives us a degree of comfort that we can actually analyze any traffic that looks a bit suspicious, inbound, or outbound. That's a definite step change compared to what we'd have in an out-of-the-box type of router.

    Security is there to slow things down and make things a bit tricky. That's its bottom line. If security is easy, it's probably being done wrong.

    Certainly in the first few months of using it, it was quite time-consuming to get a configuration working that was reliable. Because I work from home, I originally had it protecting everything coming in and out of the home which didn't work well at all. It's protecting the home office and the server environment. Everything else just goes straight out of the domestic router out to the internet because we've got IPTV, with kids on devices. They don't need such a high level of protection. It would be nice to give them that because if you've got this perimeter that's protected by a really good quality product, you want to protect everything.  But when we tried that, it seemed to struggle with the high volume of traffic that was being generated by the IP cameras, the IPTV service, and the myriad of devices and iPads that we have in the house. So we stopped using it for that purpose.

    What is most valuable?

    The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

    The geo-blocking is essential because the partners we deal with are typically either in the US or Australia. We know where our traffic needs to come from and we don't post anything publicly that the general world needs to see. It's just a few discreet services that need to be hosted on this financial trading stuff.

    The integration of Active Directory is very good as well. We don't use the VPN service. We use VNC. We get mixed results from the QoS, but that's another good feature. Really, dashboarding, track, and monitoring are the most important features for us as well.

    We are about to test the high availability and failover protection because one of the issues we have is the device or the Hyper-V host seems to need a regular rebooting, which isn't an issue directly in itself, but it would be nice if it could do that on its own. We can't find a feature to do that. That's the complaint I'd have of that and the HA might solve that problem for us. So we'll give that a go.

    Out-of-the-box, the overall comprehensiveness of the security features is pretty good. It's not just a firewall, it's kind of a firewall proxy, reverse proxy, everything out-of-the-box sort of solution. It's pretty comprehensive. I can't imagine wanting anything else, because for me as a consultant, it's not just about protecting the environment. It's also about having something that's commercial-grade because when you go in as a consultant, you need to be exposed to these tools and you need a lab environment to test these tools out. This is as close to a good commercial tool that you could possibly ask for.

    In terms of the availability issue, I've considered that there are hardware options as well, which is nice. We're not sure if that will be an improvement over using Hyper-V, but that's to be decided.

    What needs improvement?

    The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.

    The last time we used the antivirus, it seemed to slow down some of the connections. I didn't dig too deep into it, we just turned it off and it seemed to rectify the problems. It's hard to say whether it was that directly but it seemed to be creating a bit of overhead on the connections.

    The reliability is its biggest downfall. I don't expect to be rebooting a product like this every couple of days. In fact, it's become a start of day thing just to reboot so it doesn't let me down in the middle of a team's call or something like that. It's quite slow as well. I could be on a team call and it would drop the connection. Then we'll get a warning that we've got poor call quality and as soon as you restart the device all the problems go away. There's clearly maybe some sort of memory leak problem or something in there that's affecting its reliability.

    We've just had our national broadband network connection today, which is a high throughput connection. We will be reconnecting the entire household through the device, to see how it copes and we'll see if it improves anything.

    For how long have I used the solution?

    I have been using Kerio Control for two and a half years. 

    What do I think about the stability of the solution?

    If I came across a client that was a small to medium enterprise, I'd probably recommend it, but a lot of them have a solution in place now anyway. It's hard to get those opportunities for new business in that regard, but I reckon it would probably scale quite well. I'm at 25 licenses, but that's only because we have so many devices in this house. It looks like it probably would scale. As I said, with that level of reliability, that probably would be an issue if you wanted to scale 100 to 200 licenses.

    We did try the proxy feature, but once again, that failed miserably. It ran well for a few weeks and then it died on us, and it was really quite hard to diagnose what had gone wrong. We turned it off and went back to a previous configuration which was a bit disappointing. It comes back to that reliability, whatever it is that makes it conk out is clearly a problem.

    How are customer service and technical support?

    I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.

    Which solution did I use previously and why did I switch?

    We tried a few different Windows-based products. That's how we found Kerio because it offered a Hyper-V solution and it also offered a hardware solution if you wanted. I'll try the software one first and see where we go. There were a couple of other products we used before. Originally, we used to use Microsoft, the ISA server back in the day because that got swallowed up by Fortinet and we didn't touch that. 

    There was another Windows product, WinGate. That has a really bad reliability problem. It would stay up but the connections were very slow going through that thing. Maybe it was poorly configured on my part, but it just seemed to be incredibly slow at managing the connections. We'd notice a very latent response from web pages and it never, even though it had a massive caching there for caching pages, it just seemed to never be as quick as bypassing the WinGate software. That wasn't virtualized. That was running on a native Windows server at the time so that was really quite poor in terms of performance.

    How was the initial setup?

    Given that it's a Linux deployment, the support it offered, like giving you a Hyper-V client out-of-the-box, is fantastic. It's a really clever idea because you're not then left with a painful configuration of spinning up some sort of Linux host and then trying to do an installation. The fact that it comes pre-packaged with Hyper-V images was a very smart and clever move because that made it a lot easier to get it going if you like. Getting that up and running was quick, it was just a configuration, and finding the right configuration was the hardest part.

    The deployment was less than half an hour. It was very quick to get it up and running and get it operational. It was just fine-tuning that configuration to suit my environment that took the time, which I would expect of any device, no device is going to come out-of-the-box and just work like magic unless you've got a really simple environment. Whereas I've got a home environment, where it's just me as a small business, but I've got that many servers and hosts running.

    Our strategy was to take it out-of-the-box and get it working.

    The setup was pretty easy. The external remote control was really good and simple. It gave extra manageability on the road which was good. It was pretty straightforward.

    In terms of maintenance, it's just me. In terms of my time, it doesn't take much time at all. I'll hardly make any changes to it. Now it's running fine. The only next thing I'll be doing is trying out the HOA.

    What was our ROI?

    With security, I don't think you can calculate ROI. It's not easy to call a return on investment with security products because anything security that's done properly is going to be a cost overhead. That's by its very nature. If security is quick or cheap it's probably wrong. I don't look at it as a return on investment, I see it as security. A bit like saying if I bought a new car and they said, "I can save you $500 if you say no to the airbags." For 99.9% of the time, you'd be saving $500, until one day it costs you lots of money and maybe your life. I see it the same way.

    It's not an optional extra, it is an overhead that you have to pay if you want to secure an important asset. You've got to weigh up how important that asset is against how well you want to secure it, and that's where you say, "Well, it's going to cost you the price of a Kerio license, the price of a VNC license, sort of remote management. And that's what it costs to manage and secure properly those services." I'd say we've achieved that. It's hard to really put a return on investment with security.

    What's my experience with pricing, setup cost, and licensing?

    I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that. It's not terrible. It's actually cheaper than what we pay for VNC. We probably could save money thereby utilizing the Kerio VPN and not VNC. For a firewall proxy solution, it's probably a bit on the higher side price-wise.

    We have to provide our own Hyper-V host to spin it up or buy the Kerio hardware, but otherwise, there are no other costs.

    What other advice do I have?

    I'm experienced in networking, but I'm not a network engineer per se, I'm more software development. The fact that I was able to get it set up and going with minimal fuss was definitely a plus for the product. I've seen products before where you can get them running, you make the slightest configuration change, and the whole thing comes crashing down. It's quite a stable product in that respect and it does look after itself quite well. For example, risk proxying solution and buying a GoDaddy certificate to secure a couple of APIs was a piece of cake. It really didn't hurt us at all. I think the important lesson there is, if we had tried to do the same thing with a NETGEAR sort of a firewall with a built-in firewall product, I think we would have had a hard time. Kerio definitely has made it easier.

    I'd say give it a look for sure. I'd totally recommend it.

    I would rate Kerio Control a seven out of ten. If I didn't have to reboot it so often, then it would probably score a nine.

    It's not a cheap product and it's not a particularly reliable product at the same time which tends not to be a good mix. Something like this should be able to cope with my entire household, every device I throw at it, and it should be able to cope with that fine. It clearly didn't two years ago. We'll try it again in about 24 hours and we have to hook up this high-speed connection to it and we'll see how well it performs there. Reliability is about the only qualm I have with the product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    President at a tech services company with 1-10 employees
    Real User
    Allows me to use a VPN and access my data directly from a laptop when I'm out in the field
    Pros and Cons
    • "Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great."
    • "The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects."

    What is our primary use case?

    • Firewall
    • Security
    • VPN

    I use it both within my company and with its clients. I work with Windows Servers, small to medium-sized businesses, and under 100 users.

    For product versions, we use the 1100 and 1300 series along with NG100, NG300, and NG500.

    How has it helped my organization?

    Instead of using a cloud-based product for accessing information, and putting my data at risk in the cloud and in someone else's hands, it has allowed me to use a VPN and access my data directly from a laptop when I am out in the field. That has made my life a lot easier, where I'm able to access any information I need to be able access, basically on demand, with an Internet connection. That alone has been great.

    The solution has increased the number of VPN clients extended to those outside my environment by 30 percent. 

    My clients are pretty lax about the content filter, but it works well. For the most part, they want to keep their employees pretty happy. Therefore, they are not too strict about what they are viewing. Obviously, they don't want them surfing any adult sites or anything like that. But, for the most part, they do allow shopping at work and things like that. They're more relaxed about it, to a certain degree.

    What is most valuable?

    The VPN and security are the most valuable features. In the current climate, with people working more remotely, it is nice to have a solution that is flexible and provides multiple features, such as, being a firewall and VPN.

    The antivirus works pretty well.

    What needs improvement?

    The comprehensiveness of the security features could be improved upon. However, for the most part, it is pretty good. They could add more logs. I would like to see more detailed reporting, custom reporting from the logs, and more of a streamlined interface for certain aspects.

    The malware features could be improved. In the large systems, it could use a better alert system, as far as things happening. I get a lot more information from Kerio Connect, as far as alerts, but not so many through the Control products.

    It's pretty easy to use. Although, the interface could be improved upon. Certain settings are thin to a certain degree, whereas they should be put more to the forefront and right in front of your face. I would give it a seven out of a 10 for its ease of use.

    For how long have I used the solution?

    Almost a decade.

    What do I think about the stability of the solution?

    It's pretty stable. I don't have too many complaints about the product.

    What do I think about the scalability of the solution?

    I'm a sole proprietor. I don't have any employees, so it's just me.

    I deal mostly with small businesses, so it scales well for that.

    How are customer service and technical support?

    When GFI first took over, there were issues. There were issues contacting them. Even recently, there have been some issues with the MyKerio site. I was getting false notifications, and that basically took a month to resolve, which I thought was wrong in today's environment. I rely on notifications, and it was giving me false notifications. I had no idea if systems were down or not, so I was a bit disappointed.

    Which solution did I use previously and why did I switch?

    I have used a couple of other brands, like SonicWall, but not in a long time. 

    Kerio Control has more flexibility, e.g., VPN with the Kerio Control Boxes. Though, some of the other products do have better reporting.

    How was the initial setup?

    The initial setup was pretty straightforward and intuitive. I just need to have some of the information of my clients in front of me. The only thing would be to tweak bug filters and content filters a bit, depending upon your client requirements. However, getting it up and running, it's pretty straightforward. 

    There are wizards. You can just follow the wizard, pay attention, and be all right.

    I haven't used all the features yet, e.g., I still don't integrate Active Directory.

    What about the implementation team?

    I use the Kerio Control Boxes. So, I receive it, test it, register it, and update it, then take it out to the client, reconfigure it, and tweak it. This takes three hours.

    What was our ROI?

    The solution has saved time for me. It saves me five or six hours a month, where I would have to go run back and forth between clients. If I'm out in the field, I would have to run back to the office to get something or check something. Therefore, it has saved time for me while being onsite and having to access information that I need quickly. For the most part, the security has been good. I haven't had too many issues. Though, the reporting could be better, so I can see specific data on their systems.

    I've used them for VPN tunnels to connect offices. For one of my clients, the return on investment is rather good, because there are software products out there that charge on a yearly basis for subscriptions. Using the Kerio Control VPN, there are no yearly subscriptions. So, it has saved them money.

    What's my experience with pricing, setup cost, and licensing?

    It gives us a lot. It does prove to be a very robust product for the cost.

    The yearly maintenance fee is a bit high for the Kerio Control Boxes. The end of life for the devices is kind of short. It seems like they're making you upgrade within a short period of time. They should at least allow five years, but it seems like they are changing their end of life to be shorter to generate revenue.

    What other advice do I have?

    The solution’s firewall and intrusion detection features are average. They're not spectacular, but they do the job. For the price point though, it's very good.

    The solution is pretty reliable. It is flexible, e.g., if you have an old workstation, you can turn that into a Kerio Control Box, which is nice. I'll continue using them. However, I believe that their end of life and maintenance fees could be a little more flexible, as far as the cost of the maintenance fee and the length of the lifecycle of these devices. 

    I would give the solution an eight out of 10.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    IT Support at Rural Computer Consultants, Inc
    Real User
    Content filtering and VPN simplicity are second to none
    Pros and Cons
    • "The ease of use in the GUI itself is the most valuable feature. The GUI is really the best part of it. We like the traffic rules so we can control who can get to what. It's easy to determine the flow of the traffic itself so we aren't having to guess through command lines and reading out basically command-driven output. It's just a very easy-to-use interface. The interface is the best part of the product."
    • "The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a beating on the appliance. And when there's a lot of things going on, the system can get bogged down. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time."

    What is our primary use case?

    We have over 50 office staff that we use Kerio Control to protect, monitor web traffic, and cloud-host environments. We have a VPN tunnel from outside vendors that we keep connected to our environment and we use it as a switching device between some of our hardware in the hosting environment. We also use it for the security function. 

    Our primary use case is for intrusion prevention from attackers, from wherever they may be. And also for doing the quality of service because we have a lot of remote users, especially during this pandemic. We can control the quality of service with phones and network devices, as well as the antivirus scanning. We use the whole gamut of pretty much everything that Kerio has to offer.

    We're still a small company but we are pushing what the software is currently able to handle, while it seems to be geared towards small-medium business.

    How has it helped my organization?

    Content filtering used to be that you had to block specific websites that you didn't want somebody to access, or you had to write a specific rule to say that something is accessible or not accessible. We can apply Kerio-provided categories and rules without having to define large scopes of protocols or malicious websites. That part of it has come a long way in the last five to ten years.

    The GUI is the best part of the product. If another team member needs to get in there to do something, it's a really quick click and it's done. There's no learning through command-line tools.

    On an annual basis, we save not just hundreds of hours but also labor costs. Over the life of the product, I'm sure it's in the tens of thousands of hours because we don't need an inhouse specialist in Kerio technology.


    What is most valuable?

    The ease of use in the GUI itself is the most valuable feature. We like the traffic rules so we can control who has access. It's easy to determine the flow of the traffic itself so we don't have to educate on command lines and reading out command-driven output. It's a very easy-to-use interface.

    The comprehensiveness of the security features is fairly good. There have been some suggestions that we've made to the GFI team that we would like to see for performance. As our company grows, we need Kerio to grow with us, and so we've suggested some ideas on making the Kerio Control appliance perform better for more users because it can become sluggish under heavy loads.

    In terms of security features, Kerio gives us most of what we need. There are some granular items that we would find more useful when we want to stop a particular region from access. 

    The firewall and intrusion detection features are really good, it just needs a little bit more fine-tuning.

    The content filtering and VPN features are great. The vpn client is ssl based, so no key cipher matching is required when setting up without information in front of you.

    What needs improvement?

    The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a toll on performance. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time; it is currently running on an end of life linux kernel.

    For how long have I used the solution?

    I personally have been using Kerio Control for 13 years but it's been at my company for close to 20 years.

    What do I think about the stability of the solution?

    The stability has actually improved quite a bit. There were some bugs found in previous versions up until about last spring, and then they concentrated on fixing some of the issues causing us some problems. As of the last update, it's very stable.

    What do I think about the scalability of the solution?

    It's not very scalable when you start to get into the hundreds to thousands of users because the performance of all of the functionality isn't quite there yet. We're hoping that's remedied with some updates coming down the line.

    Kerio is pretty much the backbone of everything that we do. Keeping all of our customers connected to us, keeping our staff safe online, and getting our staff into our cloud environment.

    How are customer service and technical support?

    The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.

    It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.

    Which solution did I use previously and why did I switch?

    I did not have any experience with another similar solution. In fact, I had never heard of Kerio until I started at my company, primarily because Kerio was fairly small at the time. They were based out of California at the time. They were a small company and generally fit into the 100-users-or-less environment. When you would hear about other vendors, they generally ran in the thousands to tens of thousands of users and you just didn't hear about Kerio in that product line.

    We take other solutions into consideration based on the growth needs that we have. As our cloud environment gets larger, if the Kerio technology is not able to keep up, that's always under consideration.

    How was the initial setup?

    The process was pretty straightforward. Something that I expected to take days to weeks took about two or three hours.

    What was our ROI?

    Network security should not be planned around providing a return on your dollar in terms of a payback in the administration of the process. It should be planned around providing a level of comfort to management that intruders are being kept out of the network, errors and omissions are being kept to an acceptable level of risk.

    What's my experience with pricing, setup cost, and licensing?

    Price-wise, it's very affordable. Whether you're a smaller or larger business, whether you're five users or a couple of hundred users, the pricing is very fair. The performance of it is what determines how you want to license it because you can purchase a Kerio appliance. We try to make use out of everything because we like to keep it in one place. It has fit our business size and needs.

    Which other solutions did I evaluate?

    Some of the main differences between the other solutions and Kerio is that Kerio has made their subscription service fairly universal. You get pretty much everything with one subscription. With some of the other vendors, you have to subscribe to each module that you want to use. On the other side of it, other firewall vendors tend to be able to handle in the millions of connections, hundreds of thousands to millions. And we see some of those limitations with the Kerio appliance because of some of the aging architecture of it.

    What other advice do I have?

    My advice would be to follow the hardware requirements of Kerio and make sure the equipment that you have can run the connections for the number of users that you intend to run and are being planned out to be successful. Working with the Kerio team to determine your needs works out very well. 

    Not all firewalls have to be difficult to learn. Kerio has made it a really easy-to-use product.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    General Manager at Gays Hops-n-Schnapps
    Real User
    Using the VPN it's like I'm sitting in our store; provides seamless connectivity
    Pros and Cons
    • "I love the VPN that we set up. A few of us have it on our computers so that if we leave, we can still access the stores. And we can work from home if needed. When I sign into that Kerio VPN, it links me like I'm sitting in the store. It puts me in our secure network so that I can sign on to each individual store and I can run numbers... If I have to work from home, it's so much faster than the way we used to do it."
    • "When we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly."

    What is our primary use case?

    We mainly use Kerio Control for the phone systems. We use it like a VPN network so that I and a couple other guys can take our computers home and work from home. That's a great feature. We love that because you can sign in at home and be like you're in the store.

    What is most valuable?

    We have five locations and, for the person who controls it we have it set up in our main office. The ease of access, of being able to change a voice message, it links to that. The person who controls it can approve it and then she just plays it. That's great for when we have to do a holiday message or special events are happening. We love that feature. 

    I love the VPN that we set up. A few of us have it on our computers so that if we leave, we can still access the stores. And we can work from home if needed. When I sign into that Kerio VPN, it links me like I'm sitting in the store. It puts me in our secure network so that I can sign on to each individual store and I can run numbers. We work through ICS Vision for our stores. We have a corporate plus five stores and it lets me link to all that. If I have to work from home, it's so much faster than the way we used to do it. It saves me a couple hours of each time I use it from home. It also saves me from having to drive in.

    It's the overall ease of everything. It seems to have pretty seamless connectivity for linking our stores.

    Also, the firewall and intrusion detection features seem to keep people out of our servers. I know it's a little bit of a process to try to link something new into it because the firewall is very secure, but we haven't had any issues with malware attacks on our end so it must be stopping them.

    What needs improvement?

    We haven't really had any major issues. But when we did our last update, we had some trouble with the initial syncing process to get our messaging to go through. But we were also moving a store and a lot was changing during that process. I don't think it was on Kerio's end. It just coincided with the update. Once we got our third-party IT guy involved it was resolved very quickly.

    For how long have I used the solution?

    We have been using Kerio Control for about six years.

    What do I think about the stability of the solution?

    The stability has been fine. We have no concerns or complaints.

    What do I think about the scalability of the solution?

    In terms of increasing usage, that's going to end up being discussed in a meeting with our IT guy to see what capabilities it has, how we could expand it, how we could grow with it, and how it could help out day-to-day business.

    How was the initial setup?

    I've been with the company a little over three years now, but when I came in as general manager it was already in use. The upgrade is the closest that I've been to a deployment.

    From start to finish, when doing the upgrade, we were back up in an hour, including the issue we had. Our IT guy let us know what was going on and that there was a series of events he had to do and he did them and we were good to go.

    What was our ROI?

    From the old way we used to do things, it's night and day. Before the company brought this on, it was pretty old-school in how it did its phone systems and messaging. The efficiency has doubled, but the company also used to use answering machines way back when.

    What's my experience with pricing, setup cost, and licensing?

    I've never seen any additional costs incurred or involved, other than the initial.

    What other advice do I have?

    The biggest lesson from using Kerio Control is the untapped potential there is to link to everything and streamline our business. That's really what it's about for us. Obviously, there's more out there for us to do with it.

    As an SMB, Kerio Control is a good fit for our environment. It serves what we need done. I would recommend it for a smaller business because the ease of use and the access it allows us are great.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Robert Allino - PeerSpot reviewer
    Owner at L3GNL LLC
    Real User
    Notifies me whenever there's a problem so we don't have to constantly watch the screen
    Pros and Cons
    • "The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
    • "I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."

    What is our primary use case?

    I use Kerio Control is several different places. I use it at home. I also have a firewall at my grocery store. I have a server on the internet that uses Kerio Connect, and I have Kerio Control in front of it.

    How has it helped my organization?

    It has improved my organization because I am able to back the mail server through the tunnel to my house. All the video cameras at the store get copied and backed up to my house as well. For example, if I had a break-in and someone took the video server, I would still have copies of all the videos.

    Kerio has saved time for those who manage security. It notifies me whenever there's a problem or when something goes wrong so we don't have to constantly watch the screen. It saves us 20 to 30 man-hours a week. 

    What is most valuable?

    The custom firewalling is pretty intuitive. You don't have to sit there and learn a new language or anything like that. You can just block this, open that, allow this, just allow that. With a lot of firewalls nowadays, you have to know a language. You have to sit there at the keyboard and type in special commands, and those commands are not used anywhere, just for that particular brand of firewall. Connecting the two up in two different locations for a tunnel is easy.

    The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature.

    Kerio Control gives us everything in one solution.

    The firewall and intrusion detection features are pretty good. I haven't had an issue that I know of. I hope no one's gotten any. I think it's good.

    I also like the malware and antivirus features. It's sitting in front of my email server and the email server has antivirus too. The firewall catches it before the email server even catches it, so they work pretty well.

    I like the VPN but I don't use content filtering that much. It works pretty well but a lot of times kids can get around that kind of stuff. I don't have kids that age anymore, so I don't have to worry about it. I don't use the content filtering that much.

    Kerio is easy to use. If you don't know tech, you can't just get up and do it. Nothing can be that easy, but you don't have to be a rocket scientist to do it. `

    What needs improvement?

    The only thing that I have a problem with is not so much the product itself, but back when Kerio had it, I could call up Kerio or send an email and do an upgrade online. I could renew my subscription online. But now, I have to go through a third-party, and it seems clumsy. 

    I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working. I used to be able to go to Kerio's website and then add the stuff to my cart, use my credit card, and it would bill me. Everything would be working in a few minutes. But now, if your subscription is getting ready to expire, you better give it a week or two.

    For how long have I used the solution?

    I have been using Kerio Control since the late nineties when it was called WinRoute Firewall.

    What do I think about the stability of the solution?

    The stability is really good. I haven't had any issues whatsoever. 

    What do I think about the scalability of the solution?

    I'm not a large enterprise, so I don't know how well it scales. But I imagine if you were to throw bigger hardware at it, it would scale really well.

    I'm the owner, so nobody else touches Kerio except for me. Everybody else uses it as part of their job. They don't really know it's there.

    My company is small-sized and Kerio is good for it. It's good for small and medium businesses. I've never used it on a large or an extra-large enterprise, so I couldn't give my opinion on that. I would imagine it could, I just don't have any experience.

    How are customer service and technical support?

    I haven't used GFI, but back when Kerio had it, they were very good.

    They were very responsive. A lot of times you call the company tech support and they want to treat you like you don't know what you're doing. It's a "Is the power plugged into the wall" kind of a thing. They're very fast to understand that it's not the user that they're talking to on the phone. That the user they're talking to on the phone knows what they're doing to an extent and needs some extra help. It saves time. But I haven't had to call GFI yet, other than when my key wasn't working. It was an email. When I renewed my subscription, the keys didn't update. They had a problem with their update process, so the person had to go and manually update all my subscriptions. It took a few days. 

    At first, they didn't understand, because they said it's just automatic. Which it's supposed to be. The next day I told them that it didn't update. Then finally looked and they did one subscription, and then I told them that my other subscriptions didn't update. 

    At first, I was supposed to read a manual on how to do it. But I was doing everything that was shown, it just that their process behind the scene wasn't working. It's the online thing, so it was updated. However, my server wouldn't get the notification that it was updated. They thought I was not doing the website properly because they would tell me to go to the website and hit update. It first started as if I was a user that didn't know how to do anything and then they realized we had a problem. I fixed it. It should have been a lot faster.

    Which solution did I use previously and why did I switch?

    I did try out another solution called Unify but it wouldn't work very well. I couldn't get the VPN tunneling to work. The GUI was not intuitive and it was all over the place. Things were not all in the same spot. 

    I actually bought several of them. I was going to go away from Kerio. I didn't like the way Unify worked. You had to have a gateway key in order for it to work. You took two devices to make one device work. I ended up scrapping that project and kept Kerio.

    How was the initial setup?

    For the initial setup, it walks you through a wizard. I've just never used that. But the wizard can set up a very basic bare bones, don't let anything in kind of a setup, which works. My setup is more complex. I have VPNs and tunnels. Any IP on my network has to be logged in, in order to get out. Mine is more of a complex setup. The ease of setup is pretty easy if you use the wizard. It just asks you a few questions and that's it. It's a bit more complex when you do it yourself. 

    The deployment took a couple of hours. 

    What was our ROI?

    I have seen ROI. All the attacks, malware, and viruses that have been stopped are nonstop. The people out there are attacking all the time. It's nonstop, it never stops.

    We have peace of mind that our solution stops all those attacks.

    What's my experience with pricing, setup cost, and licensing?

    Get the GFI unlimited, unless you're only going to have it at one spot. The pricing for the unlimited is a pretty good deal.

    Which other solutions did I evaluate?

    I looked into Palo Alto, that had a lot of features and everything else. But when I tried to contact them to get a price, they didn't give me the time of day. They wouldn't even return my call. At the time I was a director for a very large company and they still ignored me.

    What other advice do I have?

    Make sure the person that's doing it knows what they're doing. If you're not getting overly complicated, pretty much anybody can do it. But if you're going to get complex, you'll need to have somebody that knows their way around or else you might make yourself vulnerable.

    If you have a tunnel and you have to change certificates because they expired, you do it in the right order, or else you might have to travel long ways to accept the key on the other side. If you create a new key for the tunnel and apply it, the tunnel is down until the other side accepts the key. If going through the tunnel was your only way there, then you're now traveling unnecessarily or long ways. Luckily for me, it was not too far away. But if you have city to city and you have no one on the other end that has the ability to log in and accept the key, then you're going there.

    I would rate Kerio Control an eight out of ten. 

    I haven't had a lot of experience with the new owners and I'm worried that they're going to sunset it or not give it the attention it needs. That's just my thought, I have no proof or anything like that. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Hugo Van Putten - PeerSpot reviewer
    Owner at Multi Level Software
    Real User
    Gives me the ability to map which ports to allow in and out of the VPN
    Pros and Cons
    • "I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN... It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there."
    • "I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is."

    What is our primary use case?

    I use Kerio Control because it is one of the few firewalls which allows easy failover from two separate internet providers. It also has virus protection built-in. I use it to have reliable access to the internet, which is virus-free and which fails over if one of my internet providers drops — and they do sometimes when it rains. Those were the reasons I wanted Kerio Control. And it just works; provides internet.

    We are a very small company, and started with two users. We have now four users who use it on and off. There are nine or 10 computers. I, myself have three or four computers working at the same time. I'm not really dependent on cloud, but I use internet very much in a lot of situations.

    It's deployed onsite but as a virtual machine in a Windows server.

    How has it helped my organization?

    Being an SMB, Kerio Control is nice-to-have. It fulfills my needs completely. 

    It allows the users I have to use email without any problem, without their having to know anything about the fact that there is a firewall which protects them in different ways. I might spend an hour per month on maintenance of the Kerio system. So it's very transparent and very hidden. The best thing is the fact that nobody notices it.

    It has helped me save time. It allows me to get on with my main work, without spending any time on security or worrying about threats to the data I have. Without it, I would have lost a lot of time. A long time ago, I spent a lot of time cleaning computers, removing viruses, etc. That has all gone away since I have had this set up, as part of a three-layer defense.

    The failover has no effect on security. It only affects the availability. There used to be a situation where I had two internet providers with different speeds. If my main provider was down, it would be backed up by the other and I wouldn't notice that it was a little slower, and I wouldn't notice that one of my internet providers was unavailable. This guarantees that I always have internet availability. We had some technical problems with one of the lines which was very sensitive to rain — which sounds weird, but okay. And this setup allowed me to not think about it anymore. Since then, internet speeds have grown and at the moment it's not a big issue, but I'm sure that both of the providers drop once a year for a day. But I don't notice it, and that's very important for me.

    What is most valuable?

    The most valuable features include 

    • being able to attach to two different internet providers
    • the ability to map which ports you will allow in and out of the VPN, which is built-in 
    • the fact that it reliably works without any attention.

    I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN. This VPN is different from most other VPNs, although they have used a standard version. It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there.

    I have one or two VPN clients, at most, that are active at one time, so it's there if needed when I'm not working at this location. It helps me a lot to have a reliable VPN client. I have no performance issues when working through VPN.

    Kerio Control also has some authorizations so I am able to block internet access for certain hours for certain people.

    Overall, the security features are adequate. They do what I need. I don't have much experience with anything else, so I can't compare, but they completely solved my problems.

    The firewall and intrusion detection features don't hinder me, and I haven't had any attacks, as far as I can see. I want a firewall to be unobtrusive. I don't want to notice it's there. It should just do its work and protect me and not hinder me when doing real work, and that's what it does. It's very good because it shouldn't be noticed, and it's good at not being noticed and doing its work.

    Overall, I don't have any problem using Kerio Control. For me, it's very easy, but I've been working in software for some 50 years.

    What needs improvement?

    I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is.

    It might also be interesting to have a GFI-approved, Docker-containerized version of the Kerio Control system.

    For how long have I used the solution?

    I have been using Kerio Control for more than 10 years.

    What do I think about the stability of the solution?

    I don't remember any glitches. I haven't had problems with it for a very long time. But I use it very specifically for a certain purpose and that works fine.

    What do I think about the scalability of the solution?

    It's very hard for me to give a correct estimate of the scalability, since a lot of overhead in my situation is caused by the fact that I run it in a virtual machine. That means the bandwidth which it can process, which would be scalable, is downgraded because it's in a virtual machine. That's not Kerio's fault.

    I have no plans to increase the usage in the future. For me, it's adequate because I have a lot of leeway. I have enough bandwidth available to fulfill my needs.

    How are customer service and technical support?

    The problems I've had with Kerio, when I wanted to change something, have always been solved by consulting the Knowledge Base.

    We are located in Holland and there is supposed to be Dutch tech support, and there is an American tech support, as far as I know. The bad thing about the American tech support is that reaching them by phone is difficult and by mail there's a certain turnaround. So, I'd rather rely on the Knowledge Base so that I'm not really dependent on the person on the other side.

    They have an extensive Knowledge Base and, if you can't find something there, you can check the internet and there's enough available.

    Which solution did I use previously and why did I switch?

    I switched because I wanted something which had the possibility to handle two different internet providers, two network cards, and do load switching and load balancing. The other solution I used didn't have that.

    How was the initial setup?

    The initial setup is easy. I know what I want to configure so it's easy, no problem at all. 

    The biggest problem I have is using it as a container on a virtual machine. You have to connect your hardware network cards to the internal virtual machine. That's a problem that Kerio won't be able to solve because it's the environment I have to create to let Kerio work in the way I work, and that is probably different than most users. But if you use it on a simple PC, it's no problem at all.

    I reinstalled it recently and it took me about half an hour, and part of that was getting backups right, etc.

    As for an implementation strategy, I changed the system my Kerio was installed on, so I first did a trial-install to figure out if everything worked. After that, when I did the actual production install, it was done very fast because I had tried it out before.

    What was our ROI?

    It does its job. Converted into hours, it doesn't cost more than five hours per year to pay the price for the 10 users I have. That's a good deal for me.

    Having good internet access is a very large requirement for me to do my work. Internet is one of the basic tools I have and I need a firewall. Your internet provider will give you a box that has a simple firewall in it, but that doesn't suffice for me. I need something like this and it's not an option for me not to buy a product like this. I'm really not even thinking of return on investment. If I don't have something like this, I just can't work. It's a basic necessity.

    What's my experience with pricing, setup cost, and licensing?

    I don't think it's expensive. I'd recommend it to others.

    Which other solutions did I evaluate?

    I haven't evaluated any other options. I started using Kerio Control and it was sufficient. I haven't spent any time looking at alternatives. I've seen constant improvements in Kerio; they actively enhance the product. That's a good sign for me. I also use the GFI mail server and I prefer to use one company for my tools.

    What other advice do I have?

    My general advice is always: Read the manual, check your hardware and see if you have everything you need, and if it will suit your needs.

    It's hard for me to assess its malware and antivirus protection because Kerio is one part of a three-part defense against malware and antivirus. I'm not sure which part picks up which problem. My philosophy is that no single protocol picks up all the problems, so if you have several of them, you'll fight the virus or malware at some point. That's why I have three different tools with different focus points, and together they keep me safe. Malwarebytes specializes more in malware, ESET is a normal desktop antivirus system, and this system is a general anti-malware and antivirus system of another type. They compliment each other.

    I have an internet speed of 200 megabits per second, and 15 might be enough. So the only point I don't know about Kerio is whether it takes a lot of performance out of the maximum you could get if you didn't have a firewall.

    Overall, I would give it a nine out of ten, but with the comment that I haven't compared it with anything else. On my scale, 10s are very rare. They're for things that go beyond my expectations and Kerio does exactly what I expect and it does it well.

    It's just an essential which does it's work. I don't think about it normally. It's just there and it works.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Frank Raasveld - PeerSpot reviewer
    Owner at Fr@nkonnections
    Real User
    Very easy to view how things are working and protects you from hackers
    Pros and Cons
    • "When one of the employees of my customers is using the VPN Client, I have created for them that they will always get a message. When the VPN Client connects to Kerio Control from the outside, they will get an email so they know when they are connected and when they are disconnected what is happening to their network."
    • "After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening."

    What is our primary use case?

    I use it as a service for my customers. My primary target is to help my customers in the best way to protect them from the dangerous things from the Internet. As a solution, it's easy to maintain. The product is a good solver that also depends on good support and its availability of engineers.

    I am using the latest version of Kerio Control. It is an old type of configuration with VPN connections. I still like the product very much.

    It is mostly installed on the Linux software appliance. That's what I mostly use for my customers.

    How has it helped my organization?

    Most customers are not able to understand the technology behind it. I am always trying to explain it to my customers. When I show my customers the interface of Kerio Control and all the reporting features along with the security features within the logging, they're very impressed. I have a very good relationship with my customers because this is mostly based on trust. I show them, and if they have doubts, I always say, "Just hire somebody to check my work." For example, a year and half ago in the travel industry, there were new rules for travel agencies who give out credit cards that they must comply with PCI DSS standards. There were some things that had to be adjusted and Kerio was able to adjust for that. So, it met the demands of PCI DSS standards.

    When one of the employees of my customers was using a VPN Client, I created it so they will always get a message. When the VPN Client connects to Kerio Control from the outside, they will get an email so they know when they are connected and when they are disconnected what is happening to their network. I can, as an administrator, look in the logging and see what's happening. If I really wanted to manage what is happening over a month, then I could go deeply within Kerio Control and make a text file of the logging. I could then order an export to Excel to give the customer an impression of what is happening.

    Our customers don't want to worry about their IP. If it's implemented well, Kerio Control is very good product for this.

    What is most valuable?

    • Security
    • Ease of use
    • Ease of install
    • Ease to recover
    • The load balancing is very easy to maintain.

    The login appearances are very strong. In case of problems, you're able to find anything you want. I am always able to help my customers. I really love this product. It's very good. With its many features, there is no comparison. Over the years, I have seen other types of firewalls but they don't have these functionalities within them. 

    You can create your users, groups, IP addresses, IP groups, and make rules. It can do protocol inspection and load balancing. You can have a backup line where all kinds of scenarios are possible. 

    It has security features, like an open source Internet protection system. This is well-known and a good solution to protect you from guys who try to hack systems. They have also integrated a fire scanner, a protocol inspection, and web content filter. You can adjust things depending on the types of organizations who are using it. Over the years, it has been very easy to maintain. 

    I haven't seen anything else that compares to the comprehensiveness of its security features because I'm working mostly with small to mid-range offices. Manageability is very important, and that is possible with it.

    Kerio Control's firewall and intrusion detection system, Snort, uses tables that are available on the Internet and loads them automatically. Over the years, I never had problems with my customers. The stability is very important for the product. I use Kerio Control as a central security system for my customers. On the workstation, I mostly use a virus scan. There are also multiple virus detections through your firewall. 

    The VPN Client for users is a strong feature within Kerio Control. An important thing within the VPN Client is it also has the possibility for two-factor authentication, which I really like. For some customers, this is very important.

    I like its malware features.

    This is a very robust the product.

    What needs improvement?

    With Kerio Connect, they blew it. They were not able to pace up with the competition. I am working with a variety of customers: lawyer offices, travel agencies, big shopping mall accounts, and small accountancy offices. They have all kinds of needs. Kerio Connect did a new launch in the Netherlands for the ACG and GDPR, which are very strict for some companies, like lawyer offices. It is important within the mail server product that you're able to encrypt your attachments and have two-factor authentication. All these type of things are not within Kerio Connect. Therefore, this product is not interesting anymore for my customers since the Dutch law is that strict. For example, there was a judgment from a judge this year when a company was hacked. There was a guy who maintained this network gave some advice to the customer, but the customer would not pay for that solution. He was held responsible for about 60 percent loss of this business, because there was a ransomware within in the organization. These are the things we have to deal with in the Netherlands and in Europe. Within the Netherlands, this is a very important thing, so you can probably understand how important it is that the product is okay with the market demands.

    After the takeover by GFI, one of the things that Kerio built was MyKerio environment. This is a cloud solution to have an overview of the statuses of all the firewalls that you maintain. When a firewall or primary interface goes down, then you get messages. It also has an app for iPhone or Android. You can then have a quick view about the status of the firewalls for your customers. If there is a problem with the Internet connection, whether it is down or there is an update, then you get a message. So, I can proactively help my customers. However, after the takeover, this has not been very reliable because I get many messages that MyKerio is not functioning. For some reason, there are things that they changed and it is not very reliable at this moment, instead I have to connect to the firewall to see what is happening.

    MyKerio is a cloud thing where you can easily see all the firewalls that you maintain for your customers along with the statuses behind them, providing a way to securely connect to your firewall appliances. This is a very strong feature of MyKerio. However, nowadays, I'm not really impressed about things they do with it. That needs improvement in my opinion.

    Another thing is that you must be a specialist, like me, when you want to have more specific information, e.g., when there are incidents or things that are happening that need investigation, then you need to go to the shell prompts and logging, where you can perform anything. You can edit anything out of your log files. However, this is not possible within the Kerio Control admin interface. You can only search for one thing, but not for many things.

    Kerio Control has a very good future, but it needs good marketing and knowledge around it.

    For how long have I used the solution?

    I have been working with it since the beginning (1997). When it started, it was called WinRoute. Now, the name is Kerio Control.

    What do I think about the stability of the solution?

    It is a very stable product, which over the years has been very good. 

    What do I think about the scalability of the solution?

    The scalability is good. The VPN connections may need improvement. Because of all the security features within Kerio Control, e.g., it can do a deep packet inspection, this can slow down the traffic. Sometimes that creates a problem. For example, Kerio Control offers protocol inspection for the services that are available, and sometimes that gives problems because people are complaining that it is slow. The VPN connections from remote are not always very fast, so I think the throughputs of the VPN need improvement.

    How are customer service and technical support?

    In every software, sometimes there are problems. One of the strong things about Kerio was the support knowledge and the involvement of the employees within the support department. I used to have the impression that the people working there were part of the products. It was almost a pleasure to have contact with people who were really involved with the products. After the take over of Kerio Control and Kerio Connect by GFI, it was really disastrous because a lot of the people involved were gone. When I had a problem and I asked for support, then they are asking me questions that I think help, but they don't understand the product. This is logical, of course, because there was a takeover.

    The GFI product support for Kerio Connect has been unacceptable for my customers and me because I had major businesses that were running with this software and very satisfied because of the user-friendliness. Error and problems cannot be cured, but they must be solved. For example, when I perform an update, the next thing will be a ruined email system, but nobody will be available for support. This is also when they know that an update is coming and I am calling after updating it. They promise to support us, but there is no support, which is terrible. This is the thing that I feel is very important when you use business-critical software, and they need to improve on. I want to be able to call their support and reach someone who has knowledge about the product. 

    It has a very sophisticated logging system. I need to be able to connect to the engineers behind it, who develop it, and tell them, "Okay, that's wrong." If I'm not able to connect to first level engineers and make them understand that they're not able to help me or they need deeper knowledge of the product, then there is a problem. While this is not an issue with Kerio Control because they have proven with the product that they are able to maintain it, the major problem for me with Kerio Connect was they ruined things in the past and I was unable to go back. So, I'm very interested in how they are improving the support to make things work again with MyKerio, as it is very good feature.

    Which solution did I use previously and why did I switch?

    I have worked with all the firewall systems, like Cisco. I see how people struggle of with it and also how much effort it takes to maintain it and implement rules. Kerio did a very good job with that. You can also, in a quick way, see inbound and outbound traffic and make your own filters.

    How was the initial setup?

    A basic initial setup is very simple and straightforward. They offer a straightforward set of rules to make it work, then you can create all the rules you need for the customer depending on their demands. It can do almost anything.

    The deployment time frame varies. For example, if I am deploying to a shopping mall, that shopping mall has all kinds of offices. Every office has its own demands regarding the IP system that they use. Every shop has its own software supply and concepts. Sometimes things get complex, then I start from scratch to make sure everything is maintainable, but this is very easy in Kerio Control if you know how to do your job.

    Because of the coronavirus, for people who want to work at home, it is very easy to set up VPN Clients because that is a piece of cake.

    What about the implementation team?

    When you look at Kerio Control, they are able to maintain it in a way that I had no problems because I was always careful with updates. I first test them on-premise before I roll it out to my customers. That's also no guarantee, but we are able to maintain it in a good way.

    Implementation strategy changes per customer. Some customers have very strict policies about the sites that they can access via the Internet. Others have limited bandwidth. For example, I had a customer who could not visit some Internet sites because most of my customers have two Internet connections. I found out that connecting through the other interface wasn't a problem. It had to do this with the networks between them. It's very easy in Kerio Control to make another path where another Internet connection is used for that website.

    I built a large network of freelancers over the years in the Netherlands and foreign countries to get the best solution for each customers. I am working with all types of people who are trustworthy and have good knowledge of the product. I tell my customers, "The IT world is the same as the medical world. You don't go to a heart specialist for an eye operation, and you don't go to your normal doctor for a heart operation. They're all specialists on their specific terrain." That is the way I operate for my customers.

    I handle the deployment and maintenance of Kerio Control myself.

    What was our ROI?

    I have seen ROI over the years. It is part of the complete solution that I offer to my customers. Over the years, it has offered me a reliable platform for my customer and allowing me to build trust with my customers. That's the most important thing of Kerio Control.

    If the support is not good, then I have a problem with my customers and it will cost me money. That's one of the things that GFI did after the takeover: It cost me a lot of money. Because there were a lot of problems, not with Kerio Control, but with Kerio Connect. It really cost me with unsatisfied customers.

    What's my experience with pricing, setup cost, and licensing?

    It's not a very expensive solution from my point of view. Because it is not only about buying a product, but how much time does it cost to implement the features that the product offers? I haven't found another product that is able to do the things that Kerio Control can do for the money. 

    It is a good fit for SMBs because of its maintainability. When you want to keep your costs low, then Kerio Control is a very good solution. It's not an expensive product that is well integrated. It has a complete set of features within it that make it a very strong product.

    GFI has made a stupid decision regarding small office licensing. For offices where there are only three to five employees and had five years towards a five user product, they now force these customers to a 10-year user license. I really don't understand it. It's a stupid decision for the small offices who want a good solution for security because they'll probably decide to go to another product. Why should they buy something that they don't use?

    I don't use the Kerio hardware because they're too expensive and difficult to maintain.

    Kerio Control has the ability if you buy it (it's a separate option) to know malware sites. Then, they will be blocked and the user is informed.

    Which other solutions did I evaluate?

    I have used Cisco, FortiGate, pfSense, and then more simple router things that have integrated software. However, mostly in business, I don't want to use just a router with integrated software. I don't believe in that concept. My customers are of a size that the stability of the product and the way it is maintained are very important to me. That's one of the strongest things about Kerio Control. It has proven to me over the years, and with my customers as well, that it's a very stable product. I haven't seen another product that compares to it within its price range. However, I also have to help my customers when they are having problems when connecting to a site or when they are having problems in general. When I contact their IT to find out what's happening on their side, it is difficult to get an answer why things are going wrong.

    I can't find a comparable product to Kerio Control that offers the same set of features for the same money.

    I found another product that can do a lot more than Kerio Connect, and that's IceWarp. IceWarp is a very strong product. IceWarp is a really strong competitor within this market. I was impressed with the software's ease of use because it's completely web-based. It's not only a mail server product, which offers secure attachments with out-of-the-box Office, but offers two-factor authentication. It also has a web-based text editor and Excel sheet, where you can make a basic presentation. With the same interface, there is the possibility to do OneDrive or Google Drive. They built it with the same depth that you need to log in to your IceWarp environment as a user. You can store your documents and sync them with a Mac or Windows PC. However, there is not much to find about this product.

    What other advice do I have?

    Kerio Control is very good. The way that you can maintain it, it's very easy. I had an employee who built a copy of the product, which was a very basic interface for the open source community. You can find it on the Internet. He was impressed by the way Kerio built this firewall solver, because most firewalls are very difficult to maintain due to their complexity. If you are working in complex environments, it is not easy to maintain firewalls, because things are always changing. This is the part of Kerio that is very good.

    Every IT guy that I show the interface of Kerio Control is impressed with the product because it's very easy to view how things are working (when you know what you're doing).

    Ransomware is protected only when the system is able to detect, "Okay, this is coming from a link and that link is known, and it is within the protection."

    I don't use the solution’s high-availability/failover protection because the hardware is needed as well and I wasn't able to test it. I want to test it first, because it's not only the testing, but what are the costs of ownership for the customer? Over the years, the Internet connections in the Netherlands are very stable. I always tell my customers that if they have an Internet connection that they should have a backup connection. The hardware that I use is mostly recent, stable hardware. So, it's not for my type of customers. This is not a very important feature because the hardware is well-maintained. However, that's a thing that I take care of since most hardware fails because there is not a good cooling environment or a lot of dust is in hardware. I make sure that things are running well as part of my services.

    I'm still surprised that sometimes I need something which I thought was not within Kerio Control, and it was within Kerio Control. That's mostly the case.

    Biggest lesson learnt: Stick with suppliers for software products who are able to give very good support.

    I would rate the product as a nine (out of 10). It is very good.

    Which deployment model are you using for this solution?

    Hybrid Cloud
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    System Administrator Team Lead | Developer at a tech services company with 11-50 employees
    Real User
    Makes it easy to manage and add settings to the firewall, and gives us a single point to manage global rule sets
    Pros and Cons
    • "The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data."
    • "If you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically 'find out for yourself.'"

    What is our primary use case?

    We mostly use Kerio Control as a virtual firewall solution, and the user accounts let people have access to the internet through the firewall. We also have a few cases where we use the VPN. But it's mostly a firewall solution with multiple VLANs and the network behind it.

    It's deployed on-premises, both virtual and hardware solutions. The NG100 is the smallest solution for smaller businesses, but we mostly use the virtual appliance.

    Most of our customers are small to medium companies, where there are between five and 40 work spaces. Everyone has a PC and they have a VoIP phone and their own phones, and they have tablets. Most of the time, it's one to four devices per user. The biggest client we have is around 30 users.

    How has it helped my organization?

    It has made it easier for us and our employees to manage and add settings to the firewall, as opposed to another brand where you have to use command-line or really complicated layouts. The ease of use is a big plus.

    The solution has also saved us a lot of time in managing security. We have to adjust the content rules and now we have one place where we can enter them. We have a customer with about 20 Kerio Controls and we don't have to set all the rules on each firewall. When we have to add some rules to each of the firewalls, it can be done within one minute. Normally, it would take 20 to 30 minutes, depending on if they're all online — and we would have to check them manually. Now, we just have to enter them and, when they come online, they sync with the global rule sets.

    What is most valuable?

    The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data.

    The content filtering is pretty good for our needs, especially with the global rules you can define. We can define global rules and use them on multiple Kerio Control installations. So we have one place to set all the rules for different customers. That's very good. The rules that it auto-updates and that are automatically available — for example, spam or indecent websites, or whatever else is in the firewall by default — are good.

    The VPN works pretty well, especially with the Kerio Control VPN software. Some products don't have their own VPN software and, with Windows, sometimes it's just better to have a piece of software. That's especially true for some of our customers because they only have to open the software and press "Connect." Windows can be a little bit weird when it comes to that, and it breaks connections. You really don't see when Windows loses a connection or if you have to reconnect. The Kerio Control VPN client is pretty good at that.

    What needs improvement?

    The antivirus is either on or off, but we can't really see or measure how well it is doing. Sometimes we get the feeling that some files get past it and then they get caught on the antivirus of the client PC. We would like to have more control with the antivirus.

    Also, we have multiple employees working on firewalls and if one employee changes a rule and traffic that shouldn't be there suddenly comes through the firewall, it's hard to pinpoint which rule is affecting that traffic because there is some overlap. It's not clear if it's getting past it because it's not decrypted. It needs more logging or more in-depth diagnostics about which traffic is hitting which rule on the firewall. Sometimes we have 20 or 30 rules and it becomes a whole job to figure that out.

    When it comes to QOS, the quality of service, you have to set a fixed bandwidth. But sometimes, when we have multiple connections in front of it, it's a fallback line. For example, when we use Kerio aboard a ship, there is the satellite connection but there is also a 3G or 4G connection. We always have to set a fixed limit for the connection. If we set the fixed limit to 4G and it switches to navigation, one user can use up all the bandwidth for the entire ship. It would be better if there were something more dynamic, where it could sense the total and we could use percentages. For example, we could say a user has always 5 percent of the connection. But now we have 5 percent of a fixed connection number. The fixed limit on a line for QOS is a problem because we don't always know which connection is in front of it.

    Also, if you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically "find out for yourself."

    We've also had some problems with how to set the rules, but that's when more than one rule is overlapping and cancels out all the other rules. However, that's more our fault.

    For how long have I used the solution?

    I have been using Kerio Control for around six years.

    What do I think about the stability of the solution?

    It's pretty stable. We had some problems with Kerio Control virtual appliances. If it was running more than 20 days, it would become really slow and sometimes it would just stop working. When we rebooted the solution it would come back up. But that was something that was happening a year-and-a-half ago. Since then, we haven't had any more problems with it. 

    We had a few solutions that just went corrupt. We're not sure if that was the disk or Kerio itself. We always have an installation of the virtual appliance on the server, so we can set up a new one, load the backup back in, and be up and running again in 15 minutes.

    How are customer service and technical support?

    It's been a while since we contacted support, but back when we did it was pretty hard to get a hold of someone. We didn't get a lot of feedback. Most of the time, it was, "Look at the documentation." It was hard to get someone to look over our shoulder and help us with the problem. I think that was before GFI took over.

    Which solution did I use previously and why did I switch?

    We did not have a previous solution. 

    How was the initial setup?

    As I said, if there were best practices or a template, the setup would be a lot easier because you start and then you change the setup according to what you think is right. But later on, when you encounter problems and look in the documentation, you see that another way is better. That was a bit of a problem when setting up. It all works, but in managing or adding rules, for example, or we just didn't do it properly. It was a bit of trial and error and that was a problem. It's too much trial and error when you start.

    Deployment time, for some customers, is fairly quick. A basic setup can be up and running in 15 or 30 minutes. With other customers that have a lot of rules we do testing so it could take three or four hours.

    For our implementation strategy, we just look at what the client wants. For some clients, we have a basic template now, where we always use a backup from an existing Kerio. If it's a new customer, we check if we have an existing Kerio that's pretty much the same, or we just do it from scratch if there aren't too many rules or networking behind it.

    What was our ROI?

    We see ROI because the ease of use is a lot better, so we spend less time on maintenance, administrating, changing rules, and checking usage.

    What's my experience with pricing, setup cost, and licensing?

    If you have a lot of users, the licensing can be a bit of a problem because we have a lot of customers who don't use the user feature, but we have five devices per user, and we have to extend the license every time. The fixed model of users and devices is a bit of a problem for us. We want to be able to expand it fast and not have to contact our supplier first to get a license. That takes another one or two days and the customer is waiting.

    It might be better if they offered a fixed monthly or yearly price instead of the user-based price. That's really keeping us from deploying with some of our smaller customers or customers that have a more dynamic user base. If they had a larger fixed price with unlimited users or devices, that would help. Now, it's five users each time. A pack of 100 or 200 users for a certain price would make it more dynamic and user-scalable.

    Which other solutions did I evaluate?

    We looked at pfSense and some paid firewall solutions, but in terms of how user-friendly it is for our employees and my colleagues, and how well we could manage it from a remote portal, Kerio Control was better, in our opinion.

    What other advice do I have?

    Kerio Control is a nice-to-have for a small business like ours.

    My advice would be to look at best practices or get someone to show you how to properly set it up before you try anything and it gets too messy. The biggest lesson I have learned from using this solution is to look out when it comes to firewall rules. Don't use too many firewall rules or content rules because it can get really messy, really quickly, if you don't have a decent strategy for that.

    We always try to use auto-update, so most of the time we're on the most recent version. We have some examples where we use Kerio Control aboard ships where the bandwidth is really limited. In those cases we use our own timeframe to update Kerio Control, but it's normally done within a month or two, so most of them are up to date.

    We haven't seen anything yet in the antivirus and we haven't had any problems with malware with our systems. I don't know if malware is being detected that well, because sometimes the clients still have some malware. I don't know if it's because it's an HTTPS site or something else.

    In our company, most of the work with Kerio is done by about 10 people. Everyone does the same tasks: administrating, changing rules, and installing new Kerios. I work on it in my role as a system admin team lead and developer. As of late, I've been more of a developer than administrator. The others are system administrators, business consultants, and there are two other developers.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    CEO at a computer software company with 1-10 employees
    Real User
    The security has been very good and the VPN connections are reliable in that they stay up
    Pros and Cons
    • "The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing."
    • "One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to the area of upload and download is extremely slow. There's too much content filtering at that point."

    What is our primary use case?

    We have our server in our head office, so we have offices that log into it from various other cities and run their accounting software on it.

    How has it helped my organization?

    We have several offices in different provinces across Canada and because of that, the connection has been very secure and reliable. We haven't had any downtime with it other than when we had the NG100 fail. Other than that, it's made the connection to our websites, our office, and our eCommerce sites all very reliable. That's been very important.

    What is most valuable?

    The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing.

    The comprehensiveness of the security features is extremely good. 

    Kerio offers everything I need in one product. 

    The firewall and intrusion detection features are good. We've had some intrusion attempts that were stopped. The firewall has been doing extremely well for attempted hacks, as well as working well with the intrusion protection.

    The VPN features are good They have a solid VPN client, which we found to be extremely good and reliable on various operating systems. Other than that, the VPN has been good. 

    Kerio is extremely easy to use. They're easy to install and pre-configure. If you have to do any maintenance it's well handled through the system. Remote connection, logging in, and doing changes on the system is extremely well handled.

    We do use the failover in our head office. The failover is working extremely well. The last test on that was May of 2000 and 2020. The failover seems to be working well and the security has been good, so they've felt very confident in having it up and working as it's supposed to be. It's configured as per the instructions and it's working really well.

    Kerio has enabled us to double the number of VPN clients extended to those outside of our environment. It started a little bit before the pandemic but just because some of the companies started to work more from home to cut down on costs. But since COVID that's where it shows it's doubled.

    What needs improvement?

    One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to where the area of upload and download is extremely slow. There's too much content filtering at that point.

    Quality control is another problem that needs to be handled better, particularly in the NG100 series. We have had to replace a couple of those. Other than that, the throttling down of the speed is too much. It is too heavy.

    Other than that, I think they're good. 

    For how long have I used the solution?

    We first started with Kerio back in 2003.

    We have an NG300, NG100, NG300W, and we still have a couple of 1120s.

    What do I think about the stability of the solution?

    Other than the quality of the NG100, stability has been extremely good.

    What do I think about the scalability of the solution?

    The scalability has been extremely well handled. We can very quickly figure out what size of a machine a customer needs and put it into position.

    We have four people that do them, but usually, when we're shipping out, one person sets it up and then they deploy it remotely and have the customer follow their instructions remotely.

    We don't have plans to increase usage because of the problems we have encountered with the company and the follow-up. We would have. We had quite a few of them, I don't know an exact count anymore because it's changed over but even now we've still got about 32 of them in use right now. But we've switched over probably triple that away from it.

    How are customer service and technical support?

    GFI's technical support is improving but at the very beginning, it was very bad. There was no way to contact them. When you did call, you didn't get returned messages. It is improving, but it's still not at a level where we're happy with it.

    Which solution did I use previously and why did I switch?

    We previously used SonicWall. We were looking for something that was really rock solid. We had a very bad experience with SonicWall and their support was very bad. We had a client that was down and they couldn't and didn't help us. We had to find something else in a hurry. 

    One of our technicians had been reading up on Kerio so we brought one of their machines in and configured it. That's one of the first ones he did and he said that the setup was really good. He installed it and got the client back up and running, and then we started looking into it and found it was much better. Strangely enough, shortly after that, the sales rep we were dealing with at SonicWall left and he went to Kerio also.

    Something that really bothers us about GFI, is that as a partner or a reseller, they believe that the customers belong to them. As a reseller, we take a lot of time building trust and confidence with our clients. We've been in business 30 odd years, and we still have clients with us that we took on back 30, 32, 37 years ago. They're still our clients, they deal with us, and they trust us. SonicWall did it and now GFI does it. They insist on all of the contact information for our customers if we sell them a machine. Then they start direct emailing them and our clients start saying, "I hired you to take care of this, why are these people sending me all this junk?"

    Plus, we're in Canada and they send out this information and emails and it has U.S. pricing on it. They make a big deal about that it's only $100 or something, and then by the time we convert it to Canadian, we're looking at $135 and the clients forget that very quickly. It's very misleading to clients. Our customers don't like it. That's one of the other reasons that we're moving everybody from Kerio, because of what GFI's policy is of insisting on having all of our customer's names, addresses, phone numbers, emails, and everything else.

    How was the initial setup?

    The initial setup is pretty good. The guys are used to it now. They've done a fair number of machines and they're very used to it.

    It has become familiar and they're consistent from one model to another. The instructions are straightforward and a good tech should have no problem with it at all. The thing is that they're not a home machine, they're for business. If it has a tech working on it is no problem at all. It's quite simple.

    An average deployment takes two and a half hours. 

    Network engineers set it up. Even one of our web developers has set up some of them. They have been very happy with training other people to do them. They don't have any problems. It's quite simple. The engineer was the first one to start working with Kerio back when we took them on, and he found that even in the beginning, from learning on his own, it only took him about four to eight machines to feel confident that he could do it without having to follow the instructions every time.

    The size of the companies we work with vary. We call them medium-size, but some of them are only one location with 5 to 20 employees. We host a lot of our e-commerce systems and clients have those on their machines so that when the e-commerce inquiries come in, they go through that router. They become a medium-sized business very quickly because of the amount of business they're doing.

    Kerio is a good solution for companies of this size. It comes down to the same thing, reliable, cost-effective, the VPN connections are good for the security between the e-commerce sites. Our eCommerce site is dynamic, so it's connected between the customers' inventory, warehousing, shipping, and billing system, directly to the e-commerce site. It makes it a lot tighter and more security is required because they are connecting directly to the customers' business machines, as well as just e-commerce hosted sites. Reliability and security are very highly needed because it does run their e-commerce sites. 

    What was our ROI?

    We see ROI through the ease of setup. We have a flat fee for configuring one, we charge for one before we ship it out for installation or go and install it. A customer pays the retail price, converted to Canadian at the current exchange rate, and that's what we charge the customer for the machine based on Kerio's MSRP. Then we charge them a flat rate for configuring it, which is two hours and we charge them for two hours labor. Then we charge them for whatever time it takes to do it remotely on-site, or if we're going on-site and having to install it, we charge for that time. If you charge for your time and the value, then you're going to make a good return on it.

    But if you go in undercutting prices, something has to suffer. We have never had a customer say to us that they're upset because we haven't taken care of them if they have a problem with one of the Kerio devices. There have been issues, they're machines, they're going to break down. But we've never had a customer say that it wasn't taken care of properly by us. When we had SonicWall that was a problem, we took care of the customer, we couldn't get the machine that he should have had properly under warranty, so we just went and got him a different machine, put it in and got him up and going.

    That's where we have to charge for it. We did charge the customer for that, but he felt that we provided the service he needed. It just gave him a very bad taste in his mouth because he couldn't get it under warranty. Undercutting prices, either in your services or your pricing of the hardware is what's happening now on the internet, we see that people are buying Kerio cheaper. We say to them "If you insist on buying it and want us to install it, we're going to charge you to install it, and if there's a problem with DOA or anything like that, dead on arrival, that's up to you." We hand it back to them and say this machine's got a problem, you have to get it fixed.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is good. Our businesses have been around a long time and we've done that by not being the cheapest, but trying to be the best or one of the best. There's a lot of very good software and hardware companies out there, but a lot of them try to just undercut pricing and try to get the deal. We do not do that. We have a feeling we know what the value of our product is, if it's our own product. In a case where we have a router system, we know the value of it, we know what the value of the software licensing is for renewal and for the initial startup. We look at those things at the beginning, and we felt that Kerio was well in line. The price seems to be going up now, it hasn't gone up as bad as some of its competitors yet, but we'll keep an eye on that. Right now the pricing is valid for the product and the service they get.

    Which other solutions did I evaluate?

    We did look at and we're also an authorized Cisco reseller, but they're doing the same thing as SonicWall now. These big companies forget who puts all the work in. What they're trying to do, in my opinion, is get the little reseller to go out and hire the right people and go out and move their product, get them installed, and then they want to start going to them directly. I understand that smaller companies come and go but we've been here 37 years in total. They shouldn't go to our customers and start trying to direct sell to them and that type of thing. 

    We were also a Dell reseller and we quit because we had to register every sale with them, and then they were going direct to the customers. It's not fair to the company that's gone out and done all the work.

    What other advice do I have?

    The machine is a good value for the price and the software is extremely good value for the price. It's proven out to be good, but we're just disappointed in the company that now owns it and took over from it. They're improving, but it took too long to improve and it cost us a lot of money in that way. But I can't blame it on Kerio, I have to blame it on GFS.

    I would rate Kerio Control a nine out of ten. 

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Chris Kershner - PeerSpot reviewer
    CEO at Professional Project Managers
    Reseller
    The comprehensiveness of the security feature is exceptional but speed needs improvement
    Pros and Cons
    • "Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio."
    • "The overall speed needs improvement. Internet connectivity speed needs to be improved somehow."

    What is our primary use case?

    Our biggest customer uses Kerio Control as a VPN on a campus network that we use to encrypt all of their heating and air. It's at the University of Mexico. It controls all of their heating, air, and security over their campus network. I have a hundred units doing that.

    How has it helped my organization?

    I'm a one-person team, and Kerio Control has saved me time. When I looked at the comparison between how much time I spend supporting a business installation of Kerio versus a FortiGate installation, just with the implementation, I have saved a few weeks of time. On a yearly basis, I have saved around 30 to 40 hours on one customer because they're bigger customers.

    What is most valuable?

    The VPN is the most valuable feature. We filter out outgoing NAT packets by port. So we locked down incoming and outgoing packets with the Kerio software. It's a lot less money than our FortiGate solutions that we installed, for instance. The value in it is money savings and flexibility.

    Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio.

    For the money, the comprehensiveness of the security feature is exceptional. The next level of security is the sandbox and FortiGate charges me $120,000 a year for that sandbox. I don't see that as something that Kerio would ever be adding. The next step is a big, drastic step up in company size. So for medium and small businesses, I think Kerio is about as good as I can get.

    It gives us everything we need in one product for our small-size business.

    For medium to small businesses, the firewall and intrusion detection features are very well priced and just excellent. The functionality for the amount that we're paying for them is excellent.

    The malware and antivirus features are okay. I add stuff on top of Kerio, I have Malwarebytes. So I would give it an okay. Malwarebytes still catches quite a bit that Kerio doesn't.

    I used the content filtering a little bit and it works alright. I've got a hundred VPNs at the University of New Mexico. I don't put it anywhere else though, so I don't know. I don't really have any kind of input on that, I suppose.

    Their graphical user interface that allows me to open up particular ports to particular internal IPs with one external IP is very flexible and easy to use. It is also much clearer than when I go into my larger systems with two competitors, Cisco and FortiGate.

    Kerio enables me to use one external IP address to cut it into multiples server solutions based on different port numbers. It saves them money if my customers are creative enough to use those features.

    What needs improvement?

    The overall speed needs improvement. Internet connectivity speed needs to be improved somehow.

    If I buy one of Kerio's hardware boxes and put it between me and the Internet, the speed is reduced dramatically using their hardware.

    For how long have I used the solution?

    I have been using Kerio Control for the last twenty years. 

    We currently have one on Macintosh and one on Windows of the most current version of Kerio Control as well as Kerio Connect.

    What do I think about the stability of the solution?

    I found it to be fairly stable. Their updates have gone very smoothly, which is a nice thing. It doesn't crash during updates. I've had very good luck with that. Whereas I can't say the same thing with both Cisco and FortiGate.

    What do I think about the scalability of the solution?

    If you buy their hardware box, it doesn't scale so nicely. I found if I put it on a higher-end computer, it does better. I guess it's okay if you put the right hardware in for it. I can't get through those to their boxes.

    I had some customers that were running about 200 to 300 machines, those were my larger ones with Kerio. For the most part, I have them on between five and 20 users.

    How are customer service and technical support?

    One of my customers had some issues that weren't pleasant. Support was pretty good and then it changed quite a bit when Lifeboat and GFI were involved. I personally haven't done too bad. I'm a one-person show, but I have a bunch of subcontractors. I personally have done alright with them. Although some of my people have had some not as good experiences over the last six months. They had time-related issues, about how long it took them to get back to them.

    How was the initial setup?

    On average, it takes around one to two hours on a small to medium business to set it up. But it's totally dependent on their applications and that can vary up to quite a few hours if they've got some complex application issues. Typically, it's because I have to wait on getting responses from vendors. So we go out and we put in a default setup and modify off of that.

    Our default setup pretty much locks their network up to only having HTTP, it turns off FTP and things of that nature. We have a pretty secure default setup and then we go open things.

    After you've done it a few times it's pretty smooth.

    What was our ROI?

    Our ROI is money savings. We bill them every year for their renewal subscriptions, and that goes fairly smoothly. We don't have to spend a whole lot of time trying to figure out how to add a particular port or interface for a new function that the client needs to have access to. They never need the Internet. It takes us considerably less time to do it on Kerio than it does on the competing products that we also deal with. Which, from our perspective, is appropriate. For some people, it would be a mixed blessing because you are not getting as much billable time out of it, but we like to be as efficient as possible and so we appreciate that. We feel it's a good return on investment.

    What's my experience with pricing, setup cost, and licensing?

    I think that licensing flows pretty smoothly. Make sure that you set them up so you support them over the my.kerio.com web interface because that lets you see all of your customers.

    What other advice do I have?

    We don't use high availability or fail-over protection. We set one up once and almost gave up on it. You have to have pinnacle boxes and things, so we did set it up and test it but we haven't actually sold any of them.

    I feel pretty comfortable having a Kerio firewall in a medium to small business. It can be deployed in an easy fashion, which is the same as everybody's Comcast, CenturyLink, or whatever their modem has. Then if you really spend the time doing it correctly, you can give somebody what, I feel, is an enterprise-quality solution in small business for a good price.

    If I pinhole Kerio for small businesses, I would rate it a 10 out of ten but overall, I would give it a seven.

    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    IT and Operations Manager at a financial services firm with 1-10 employees
    Real User
    Scalable with an easy initial setup but technical support is terrible
    Pros and Cons
    • "The initial setup is a breeze."
    • "When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions."

    What is our primary use case?

    We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

    What is most valuable?

    I really like their general IT.

    I like how it's possible for me to block other countries immediately if I see the need to do so.

    The initial setup is a breeze.

    What needs improvement?

    The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

    When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

    For how long have I used the solution?

    I've been using the solution for about five years now.

    What do I think about the stability of the solution?

    The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

    That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

    What do I think about the scalability of the solution?

    The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

    How are customer service and technical support?

    Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

    Which solution did I use previously and why did I switch?

    I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

    How was the initial setup?

    The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

    It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

    What about the implementation team?

    I handled the implementation myself.

    What other advice do I have?

    We're using the latest version of the solution.

    I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

    I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Matt Gerken - PeerSpot reviewer
    VP Engineering & Admin at E3 Systems
    Real User
    Has saved time for the members of our team who manage security but it's not optimized or set up for satellite communication
    Pros and Cons
    • "The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because obviously everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support."
    • "It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment"

    What is our primary use case?

    Our client base is private yachts and on private yachts, we have different LAN connections, as well as different VLANs. Kerio Control allows us to maximize and control the different LAN connections, both from a performance and a financial standpoint.

    How has it helped my organization?

    The single largest component was the introduction of MyKerio and the ability to be able to remotely connect the challenge that we have with MyKerio. By yacht, I'm referring to the 1% of the 1% of the people that are out there with $50 million to $60 million yachts. They have satellite systems on board so one of the challenges that we have with MyKerio is the sensitivity to latency. What that means is that if you're on a landline like a DSL or a cellular connection, your ping time may be 20 milliseconds, but with satellite, because of the distances involved, those ping times could be 700 to even 1,100 milliseconds. This is a challenge that we have because just about any application or hardware device that is out in the market is not really designed to take that into account.

    In this particular case, if we have a boat that is traveling from South Florida down to the Caribbean and the entire boat is on satellite and we need to be able to log into MyKerio for the boat, it's not optimized or set up for satellite communication. It sometimes becomes problematic in trying to connect to the vessel. Where if the entire boat, like on 4G or landline, then it's no big deal because MyKerio is optimized for that. 

    That would be an area for improvement, but the benefit of it is that we can handle issues remotely. The other benefit is through a minimal amount of instruction to the boat, they can complete what I would refer to as basic tasks.

    For example, if a boat is down in the Bahamas and the owner is on board, we typically have these in cellular and a landline connection and then on top of that, we'll have an owner, the crew, and guests. So in this particular case, we would want the owner on the fastest 4G connection. Then we would want to put the crew on the satellite connection, which may not be as fast. So it's just about optimizing the experience for the owner and being able to control the bandwidth.

    What is most valuable?

    The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.

    It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.

    I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.

    I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.

    Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.

    In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes. 

    From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.

    It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.

    It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment

    For how long have I used the solution?

    I have been using Kerio Control for four years. 

    It is deployed in our office, as well as at our customer sites. Our customer sites are private superyachts.

    What do I think about the stability of the solution?

    The only stability issue that we have is with regard to the latency and using MyKerio. A potential deficiency I've encountered has had to do with the actual physical ethernet ports on the device. They seem to be very susceptive to shock. We have had to replace a few units due to that. Especially if there are devices that are POE devices. Part of it has a POE that goes out to the antenna and then there's an ethernet connection that goes back to the Kerio. We've noticed that for whatever reason, that particular device or combination don't play well together.

    What do I think about the scalability of the solution?

    The way it works now, we can take an NG300 with four ports, and then we can create ports on additional switches. So the only instance that we really use an NG500 is for two reasons. One of them is processing power, and then the other one is if they actually have the requirement for different or more connections than the Kerio has.

    Three people in the company, more from a customer interface perspective, and about six people in the company from a technical support perspective use Kerio Control.

    We have it deployed somewhere in the neighborhood of 60 to 75 remotes. We will increase usage if we can increase customers. 

    I would say that we're a medium-sized business. We're certainly an established entity within the superyacht communications industry. Besides our office here in Florida, we have offices in France as well, and we're headquartered in Majorca, the point being is that we cover all of the Mediterranean, the US, as well as The Bahamas and Caribbean. So it has not been unheard of based upon an issue to helicopter somebody out to a boat kind of thing.

    How are customer service and technical support?

    I have not used the technical support. My experience initially with Kerio was dealing directly with Kerio and then at a certain point, they offloaded their distribution to a company called Lifeboat and GFI, and that has been a bit difficult. In my opinion, it's made things a bit harder.

    If I need to get an answer to a question, I have to go through Lifeboat or GFI, and then ultimately they in turn have to get with Kerio. So it's created a middleman process. The case in point is that we have an order and the order just kind of kept going and there were no updates, there was no tracking, there was no nothing. I would go to Lifeboat and Lifeboat would say, "Well, we're trying to get a hold of Kerio and there was just a breakdown in communication."

    Which solution did I use previously and why did I switch?

    Kerio Control is something that's being added to most of the network of the boats that we deal with. We deal with a lot of boats that look fantastic on the outside, but on the inside as far as the nuts and bolts go, they are not well maintained or they have really old equipment. That's one of the things that we always deal with. One of the things I always talk to captains about when I go on a boat is I ask them, "What are the chances that the owner's going to come on board with a 10-year-old computer and a 10-year-old phone?" And he answers, "Zip to zilch." So I say "Well, your network's 10 years old." It's going to work based on what you have in the technology of anywhere from even five years ago compared to today. It's not just a matter of throwing a Kerio in and saying, "Everything's going to be fine." Typically, it's a component of a network upgrade to include switches and access points.

    How was the initial setup?

    The initial setup is straightforward for us now because we've done it for so long. The other side of it is that there haven't been a lot of changes per se. There have been tweaks. The consistency of the platform has pretty much stayed the same. So while they have optimized certain components of it, it's kind of like Microsoft Word. You could go back to a version of Microsoft Word 10 years ago and know exactly how to use it because everything's going to be in the same place. It's just an evolution of the platform.

    It takes around an hour and a half to license and configure.

    We have a uniform deployment process and then that's followed by adjustments based on the client's specific requirements. They may have more LAN connections than somebody else, or they may have less of a need for additional VLANs. It's on a case by case basis. But I would say 95% of everything that we do is standardized.

    I'm not the one that actually implements it. Full disclosure, I order the device, I get the device, I license the device, I update the device and then at that point in time, I have one of the engineers come remotely into the unit and then they do the final configuration.

    What's my experience with pricing, setup cost, and licensing?

    On the licensing side, the way Kerio works, and this is what we have to tell boats, is that if you think that you're going to save some money one year by not licensing it and then next year, you're going to license it, you're going to end up paying for that back year. You're better off just keeping it up to date.

    Boats are really like life. People want to spend money on things that are sexy, and software licensing isn't sexy. So that's one of the things that we have to go back and let them know that it's going to work as far as the basic functions go, but the features are not going to work and their security will be vulnerable.

    There are no costs in addition to the standard licensing. 

    Which other solutions did I evaluate?

    Evaluating other solutions would be the responsibility of the CIO because everything that we do has to be agreed-upon on a standardized platform as we are the ones that are going to have to support it. We let any customers that we deal with that are possibly dealing with other brands know where our demarcation point of responsibility is because it's very much so once you touch it, you own it. If you go onto a boat and you touch one thing, you'll be getting a call for the next three weeks about it. It's an industry that you have to be very specific about what it is that you're doing and what it is that you're providing and supporting.

    We have been made aware of boats that have had security breaches, but we were not engaged to support their network at that time. We may have just been only the satellite solution provider. It wasn't specifically Kerio Control, but the situation necessitated them to reevaluate their network and invest in their network rather than just have it as a passive source.

    What other advice do I have?

    We don't necessarily use failover protection. If you have a failover seamlessly set, the boat or the customer won't know that there's been a failure. We don't use the failover because we want the boat to understand if there's an issue with one of their LAN connections.

    For example, if you have a cellular and a satellite connection, and you have both of them set to failover to one or the other, if the satellite connection fails over to the cellular connection, nobody on the boat is going to know that it's failed over. Without the failover, they can identify that there's a problem and then that can be addressed. But if it fails over, nobody is going to be aware that there was an issue and then there's nobody working on solving or trying to figure out what that issue is.

    My advice would be to have a plan. Have a plan in place and make sure that you document everything that you do. Certainly, if you're talking about multiple deployments, you don't want to run into a situation, for instance, where you have three different IT people and each one of them is doing a different type of configuration. You want to have a policy in place for a standardized configuration. From a support perspective, as well as a usability perspective, make sure those are being addressed.

    I would rate it about a seven out of ten. The only reason why I would give it that rating is because MyKerio can be a complicated tool if you don't know how to use it. 

    I was at the Monaco Yacht Show and I got a phone call from an engineer on a boat. They were very angry with the service speed of their satellite. We have customers that pay anywhere from $2,500 to $40,000 a month for satellite service. In this particular case, they actually had to send a tender in. They had to take me out to the yacht and I got out to the yacht and I figured out exactly what happened.

    As I was getting off the yacht, they were explaining to me how one of the crew members had worked with Kerio in the past. When I got onto the boat, somebody had set a QoS monitor to limit the crew network for the satellite connection to only 5% of the allotted bandwidth, but it wasn't just the crew, it was the entire vessel. So the entire vessel was limited through Kerio to 5% of the speed of their satellite. That problem or that issue did not arise as a Kerio issue. They said, "This is a satellite issue. We're having a problem with our satellite." So that's an example of, if somebody doesn't know what they're doing, they can have a pretty detrimental effect on the network.

    The thing about Kerio is that there's not going to be a dummies book for how to use a Kerio Control. It's really designed to be operated and certainly configured by somebody who is in the IT industry. From the perspective of users, if you're the administrator, you can log into this and you have full access to everything. Whereas if you're "just the user," we're going to hide all of this other stuff from you and the only thing that you're going to be able to do is say that the owner network can use the satellite connection and the crew network can use the connection. 

    I would like to see a very limited or dumbed down version for the average user. You could literally just do a couple of checkboxes and throttle everything on the entire network and nobody would necessarily be the wiser.

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Owner at a consultancy with 51-200 employees
    Real User
    VPN enables us to do remote work and we can better manage security
    Pros and Cons
    • "We also like the security. We can control what sites users can go to and we can make sure that where they're going is appropriate and that it's work-related."
    • "The denial of service could also be improved. There recently was a big issue with denial of service attacks and it was a bit laborious."

    What is our primary use case?

    Our primary use cases are for internet connectivity, security, and VPNs.

    How has it helped my organization?

    The VPN connections have improved my organization. It also means that I can manage security more easily.

    What is most valuable?

    The most valuable feature is the VPN. It enables us to do remote work. 

    I use the geo IP filtering a lot. 

    We also like the security. We can control what sites users can go to and we can make sure that where they're going is appropriate and that it's work-related.

    What needs improvement?

    Quality of service and bandwidth management need improvement. It just doesn't seem granular in that.

    The denial of service could also be improved. There recently was a big issue with denial of service attacks and it was a bit laborious.

    For how long have I used the solution?

    I have been using Kerio Control since 2016. 

    What do I think about the stability of the solution?

    It's stable and we rarely have any reliability issues.

    What do I think about the scalability of the solution?

    It is scalable up to a point that then you might have to use a user faster, bigger one, but on the whole, it is scalable. It's because based most installations I have are over 300. Whereas if they start to get really big, you'll need to increase the model to the next model up.

    In my company, it's me that manages and installs them all. We install, manage, and offer basic management and support.

    The environments we've installed for can go from three to 50 users.

    We've never had any problems with it not being able to manage the traffic.

    How are customer service and technical support?

    The GFI technical support is average. The speed of response sometimes is not very fast. Sometimes they take a while to resolve an issue. For example, I've got an issue that's not been resolved for three months now, meaning that the box, the unit isn't performing as it should do.

    Which solution did I use previously and why did I switch?

    My clients generally replace solutions like SonicWall and Fortinet with Kerio but sometimes they don't have a firewall at all, so we set them up with their first firewall.

    It's easier when all our customers are using the same firewall. It makes it easier for us to manage them across the board. We use Kerio across the board.

    We used to use a lot of Fortinet but now we've replaced that with Kerio because of the support and price, although now the support is not so good. The price is fair and the features are all pretty much the same.

    How was the initial setup?

    The initial setup is straightforward. It's a bit tricky because I do it a lot, but it's pretty straightforward. It has a Wizard if you need it, but I don't need it anymore. I know what I'm doing. I find it quite easy to set up.

    A basic deployment takes an hour. Just the box standards are set out for everybody, and then if they need something specific, we'll add it in afterward. But a straightforward, standard, basic setup takes about an hour.

    We have a unified implementation strategy that we start with and then we tweak it if need be. We don't use MyKerio to put a standard implementation across all of them.

    Our standard implementation strategy is to implement dual internet connections, standards, and standard traffic rules with VPN access.

    What was our ROI?

    At the end of the day, our customers are being managed, looked after, and they're secure, so they're happy.

    What's my experience with pricing, setup cost, and licensing?

    The licensing is a bit of an issue. People don't like to have to buy user licenses. They think they should be able to buy the box and be able to use it. Licensing is a bit old fashioned in terms of the fact that if they don't renew the license that box becomes useless. People really don't like that. Then they can't use it anymore.

    What other advice do I have?

    My advice would be to make sure you've got an internet connection. The first thing you have to do is register the user on the internet and then if you get to a new installation where you're setting them up from scratch, you're going to struggle because with the new Kerio unit, the first thing it needs to do is connect to the internet and it can't do that if you haven't set it up. It's best to get it set up before you install it on site.

    The biggest lesson I have learned from using the solution is not to assume everything is running okay because it might not be. The main reason is because of the denial of service not being up to scratch. You have to make sure that their connections aren't being kept of denial of service effects. That's the problem right now. I would say denial of service is probably one of the weakest areas.

    I would rate it an eight out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Mark Spiteri - PeerSpot reviewer
    IT Manager at JB Metropolitan Distributors
    Real User
    If one connection goes down, it automatically switches for me
    Pros and Cons
    • "The routing of the multiple internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping."
    • "I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running."

    What is our primary use case?

    My primary use case is to route traffic and route our multiple Internet interfaces. It routes all of the outbound Internet traffic, none of the internal. I do apply a content filter as well to make sure people aren't going into places that they shouldn't be. We have some traffic rules setup for certain services, blocking certain IP ranges from getting external access as well. We do the same for the Adelaide office, but our South Coast office, in addition to all of that, we also run DSCP off of it. The South Coast is the only place we use the DSCP on Kerio.

    How has it helped my organization?

    Now that we're both running fiber connections between Sydney and Adelaide, I can access our document server in Adelaide just from my PC, rather than using something like TeamViewer and transferring the file I'm after via TeamViewer from Adelaide. I get to it not much slower than the internal server we have right now. It's fantastic.

    What is most valuable?

    The routing of the multiple Internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping.

    In terms of ease of use, it's pretty easy. It took some playing around for me to understand some of it, but I'd say if you understand what it is you're after, and how that works, then this is pretty easy.

    We use the firewall. It's fine, a bit tough. I need to test it against others. I'd rather use the Kerio firewall than the Windows ones.

    With the VPN features we can connect all three of our sites together.

    The content filtering and VPN features are pretty easy to set up. It's a couple of clicks and it's done, so it's pretty good. I'm pretty happy with it.

    I am the only manager who manages the security. It does save me time. In the scenario where one Internet connection goes down, I used to have to run to the server room and unplug a cable, and come back. Now, I don't have to do that at all. It saves me a lot of time, 100%. With the routing, previous to this there are a few things in here that I haven't had the ability to really do how I wanted so I don't have a comparison.

    What needs improvement?

    I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running.

    Someone set a printer to have a static IP address and because they set it as static, it won't show on my LAN, on the DSCP server, because it's not questioning it. So just because the device does not request the rules from the DSCP, I don't see why it wouldn't show up in my LAN on the DSCP server. That's a bit odd. It's different from how a Windows DSCP server would react. Instead of only showing one is requesting DSCP, or on a reservation, it shows all, whether they're reserved or not. A Windows one would. For some reason, it isn't showing me ones that were statically assigned.

    For how long have I used the solution?

    I have been using Kerio Control for four to five years. 

    It's deployed in three different locations now. 

    What do I think about the stability of the solution?

    The stability is pretty good. I've only had one issue with it before. It was set to update on its own, and it didn't update and the update failed, so it didn't come back on for some reason.

    If an update fails, it should have some kind of automatic rollback to bring itself back on. Because when it does that at night and it stops, I don't really get a notification that it's stopped. It's not on anymore so I don't find out that nothing has worked all evening until the next morning.

    What do I think about the scalability of the solution?

    Scalability is fantastic. I don't see a limit to it.

    I am the only admin for this solution.  

    We employ a company that contracts stuff out for me, so they're the people that initially installed this for me at the three sites, but I maintain it. If I have other things I don't know how to do, they'll get in, but it's just me and that other team.

    Increasing usage depends on whether the business itself acquires other businesses, and that's really why we've got these three locations. We bought a business in Adelaide, so we set up a similar setup to what we had in Sydney. And this year in February we bought another business down in the South Coast of New South Wales and we've set up a similar thing there as well. So if we buy other businesses and I need some other help with the server running, then yes, I'll probably get another license. But only if that happens.

    My business is medium-sized and this solution is perfect for it. 

    I have one point of access for multiple portions of what I need for routing. We've got an Internal server that's managed by a different company and it was incredibly easy for that other company to put certain rules in place and then for us to create those rules to and communicate to the outside world was incredibly easy to map. There was just no confusion between the two companies that we're talking about what to map. That was in the initial setup, so that all wasn't done by me. They just communicated to each other very easily. This made it very simple. There was no confusion.

    How are customer service and technical support?

    I've never contacted technical support because I just call the people that I contract to fix things and if they're not quite sure how to fix something, they'd probably contact GFI. 

    Which solution did I use previously and why did I switch?

    We used to use a Cisco router. That was it. There was a very limited amount of routing I could really perform.

    Kerio Control enables us to add multiple routing. We have lots of different options in the one thing. 

    Kerio was recommended to me by ITIS. They told me that this one was what they highly recommended we use for what I needed.

    What about the implementation team?

    The outsourced contractor that we used for the setup was great. There's nothing wrong. I've been using him for a while.

    What was our ROI?

    I can't imagine not using it. I think if I had to use the Microsoft server to do all of this I'd be very frustrated.

    What's my experience with pricing, setup cost, and licensing?

    I don't have other ones to compare the pricing to. I haven't used other solutions to know all the features they have. The price seems reasonable to me for something that does so much and works so well.

    What other advice do I have?

    Kerio Control has not increased the number of VPN clients but we have added clients only because they needed it, not because Kerio is there.

    To the best of my knowledge, before Kerio we did not experience a security breach. The only semi security issue we had was that someone had run a virus that encrypted a whole bunch of files on the server. But that was before my time. I was not the IT manager at that point.

    If I didn't have the help from someone else that completely understood all of the services that are features of this product, then I probably wouldn't have put it in myself. It's definitely more advanced for people that are handling this type of networking day to day, which I don't. The only other thing that I've had a problem with is Apple servers for some reason, because Apple services come through on so many different servers themselves, and different destinations on the Internet, there's always some kind of issue with updating them on the network with Kerio running. I don't know why. It's just Apple. Everything else is fine.

    Personally, I've just learned how to route traffic over a network well. It's helped me to route different parts of the Internet to different parts of my network, which I can't do on a Window server, and visually it's been a great help.

    It's been able to add multiple Interfaces, it's good. I have multiple Internet streams and a failover. That's the best.

    I would rate it a nine out of ten. 

    Which deployment model are you using for this solution?

    On-premises
    Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
    PeerSpot user
    Freelance IT Specialist at a computer software company with 501-1,000 employees
    Real User
    Good open source availability with great policy routing but needs to be more user friendly
    Pros and Cons
    • "The user interface and the ease of use are pretty good. Everything fits together so nicely."
    • "The one thing that did put me off of the solution was that, after they were taken over by GFI, the licensing and a few other items have gotten very complicated."

    What is our primary use case?

    We do quite a special deployment. I work on superyachts. My clients, basically have various ways to forward their internet connection, either by satellite, or, if they're within the range of the shore, they use 4G and a multitude of other connections. Kerio provides for an easy way to manage the various connections. Also, because of the limited bandwidth of the vessels using VSAT, they have control of internet traffic.

    What is most valuable?

    With Kerio Control, one very useful feature is the policy routing. This enables us to, if we have the yacht's network split up into VLANs, give the option of basically pushing different VLANs through different internet connections. This is very flexible. Then the PFM and the Netgate firewalls are also very flexible. 

    The user interface and the ease of use are pretty good. Everything fits together so nicely.

    What needs improvement?

    The one thing that did put me off of the solution was that, after they were taken over by GFI, the licensing and a few other items have gotten very complicated. 

    I am just a little bit wary as to the future of the Kerio Control. I do like open source. I think open source is the future. I don't think there is any place for proprietaries and if I can use something as open source, I would prefer to use open source.

    I never found I missed anything in terms of features. From a user point of view, because I install these things and put them on a yacht, then the people on board, they're the ones that have to manage it once the installation is done. That means I have to train them, and, as long as they understand what they need to do and how to use I'm they'll be fine. That said, it can be a bit complicated for a novice user. A simpler user interface is necessary.

    For how long have I used the solution?

    I've been using the solution for years.

    What do I think about the scalability of the solution?

    I've never tried to scale the solution. In my case, it doesn't make sense to try. My installations are very finite. The yacht doesn't grow, so it's very self-contained.

    How are customer service and technical support?

    I haven't contacted technical support in the past, to be honest. I'm the kind of person that I would rather look things up online. The beauty of working in IT is that a lot of problems you come across have already been witnessed. Someone else has come across them and has already posted solutions online for you to find. I'm not one of these people that tends to call help desks. I used to work on help desks quite a lot myself, so I am well versed in troubleshooting.

    Which solution did I use previously and why did I switch?

    We have experience with pfSense. 

    With Kerio, everything is just a bit more cohesive. Everything fits together. With pfSense, you need to install add-ons to get the features you need. You can have the same features as Kerio, but it may require installing an add-on. With Kerio, of course, everything is already there.

    Another very nice feature I like with the pfSense firewall is the ability to actually run a packet capture on the router, on the gateway itself. Thatis something very useful that I miss having access to, as it's not available on Kerio.

    How was the initial setup?

    The initial installation's level of difficulty all depends on the requirements of the customer. Some customers just want it there so that they can actually monitor and see the traffic usage, and, if necessary, they can go and speak to people and ask them to stop using up so much data. Some clients use it more as a deterrent and just as a way of monitoring what's going on. Other clients like even more control, which can make it a bit more complicated. They want to put in quotas for users and block certain sites, which is possible, and just a bit more work. It will all depend on clients.

    Deployment typically can be done within one day. However, a lot of time users may be upgrading the whole network with wifi switches. Everything gets built together. For us, we're trading our gateway and our networks on board. It shouldn't take more than a few days for a full network installation.

    What about the implementation team?

    I am self-employed, so I work with other companies that usually do the installation of the hardware and I come in at the end to just make sure everything's all configured correctly and set up properly for Kerio configuration.

    What other advice do I have?

    I'd recommend the solution. 

    It is a good solution. I would like to use it more as an open source software these days. The way everything is going in the world, I feel that there's definitely a place for open source. In terms of the proprietary side of it, I'm not too keen on it, and I'm a bit dubious about this takeover by GFI. I don't know if it's a product that will carry on as it is or if things will just keep getting a bit more complicated with it.

    I'd rate the solution seven out of ten. It's done everything I've ever needed it to do. That said, if I can find a solution that does the same, I'll switch. I find that there are actually more options. If you know what you're doing and you find the add-on that you need, then I think it's more flexible.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Chief Information Officer at NETmodel Tech Ltd
    Real User
    The web filter works well, but needs NGFW user-level protection

    What is our primary use case?

    Our primary uses for this solution are to control internet use, filter sites, and manage bandwidth.

    How has it helped my organization?

    It prevents people from visiting undesirable sites and ensures that they use the internet for their designated jobs.

    What is most valuable?

    The most valuable feature is the web filter.

    What needs improvement?

    Improvements are needed to the Next Generation Firewall Protection, specifically with user-level protection.

    For how long have I used the solution?

    Since 2017.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Owenmpk - PeerSpot reviewer
    IT Support Professional at Valley IT Support, Inc
    Real User
    Leaderboard
    Software appliance allows for quick recovery from hardware failure
    Pros and Cons
    • "What I like the most about Kerio is that I can use the software appliance as a solution, so if the hardware fails for any reason then I can quickly replace it with hardware that I have in stock."
    • "Their support is getting better but still needs improvement."

    What is our primary use case?

    Our primary use case for this solution is a UTM (Unified Threat Management) router.

    How has it helped my organization?

    This solution gives me confidence in the ability to quickly recover from hardware failures.

    What is most valuable?

    What I like the most about Kerio is that I can use the software appliance as a solution, so if the hardware fails for any reason then I can quickly replace it with hardware that I have in stock. Typically, I use a Dell OptiPlex i5 desktop or small form factor.

    What needs improvement?

    Their support is getting better but still needs improvement. I had been using Kerio products for quite a few years before GFI purchased them.  What liked about the support was that the people you contacted were actually using the product in their homes, they played with the product and broke it and fixed so understood it well. GFI support folks at the first level are script readers and point you to documents you can find on the support website. For me, I have gone down that path already when I opened a ticket. 

    I see they have phone support now, but I have not used it.

    I cannot think of any features that are needed at this time.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    This solution works. The only issues are hardware failures.

    What do I think about the scalability of the solution?

    With respect to the scalability, I have it running in five-person offices and in fifty-person offices.

    How are customer service and technical support?

    The technical support was very good originally but fell short when GFI took over. It is now getting better.

    Which solution did I use previously and why did I switch?

    I switched from SonicWall because, at the time, they did not accurately report the throughput of the router when all of the UTM features were enabled. Also, setting up the traffic rules was not as easy as Kerio Control.

    How was the initial setup?

    The initial setup for this solution is very easy.

    What about the implementation team?

    The implementation and deployment is something that I do myself.

    What was our ROI?

    I do not worry about the ROI. I just need something that works and protects.

    What's my experience with pricing, setup cost, and licensing?

    My advice is to use your own hardware and do not use theirs.

    Disclosure: My company has a business relationship with this vendor other than being a customer: I use the product and i am partner.
    PeerSpot user
    Ray Kingdon - PeerSpot reviewer
    Technical Director at EVAK Technologies Limited
    Real User
    Provides a Pre-Filter to Scan Email Messages Before They Get to the Email Servers
    Pros and Cons
    • "All of the features of Kerio Control are equally good. Most valuable to us are the firewall rules, the intrusion detection system, and IP address features."
    • "Kerio Control has just improved on their biggest problem, which was to introduce better support for high-availability requirements in production."

    What is our primary use case?

    We resell Kerio Control to other businesses. We use the virtual appliance model. The device is used for direct management.

    How has it helped my organization?

    Kerio Control protects our email servers. The product provides a pre-filter to scan the email messages before they get to the email servers.

    What is most valuable?

    All of the features of Kerio Control are equally good. The most valuable to us are the firewall rules, the intrusion detection system, and IP address features.

    What needs improvement?

    Kerio Control has just improved on their biggest problem, which was to introduce better support for high-availability requirements in production.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Kerio Control is very stable.

    What do I think about the scalability of the solution?

    The scalability of Kerio Control is limited, but they also market it as such. It's not an enterprise-class product, but they don't claim that it is. 

    Kerio Control is for small enterprise businesses with various clients. It can support an organization of up to 300 general users, remote developers, and trained workers.

    For deployment and maintenance, Kerio Control requires just one person. I tend to increase my usage of the product as time goes by, as well as the number of support clients.

    How are customer service and technical support?

    I have never had to use Kerio's customer support services.

    Which solution did I use previously and why did I switch?

    I did use other solutions previously. I switched because they suddenly made the Kerio Control license end-of-life.

    How was the initial setup?

    The setup of Kerio Control is very straightforward. The initial implementation is about three hours, with various points of review. We are a managed service provider, so there are ongoing reviews and adjustments for the clients.

    What was our ROI?

    ROI is difficult when you've got a "not for resale" version of Kerio Control. It's a total cost of ownership and further investment. The product is brilliant. I don't know how much value you can add on to it, but the cost point of the Kerio is much lower than the bigger vendors.

    What's my experience with pricing, setup cost, and licensing?

    The version of Kerio Control that I use is a "not for resale" unit. I get the product for free. There is an additional cost for the annual software licensing which depends on which model you have and the number of users.

    The Kerio Control license has a varying cost, but generally, it's around £300 a year.

    What other advice do I have?

    I would rate Kerio Control a ten out of ten points overall.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    RobertWright - PeerSpot reviewer
    Computer Technician at a tech services company with 11-50 employees
    Real User
    Provides users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management
    Pros and Cons
    • "The most valuable feature is to provide users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management."
    • "I would like to be able to inspect https packets for the purpose of virus scanning."

    What is our primary use case?

    Our primary use case for this solution is to provide our customers with a reliable and secure internet service for which they can perform bandwidth management and other operations.

    How has it helped my organization?

    This is a service that we set up for the yacht owners. They all want to carry the control over the yacht.

    What is most valuable?

    The most valuable feature is to provide users with the ability to log in to the portal page, keep track of their data usage and perform bandwidth management. It allows the captain to keep a log of everything that is happening and see who is using what bandwidth.

    If somebody is using too much bandwidth then they have the option to throttle them back.

    What needs improvement?

    As of late, it seems that they can't release a version that doesn't have some type of bug. It crashes when it runs out of memory, and fixing this would be great.

    I would like to be able to inspect https packets for the purpose of virus scanning.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    This solution has been pretty stable overall. That said, there is room for improvement.

    For some clients, some of the options cause problems. Filtering, for example, is something that one client does not need at all. Turning this off seems to straighten things out.

    I have been awoken at 3 am by emails telling me that things are down, and that has happened within the past couple of updates, but not as much. I keep my eyes on the Kerio forums and watch for other people who say that it is time to upgrade again.

    What do I think about the scalability of the solution?

    My impression is that it is pretty scalable and it can handle a lot of stuff.

    I don't use it to the point where I'm linking multiple sites together, so I can't comment on that aspect.

    We have the solution installed on approximately twenty boats now, and we're continuing to install them.

    How are customer service and technical support?

    The technical support used to be great. However, it's gone way downhill. I used to speak directly to the person writing the code, and he would walk you through when you need help. Now, I can barely get a hold of him.

    Thankfully, now that I know the software inside and out, I don't really need them.

    Which solution did I use previously and why did I switch?

    I have used a couple of other solutions.

    For me, they are straightforward. However, the reason we chose this solution is because it has to be something that the captain can understand. It has to be a straightforward user interface. 

    If it were a situation where a client were going to be managing every aspect of it and the captain is not going to be involved, I would probably choose pfSense or something else.

    How was the initial setup?

    This initial setup is straightforward. It is a no brainer, and anybody can get in there and just do it. They deployment takes maybe half an hour, if that.

    It all depends on what they are requesting. It's not just "one size fits all". Some boats have a LAN they need set up, while some boats don't. We set up the unit sources and assign different ports.

    These days they have a dedicated internet port, and they've got four or five land ports. We'll take one or two of the land ports and assign them to the Internet port, so that way they'll have a ship-to-shore connection, as well as a VSAT (Very small aperture terminal) connection. We'll also have another device with a cell router coming into the third connection, so that way they can switch between the three Internet connections when they need to.

    For example, if they are out at sea they're going to use the VSAT, but if they are in the port then they will either use the ship-to-shore Wi-Fi, or the cellular connection, to save money.

    We have eight technicians on site, but it only takes one person to handle the deployment. The maintenance is quick; we can log in remotely and update it if we need to. I prefer to be on site for this in case something goes wrong, but nine times out of ten everything is just fine.

    What about the implementation team?

    We do the implementation ourselves.

    What's my experience with pricing, setup cost, and licensing?

    There is a yearly upkeep fee.

    Which other solutions did I evaluate?

    We have evaluated WatchGuard and pfSense as well. We basically need something that is easy for the client because they want to have control over everything, and that's what Kerio is going to give them.

    What other advice do I have?

    This solution is big in our industry because the captains have to have control over everything. If the captain wants to log in and see what his users, his crew members are doing, then Kerio provides that.

    I suggest watching the Kerio forums for what the community is saying in terms of upgrades and support.

    I would rate this solution eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    MarcoVivaldelli - PeerSpot reviewer
    IT Director CEO at MARVIV SRLS
    Real User
    User-friendly, flexible, can be used on different kinds of infrastructure, and you don't need a high level of skill to use it
    Pros and Cons
    • "The flexibility of the system, the capacity to provide the right level of security, and the ability to be integrated into different kinds of infrastructures are the most valuable features."
    • "The improvement that we are looking for is for when decide to move some part of our application to the cloud."

    What is our primary use case?

    The primary use case of this solution is for the security of the entire network. There are more than 10 companies that are distributors in the territory and for this region, we have to manage and to guarantee that all the companies can interchange data between them, but also with the outside in a safe way. Kerio is the right solution to achieve our objectives because each client and each server that is distributed in the different companies can be maintained and can be controlled in the correct way.

    What is most valuable?

    The flexibility of the system, the capacity to provide the right level of security, and the ability to be integrated into different kinds of infrastructures are the most valuable features. 

    What needs improvement?

    The improvement that we are looking for is for when decide to move some part of our application to the cloud. This is one of the projects that we have in progress. Mainly to distribute some services on the cloud and to make that a possibility not only for our company, but also for the customer to have access to this application. To guarantee a correct level of security, not only for our application but also for all customers that access our system. This is one item that we are now considering.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Stability is good. We are satisfied with the performance of the system.

    What do I think about the scalability of the solution?

    We have more than 300 users that are distributed in more than 10 different units. There is one production unit that is around 170 people, and the other 130 are distributed in the other nine companies.

    Some of the users are administrators, the other users are in the technical department, R&D, sales, and the production department. 

    How are customer service and technical support?

    Their technical support is very good. We haven't had any problems with them. 

    Which solution did I use previously and why did I switch?

    We have used Sophos in the past. 

    How was the initial setup?

    The initial setup was complex. The system itself isn't complex in terms of actually using it. It is user-friendly. It is complex in terms of the capacity to control the situation.

    We didn't spend a lot of time on the deployment. In the beginning, we did need to dedicate some time to implement the infrastructure internally. In terms of the operations and maintenance, we don't spend a lot of time on it.

    It requires two people for maintenance.

    What about the implementation team?

    At the beginning, we did need a consultant to set up the system but now we have our own resources in our company who manage the system.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is in-line with our expectations in terms of the quality that we get for it. 

    What other advice do I have?

    Kerio is user-friendly, it's flexible, and can be used on different kinds of infrastructure. You don't need a high level of skill to use it. It monitors, identifies potential problems and it takes actions on a problem. The system is quite easy to use, and we don't have any kinds of problems with it, compared to other solutions that are not easy to understand and are complex. 

    I would rate it a nine out of ten. Right now, we are really satisfied with the product. Of course, we are open to seeing other improvements, but from our side, we don't need any other improvements because what we have right now complies with our needs.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    General Manager at a tech services company with 51-200 employees
    Real User
    The statistics show you a full brief of every user, every type of connection used, and the total bandwidth used
    Pros and Cons
    • "The statistic feature enables us to better use bandwidth management. We monitored the use by mobile, type of application, department, and by users. The bandwidth was solid. Our internet speed is optimized for our research."
    • "I would like for them to add more security features."

    What is our primary use case?

    We use it as the primary UTM for the whole company.

    How has it helped my organization?

    The statistic feature enables us to better use bandwidth management. We monitored the use by mobile, type of application, department, and by users. The bandwidth was solid. Our internet speed is optimized for our research.

    What is most valuable?

    The statistics feature is the most valuable feature. The active host feature, "Live," enables you to monitor every host and every connection. The statistics show you a full brief of every user, every type of connection used, and the total bandwidth used. It is a very powerful feature.

    What needs improvement?

    I would like for them to add more security features. 

    What do I think about the stability of the solution?

    It's very stable, and updates are frequent.

    What do I think about the scalability of the solution?

    In terms of scalability, it's actually more for a small to medium-sized business. It's not very scalable. 

    We currently have over 50 users. The users are in different departments. It's a whole network; we have the admin department, accounting department, finance, technical department, and support department. Everyone is using it. It's the main UTM of the network.

    It's the main UTM of the network so it's the internet firewall. We use it every day, every minute. 

    How are customer service and technical support?

    We've never had to use their technical support. 

    How was the initial setup?

    The initial setup was straightforward. It's the most user-friendly UTM out there. The deployment was very fast, less than half a day.

    What about the implementation team?

    We did the implementation ourselves. It required just one person. 

    What was our ROI?

    We see ROI on the internet bandwidth optimization levels.

    What's my experience with pricing, setup cost, and licensing?

    It's very affordable.

    Which other solutions did I evaluate?

    Every year we evaluate other options like Sophos and Kaspersky.

    What other advice do I have?

    My advice to somebody researching this solution is to check all the features. Some of the most important features of this program don't exist anywhere else. Especially the statistics.

    I would rate it a nine out of ten. 

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    it_user784197 - PeerSpot reviewer
    Technical Coordinator / Pointe-Noire Branch, BUROTOP IRIS SA at BUROTOP IRIS SA
    Real User
    Improved my organization's security, good technical support, and inexpensive

    What is our primary use case?

    Our primary use case is for security purposes, web filtering, and firewalls. 

    How has it helped my organization?

    Kerio has improved my organization's security.

    What is most valuable?

    The most valuable feature would be the security. 

    What needs improvement?

    They should add wireless features. 

    For how long have I used the solution?

    Three to five years.

    What do I think about the stability of the solution?

    It's very stable. 

    What do I think about the scalability of the solution?

    Scalability is okay. 

    How is customer service and technical support?

    Technical support is good.

    How was the initial setup?

    The initial setup was straightforward. The deployment took one week. 

    What about the implementation team?

    I implemented it myself. 

    What's my experience with pricing, setup cost, and licensing?

    The price is inexpensive. 

    What other advice do I have?

    I would tell someone considering this solution to go for it. 

    I would rate this solution a nine out of ten. 

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    Owner at LOTUSCONCEPT
    Real User
    Enables the ability to remotely control systems to be installed in multiple areas
    Pros and Cons
    • "Technical support is good. They respond right away."
    • "I would like to see them develop a bit more flexibility creating VLANs."

    What is our primary use case?

    Our primary use case of this solution is for general network security and VLANs. It's in use 24/7, all the time. 

    How has it helped my organization?

    This solution has improved my organization because we can access remotely. With Kerio Control, we can remotely control systems to be installed in multiple areas. The remote connection is valuable for us.

    What is most valuable?

    The firewall feature is the most valuable.

    What needs improvement?

    I would like to see them develop a bit more flexibility creating VLANs.

    For how long have I used the solution?

    One to three years.

    What do I think about the stability of the solution?

    It's a real good product. This version has many features for creating VLANs and also for traffic rules, firewall rules, etc.

    What do I think about the scalability of the solution?

    Scalability is more than enough. There are over 50 users. Ten of them are management on the business side and about 20 or 30 are part of the crews.

    How is customer service and technical support?

    Technical support is good. They respond right away. 

    How was the initial setup?

    The initial setup is a bit complex, but it was fine for our IT department. Deployment took around one month and it only required one person. One person works on it, and it takes him about two or three weeks. Maintenance requires two people.

    What about the implementation team?

    We did use an integrator. We have an IT manager.

    What's my experience with pricing, setup cost, and licensing?

    Pricing is good, but the licensing took a lot of time. It was with a company in Europe and we got it with 50 users and wanted to upgrade to unlimited users. They first make it 250 users, then one or two weeks later unlimited. It took two weeks to get an unlimited license. It was strange but if you purchase with unlimited then it's no problem. You get it right away. The upgrade took a lot of time. 

    Which other solutions did I evaluate?

    What other advice do I have?

    I would recommend this solution to someone considering it. 

    I would rate this solution an eight out of ten.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    User at GVC
    User
    The remote connectivity feature for users needs improvement. It has helped our organization with testing.

    What is our primary use case?

    I use Kerio Control for user statistics, intrusion detection and prevention (IPS), web filtering, etc. 

    How has it helped my organization?

    It has helped our organization with testing.                                

    What needs improvement?

    They should improve the remote connectivity feature for users.

    For how long have I used the solution?

    Trial/evaluations only.
    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Chief of Technical Department at IIA Ltda
    Real User
    The solution is easy to use and provides the ability to deliver customized solutions
    Pros and Cons
    • "Kerio Control is easy to use and provides the ability to deliver customized solutions."
    • "Support responses need improvement."
    • "I would like for there to be a difference between international and national links."

    What is our primary use case?

    It is for local use in our company of about one hundred users. It is also deployed to different clients, which are from twenty to two hundred users.

    How has it helped my organization?

    It provides security to the internal network and implements solutions through VPN to access specific internal services, without the need to open the network completely. The usage capacity of Kerio Control is enormous.

    What is most valuable?

    The ease of use and the ability to deliver customized solutions is incredible. When updating from version 9.2.4 to version 9.2.5, support services was able to remove 5 patches from version 9.2.5 in a very short amount of time to normalize the system.

    What needs improvement?

    Support responses. The response time was very good, but not excellent, because they were worried about their system normalization solution. They slightly delayed in answering direct queries.

    I am evaluating version 9.2.6. I would like for there to be a difference between international and national links, something I can find in other firewalls.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    Yes, in version 9.2.5, but we solved it quickly.

    What do I think about the scalability of the solution?

    None

    How are customer service and technical support?

    In general, I have not used it, except in version 9.2.5. The response was very good.

    Which solution did I use previously and why did I switch?

    None

    How was the initial setup?

    Simple initial setup.

    What about the implementation team?

    An internal team implemented the solution.

    What was our ROI?

    In 2 years 80% of the investment was returned.

    What's my experience with pricing, setup cost, and licensing?

    Initial implementation costs are comparable to a similar product due to the ease of performing basic operations.

    The cost of the product has optional additions with very good prices. The product update is 25% of its value which is very good.

    Which other solutions did I evaluate?

    Yes, FortiGate.

    What other advice do I have?

    Setting up a small laboratory is simple and fast, so you can see a small portion of the solution's benefits and what it will do to improve a business's security.

    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    PeerSpot user
    Chief of Technical Department at IIA Ltda
    Real User
    Helps our organization better control internal and external communications

    How has it helped my organization?

    It helps us better control internal and external communications.

    What is most valuable?

    • The ease of use.
    • The clear handling of the reports.
    • The information that it delivers.

    What needs improvement?

    Filtering of pages and greater personalization in services, among others.

    For how long have I used the solution?

    More than five years.

    What do I think about the stability of the solution?

    I have not had stability problems.

    What do I think about the scalability of the solution?

    No issues.

    How are customer service and technical support?

    The technical support is good.

    Which solution did I use previously and why did I switch?

    We switched from our previous solution to Kerio Control, due to it administration and scalability.

    How was the initial setup?

    Setup is simple. The Kerio interface is very intuitive.

    What's my experience with pricing, setup cost, and licensing?

    Search and compare.

    Which other solutions did I evaluate?

    Yes, we evaluated Cisco, Fortinet, and Check Point.

    What other advice do I have?

    Only trust in the product. Its support is very good, and it is stable product.

    Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
    PeerSpot user
    PeerSpot user
    IT Infrastucture - Cloud Admin at Primary S.A.
    Vendor
    Now we have a better overview of all our internet connections and LAN-to-LAN connections.

    What is most valuable?

    Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool.

    • Site-to-Site VPN
    • Easy configuration
    • Really easy and user friendly GUI
    • Stability
    • AD integration
    • Traffic shaping options
    • QoS management is great
    • VLAN options per interface
    • Proxy and Reverse proxy with SSL options
    • Two step authentication
    • The real-time built-in monitoring applications
    • Intrusion prevention system
    • DNS redirection
    • Easy monitoring and configuration of the routing table
    • Guest interface feature

    How has it helped my organization?

    We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our internet connections and LAN-to-LAN connections. We even have a better control of our site-to-site VPN tunnels.

    What needs improvement?

    The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you cannot configure per IP exceptions. Some diagnostic tools can be improved too, however they are good enough to the everyday usage. Last,lu the Ubuntu/Debian VPN client can be improved a lot.

    It does not offer high availability option yet, however you can do that through VMware's fault-tolerance feature.

    Guest Interface has a built-in web site for access to the internet (like a hotspot). In some cases, guest users cannot see this interface and then they cannot navigate/use the internet, however this only happens on rare occasions.

    For how long have I used the solution?

    I have used this for four years in several locations, and all of them are happy with it.

    What was my experience with deployment of the solution?

    We had no issues deploying it.

    What do I think about the stability of the solution?

    Kerio Control can be used with three internet connection modes:

    • Single internet connection
    • Fail-Over
    • Load-Balancig.

    If you put the appliance in Fail-Over mode it will simply FAIL, and will bypass your routing rules. It will start balancing connections (even when you have not configure it) and the stability will be annoyingly poor. However, the user manual says that you have to put it on Load-Balancing mode if you want to use routing policies which is contradictory, but that's how it works. When you put the appliance in Load-Balancing mode it i will work great.

    What do I think about the scalability of the solution?

    Once again you have to double-check licenses, remembering the licences count the IP that is passing through the firewall to the internet, and site-to-site connections will not count.

    How are customer service and technical support?

    Here in Argentina they are terrible, as they will not answer emails and will not reurn the phone calls. Otherwise Kerio support is great.

    Which solution did I use previously and why did I switch?

    We had a mix of Linux IPtables and Cisco appliances. We switched because the business needs a quicker and more precise response from IT.. Now, with a clicks, we can see everything.

    How was the initial setup?

    It's not complex at all, however I have to modify the virtual appliance because it came with the E1000 virtual network adapter. I removed them and put VMXNet3 in instead. I also had to change the amount of default configured RAM. It's now working great.

    What about the implementation team?

    I implemented it myself as it's really easy to setup and use.

    What's my experience with pricing, setup cost, and licensing?

    To test it, you can setup a mini-lab inside of a VMware hypervisor. The major problem that you will find with this is the licensing, as it´s confusing and you have to remember that they licence the appliance per IP basis. The basic licence includes five users and 25 IPs for every device that pases through the firewall which counts as a used licence. If you have one user connected to the VPN and 24 devices using the internet (Tablets, Phones, VoIP phones, computers) then you are using 25 of the available IPs so no-one else would be allowed to use the VPN or navigate through the firewall until the VPN user disconnects, or one of the devices is not being used to connect to the internet. So you have to double-check how many IP address/users you will need before buy and deploy it. Luckily for us, Kerio offered a 30 day free trial for testing. Also, they sell the product with Sophos AV and a really good content filter.

    What other advice do I have?

    Connection Monitor

    Debug Area

    The Main Dashboard

    Traffic Rules


    Disclosure: I am a real user, and this review is based on my own experience and opinions.
    PeerSpot user
    Buyer's Guide
    Download our free KerioControl Report and get advice and tips from experienced pros sharing their opinions.
    Updated: September 2022
    Buyer's Guide
    Download our free KerioControl Report and get advice and tips from experienced pros sharing their opinions.