KerioControl vs Menlo Secure comparison

GFI and Menlo Security are both solutions in the Firewalls category. GFI is ranked #29 with an average rating of 8.0, while Menlo Security is ranked #51. GFI holds a 1.5% mindshare in Firewalls, compared to Menlo Security’s 0.0% mindshare. Additionally, 88% of GFI users are willing to recommend the solution, compared to 100% of Menlo Security users who would recommend it.

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 16, 2024

Menlo Secure and KerioControl both compete in the web security and network protection category. KerioControl seems to have the upper hand due to its flexibility and user-friendly deployment.

Features: Menlo Secure is praised for its robust threat isolation, seamless integration with existing security protocols, and advanced security capabilities. KerioControl is noted for flexible policy management, extensive reporting tools, and configurability paired with in-depth analytics.

Room for Improvement: Menlo Secure could improve user customization, make management more intuitive, and provide better support during complex configurations. KerioControl could enhance scalability, improve performance during peak usage, and refine specific reporting tools.

Ease of Deployment and Customer Service: Menlo Secure has a straightforward deployment process, with some users needing more support during complex configurations. KerioControl is appreciated for clear setup instructions and responsive customer service, offering more user-friendly deployment overall.

Pricing and ROI: Menlo Secure users find the setup cost reasonable but see room for better ROI. KerioControl users feel they receive significant value for the cost, with an expected and reliable ROI, often delivering better financial value.

To learn more, read our detailed KerioControl vs. Menlo Secure Report (Updated: April 2025).

Buyer's Guide

KerioControl vs. Menlo Secure

April 2025

Download the complete report

Helped 848,396 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Fortinet FortiGate

Mindshare comparison

As of April 2025, in the Firewalls category, the mindshare of Fortinet FortiGate is 21.1%, up from 17.7% compared to the previous year. The mindshare of KerioControl is 1.5%, up from 0.9% compared to the previous year. The mindshare of Menlo Secure is 0.0%, up from 0.0% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Firewalls

Featured Reviews

EhabAli

Sr. Cybersecurity Solutions Architect at BMB

Efficient, user-friendly, and affordable

In the past, NSS Labs was utilized to test files and verify the numbers and datasheets. It would be beneficial to have an organization or testing lab that can verify the numbers in our datasheets since changes are frequently made, which can be inconvenient for review. For instance, when comparing different competitors such as Forcepoint, Palo Alto, and Check Point, the throughput or numbers in the datasheet may be lower than the actual numbers. Conversely, Fortinet typically reports very high numbers, but they cannot be replicated in the real world. Therefore, it would be advantageous for them to partner with a neutral testing organization such as NSS Labs to validate these numbers, thus providing more credibility and comfort to everyone regarding the accuracy of the datasheets. For the migration, everyone has a firewall in use and I am selling Fortinet. Typically, I am replacing another firewall. Previously, there was a tool available to convert configurations from one firewall, such as Palo Alto, to Fortinet, but this tool is no longer free. If it could be made free again, it would be very beneficial. This tool shows a lot of promise and is very good. Making it free would help many companies deliver their products in a more efficient and integrated way. It would also be more valuable to include the tool with the firewall package or license instead of having to pay extra for it. Paying extra puts more pressure on small companies to deliver the firewall and complete the configuration, especially if they have hundreds or thousands of policies. It's very painful to move through these policies line by line. The stability has room for improvement. When it comes to Secure SD-WAN, everything is fine. They are going the right way. SD-WAN is very promising. They can provide the SD-WAN solution separately, but they will not take this approach because even the smallest firewall can support the features, so there is no need to have a separate service or appliance. They are following the right steps, and there is nothing to be improved. Feature-wise, I'm really satisfied with the new release, and the features they have added. For now, it's fine.

Read full review

Constantnos Achilleos

Product manger at Asbis Mediteranean

Leveraging geo-tagging and web filtering for enhanced network security

The solution is used for site-to-site VPN connections and it is valued for its cost efficiency and easy connectivity. It is especially beneficial for multi-site VPNs and is used in about fifteen different components KerioControl has provided a financial benefit as it allows purchasing one license…

Read full review

Olivier DALOY

Group Information Systems Security Director - CISO at Faurecia

Secures users wherever they are and enable us to inspect SSL traffic, but we encountered too many issues

The solution should have no impact but it does have a bit of impact on end-users. For example, we encountered some issues in the downloads that took longer than they did without using Menlo. That is clearly not transparent for users. We expected not to have any latency when downloading anything from the internet with Menlo compared to without Menlo. We are now transitioning to another solution. The main reason for that is that managing all of the exceptions and troubleshooting all of the issues our users have had connecting to the internet has become too significant in terms of workload, compared to what we hope we will have with another solution. In other words, we hope to get the same level of protection, while reducing the number of visible bugs, issues, latencies, impacts on performance, et cetera, that we have today with Menlo. We already solved most of them, but we still have too many such instances of issues with Menlo, even though it is protecting us for sure. The weak point of the solution is that it has consumed far too much of my team's time, taking them away from operations and projects and design. It took far too much time to implement it and get rid of all of the live issues that we encountered when our users started using the solution. The good point is that I'm sure it is protecting us and it's probably protecting us more than any other solution, which is something I appreciate a lot as a CISO. But on the other hand, the number of issues reported by the users, and the amount of time that has been necessary for either my team or the infrastructure team to spend diagnosing, troubleshooting, and fixing the issues that we had with the solution was too much. And that doesn't include the need to still use our previous solution, Blue Coat, that we have kept active so that whatever is not compatible or doesn't work with Menlo, can be handled by that other solution. It is far too demanding in terms of effort and workload and even cost, at the end of the day. That is why we decided to transition to another solution. If we had known in the beginning that we would not be able to get rid of Blue Coat, we probably would not have chosen Menlo because we were planning to replace Blue Coat with something that was at least able to do the same and more. We discovered that it was able to do more but it was not able to replace it, which is an issue. It is not only a matter of cost but is also a matter of not being able to reduce the number of partners that you have to deal with. In addition, they could enhance the ability to troubleshoot. Whenever a connection going through Menlo fails for any reason, being able to troubleshoot what the configuration of Menlo should be to allow it through would help, as would knowing what level of additional risk we would be taking with that configuration.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"The initial setup is very straightforward and easy, with wizards helping to configure the device efficiently."

"The SD-WAN function is very developed. It has SD-WAN functionality with security features in one device. We can manage from one single console SD-WAN and the security policy."

"The most valuable feature is the FortiManager for centralized management."

"FortiGate is very simple to manage and easy to use."

"Customers want to load balance more than eight lines or six internet lines. FortiGate is the only solution that can accomplish this."

"The CLI and GUI do a good job of putting a lot at your fingertips."

"FortiGate Secure SD-WAN includes best-of-breed next-generation firewall (NGFW) security, SD-WAN, advanced routing, and WAN optimization capabilities, delivering a security-driven networking WAN edge transformation in a unified offering."

"The features that I have found most valuable are that it is good to use, and most importantly, the pricing. The customer especially likes the discount when they trade up or something like that."

More Fortinet FortiGate pros

"The product is affordable."

"I have found the most valuable features of Kerio Control to be the IPS and firewall."

"The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source."

"The solution is user-friendly."

"It has helped our organization with testing."

"The reporting needs to be improved. It is hard to get a domain."

"I did not face any issues with stability while using the tool's trial version."

"The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data."

More KerioControl pros

"It has reduced security events to follow up on. While it is not 100%, there has been probably a 90% or more reduction. We were getting hit left, right, and center constantly from people browsing the Internet and hitting bad websites. It was not just bad websites that were stood up to be malicious, but good sites that were compromised."

"Accessing the internet with a proxy from anywhere is the most valuable feature. It ensures that users are only able to browse legitimate websites. If they happen to go to a legitimate website with a malicious payload, the isolation feature will take care of that."

"For us, the primary goal is protection on the web, and that's extremely important. We're not using any of the other services at this time. The web part is key to the success of the organization. It gives us the ability to protect. It can isolate. It opens the session in an isolated format so that the code isn't running locally. It is running over in the Menlo environment, not in ours. It is not running on the local computer, whereas if you were to go to a normal website, it would run Java or something else on the local machine and potentially execute the malicious code locally. So, it does give us that level of protection."

"The fact that it is a cloud proxy solution is another feature we like. For example, if you acquire a new company, you can use it to protect that new company without the need to install anything physically on their networks."

Cons

"Pricing for it is a bit high. It could be cheaper."

"It needs more available central management."

"The solution lacks sufficient filtering."

"FortiGate should have a better way of detecting and managing the system memory because otherwise if the memory is too low, a system restart is required."

"In my opinion, Fortinet FortiGate could be improved by making the appliance smaller than what we have here, as it is pretty big."

"With the standard support subscription, if the device goes down, the customer has to first ship the box, and then Fortinet sends the replacement. With the higher support, the customer has to ship the device after they have the replacement. It would be better for customers to get immediate replacements even with a standard subscription."

"Some of the web policy reports could be improved."

"FortiLink is the interface on the firewall that allows you to extend switch management across all of your switches in the network. The problem with it is that you can't use multiple interfaces unless you set them up in a lag. Only then you can run them. So, it forces you to use a core type of switch to propagate that management out to the rest of the switches, and then it is running the case at 200. It leaves you with 18 ports on the firewall because it is also a layer-three router that could also be used as a switch, but as soon as you do that, you can't really use them. They could do a little bit more clean up in the way the stacking interface works. Some use cases and the documentation on the FortiLink checking interface are a little outdated. I can find stuff on version 5 or more, but it is hard to find information on some of the newer firmware. The biggest thing I would like to see is some improvement in the switch management feature. I would like to be able to relegate some of the ports, which are on the firewall itself, to act as a switch to take advantage of those ports. Some of these firewalls have clarity ports on them. If I can use those, it would mean that I need to buy two less switches, which saves time. I get why they don't, but I would still like to see it because it would save a little bit of space in the server rack."

More Fortinet FortiGate cons

"One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to the area of upload and download is extremely slow. There's too much content filtering at that point."

"There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release."

"The solution can be improved to create the capability for larger bandwidths that support our business needs."

"Improvements are needed to the Next Generation Firewall Protection, specifically with user-level protection."

"The solution should offer more dashboards."

"They should improve the remote connectivity feature for users."

"The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design."

"When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions."

More KerioControl cons

"Currently, I don't have a good way to see which of my rules are being used in the access control lists. I have numerous entries, but are they all still needed? A report that would show me my list of who is allowed and whether we're actually using it would be useful because I can then go clean up my list. It would be easier to manage. We would eliminate the vulnerability of unused services."

"We are now transitioning to another solution. The main reason for that is that managing all of the exceptions and troubleshooting all of the issues our users have had connecting to the internet has become too significant in terms of workload, compared to what we hope we will have with another solution."

"In the best of all worlds, we wouldn't have to make any exceptions. However, that is a big ask because a lot of that depends on how websites are constructed. For example, there are some very complex, application-oriented sites that we end up making exceptions for. It is really not that big an issue for us to make the exceptions. We feel like we are doing that without a huge impact on our security posture, but we do have to make some exceptions for complex sites, e.g., mostly SaaS-type sites and applications."

"The user monitoring could still be improved."

Pricing and Cost Advice

"Pricing is good. They offer a lot of things, the most important is the support. Every time you upgrade your license, you also get insurance for the equipment. If you have any problem with equipment, they send in new equipment."

"Compared to Palo Alto, which we have used in the past, pricing and licensing are okay."

"The cost of Fortinet FortiGate is competitive and not expensive compared to other enterprise- grade solutions. On average, the license cost per year is around seventy percent of the firewall's purchase price."

"The cost is too high... They have to focus on more features with less cost for the customer. If you see the market, where it's going, there are a lot of players offering more features for less cost."

"It has a competitive price."

"I think the price of Fortinet FortiGate is very reasonable."

"I do not have first-hand experience with the rice of Fortinet FortiGate, but I have heard the price was reasonable."

"Fortinet has one or two license types, and the VPN numbers are only limited by the hardware chassis make."

More Fortinet FortiGate pricing and cost advice

"It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it."

"The price is fine."

"Pricing is good, but the licensing took a lot of time."

"It's very affordable."

"The pricing is in-line with our expectations in terms of the quality that we get for it."

"It's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this."

"The price is inexpensive."

"Search and compare."

More KerioControl pricing and cost advice

"We save a ton of money and time. Previously, the numerous hits that we were receiving from our security tools, prior to implementing them, had to all be chased down, dispositioned, and endpoints had to be reimaged. It was just a ton of effort to do all that. That is where the savings from time and money come in."

"The solution is expensive. It's more expensive than the solution I previously used. Compared with the other cloud-based solutions, it's very competitive."

"It is appropriately priced for what they're doing for us. Considering the protection provided, I feel their pricing is spot-on."

See which vendors are best for you

Use our free recommendation engine to learn which Firewalls solutions are best for your needs.

See recommendations

848,396 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Educational Organization

21%

Computer Software Company

14%

Comms Service Provider

Manufacturing Company

Computer Software Company

23%

Comms Service Provider

Financial Services Firm

Media Company

Computer Software Company

19%

Financial Services Firm

16%

Manufacturing Company

Healthcare Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

No data available

Questions from the Community

Which is the better NGFW: Fortinet Fortigate or Cisco Firepower?

When you compare these firewalls you can identify them with different features, advantages, practices and usage a...

See all answers

What is the biggest difference between Sophos XG and FortiGate?

From my experience regarding both the Sophos and FortiGate firewalls, I personally would rather use FortiGate. I know...

See all answers

What are the biggest technical differences between Sophos UTM and Fortinet FortiGate?

As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite ...

See all answers

What do you like most about KerioControl?

The solution provides feasibility regarding cyber privacy.

See all answers

What is your experience regarding pricing and costs for KerioControl?

KerioControl offers good pricing as one license covers all features needed without extra payment. The price for the p...

See all answers

What needs improvement with KerioControl?

The logs could be improved for better clarity. It is difficult to understand when there is a threat attack, and handl...

See all answers

Ask a question

Earn 20 points

Comparisons

Sophos XG vs Fortinet FortiGate

Compared 22% of the time

Netgate pfSense vs Fortinet FortiGate

Compared 13% of the time

Cisco Secure Firewall vs Fortinet FortiGate

Compared 11% of the time

WatchGuard Firebox vs Fortinet FortiGate

Compared 5% of the time

SonicWall TZ vs Fortinet FortiGate

Compared 5% of the time

More Fortinet FortiGate Competitors

Netgate pfSense vs KerioControl

Compared 31% of the time

OPNsense vs KerioControl

Compared 14% of the time

Sophos XG vs KerioControl

Compared 7% of the time

Cisco Secure Firewall vs KerioControl

Compared 6% of the time

Sophos UTM vs KerioControl

Compared 6% of the time

More KerioControl Competitors

Cisco Umbrella vs Menlo Secure

Compared 22% of the time

Talon vs Menlo Secure

Compared 14% of the time

Zscaler Internet Access vs Menlo Secure

Compared 12% of the time

Netskope Next Gen Secure Web Gateway vs Menlo Secure

Compared 12% of the time

Prisma Access by Palo Alto Networks vs Menlo Secure

Compared 11% of the time

More Menlo Secure Competitors

Product Reports

Buyer's Guide

Fortinet FortiGate

April 2025

Download Fortinet FortiGate product report

Buyer's Guide

KerioControl

April 2025

Download KerioControl product report

Buyer's Guide

Menlo Secure

April 2025

Download Menlo Secure product report

Also Known As

FortiGate 60b, FortiGate 60c, FortiGate 80c, FortiGate 50b, FortiGate 200b, FortiGate 110c, FortiGate, Fortinet Firewall

No data available

Menlo Security Web Security, Menlo Web Security

Overview

Fortinet FortiGate offers comprehensive network security and firewall protection across multiple locations. It effectively manages data traffic and secures environments with features like VPN, intrusion prevention, and UTM controls.

Organizations rely on Fortinet FortiGate for its robust integration with advanced security policies, ensuring significant protection for enterprises, cloud environments, and educational sectors. It facilitates network segmentation, application-level security, and authentication management, securing communication within and between locations such as branches and data centers. Its efficient SD-WAN and UTM features enable streamlined data management and enhanced threat protection capabilities. Users appreciate its centralized management, facilitating seamless operations across diverse environments.

What are the key features of Fortinet FortiGate?

VPN Capabilities: Ensure secure remote access for users and seamless site-to-site connections.
Intrusion Prevention System (IPS): Detect and prevent security threats and vulnerabilities.
Advanced Firewall: Offers robust firewalling with application control and web filtering.
SD-WAN: Optimizes application performance and enhances bandwidth management.
SSL VPN: Provides reliable and secure access for remote workers.

What benefits should users expect from Fortinet FortiGate?

High-performance Security: Delivers effective threat mitigation with high availability.
Centralized Management: Simplifies network operations with cloud-based management tools.
Detailed Analytics: Provides comprehensive insights into network activity and security threats.
Load Balancing: Ensures optimal resource distribution and traffic management.

Fortinet FortiGate is crucial in sectors like education, offering robust networks for secure data flow between campuses and facilitating remote learning. In enterprise environments, it allows efficient management of application traffic and security across multiple branches, while in the cloud, it seamlessly integrates with diverse platforms to enhance security infrastructure.

Fortinet

Kerio Control is a popular security product for small and medium-sized businesses. It is a next-generation firewall that provides unified threat management without complexity. Kerio Control provides advanced anti-virus protection and industry-leading web and content application filtering, and has a secure VPN.

With Kerio Control you can:

Preserve the integrity of your network.
Manage bandwidth to streamline traffic flows.
Improve productivity with filtering capabilities.

Kerio Control Features

Some of Kerio Control’s most valuable features include:

High availability, deployment flexibility, deep packet inspection, advanced routing, usage reporting, quick administering, intrusion detection and prevention (IPS), gateway anti-virus, VPN, web and content application filtering, and centralized administration with MyKerio.

Kerio Control Benefits

Eliminate downtime risks: Because Kerio Control offers high availability and failover protection, you can eliminate the risk and cost of connectivity or threat protection downtime.
Detailed reports: Kerio Control makes it easy to view individual users’ internet activity through detailed reports.
Traffic monitoring: Traffic monitoring allows you to manage bandwidth and makes it possible for you to control access to streaming video and peer-to-peer networks.
Server protection: Using Kerio Control’s advanced networking routing and deep packet inspection, you can protect servers.
Easily create policies: With Kerio Control, you can create both inbound and outbound traffic policies, and can also restrict communication by specific URLs, applications, traffic type, content category, or even time of day.
Snort-based analysis: Kerio Control gives you the ability to add a transparent layer of intrusion prevention with snort-based analysis along with a database of rule and blacklisted IP addresses that is regularly refreshed.
Optionally integrated anti-virus: WIth this feature, you can prevent viruses, Trojans, or spyware from entering your networks.

Reviews from Real Users

Here is some feedback from some of our users who are currently using the solution:

PeerSpot user Brian C., Senior Technology Specialist, VP at Unified Technology Solutions, writes "It is very comprehensive and simple. It has all the active protections. It's updated. We love that you can set how often it is updated so you can work on what is right for you. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios."

Andy D., IT Manager at Flare Technologies, praises how easy it is to use and says, "One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly."

GFI

Menlo Security Secure Application Access

Menlo Security Secure Application Access makes zero trust access easy, giving users secure connectivity to private applications, including web and legacy applications. At the core of Secure Application Access is the Menlo Secure Cloud Browser, which fetches, secures and delivers the content for users.

In addition to providing simple-to-deploy, clientless ZTA, Secure Application Access and the Menlo Secure Cloud Browser protect applications from attacks such as session hijacking, cookie manipulation, and other tactics that employ protocol manipulation.

Secure Application Access protects applications from Internet threats and provides granular controls for added protection of the application and associated data. These security controls include Read-only/Read-write, Upload/download, Copy/paste, AV scanning, Sandboxing, and Data Loss Prevention.

Last Mile Data Protection

Menlo Last-Mile Data Protection identifies and prevents sensitive data from leaving your company by meticulously inspecting all file uploads and user input across browsing sessions. Leveraging the Secure Cloud Browser, users are protected from the internet and you can protect your organization from data loss with comprehensive traffic monitoring and controls. This approach addresses the growing concerns surrounding data leakage in the age of AI tools like ChatGPT.

By identifying sensitive data through file types, regular expressions, or predefined libraries, Menlo Last-Mile Data Protection empowers security teams to regulate data input into AI platforms and prevent unauthorized uploads. This capability provides crucial protection for intellectual property, PII, and other confidential information.

The solution leverages the Menlo Cloud Security Platform's visibility and control over traffic to reliably detect and prevent data leaks originating from both browser submission forms and non-browser traffic. With the ability to inspect encrypted web traffic, Menlo Last-Mile Data Protection enforces DLP policies consistently across all users and devices, ensuring comprehensive data protection.

Menlo Security

Sample Customers

Amazon Web Services, Microsoft, IBM, Cisco, Dell, HP, Oracle, Verizon, AT&T, T-Mobile, Sprint, Vodafone, Orange, BT Group, Telstra, Deutsche Telekom, Comcast, Time Warner Cable, CenturyLink, NTT Communications, Tata Communications, SoftBank, China Mobile, Singtel, Telus, Rogers Communications, Bell Canada, Telkom Indonesia, Telkom South Africa, Telmex, Telia Company, Telkom Kenya

Triton Technical, McDonald's

Information Not Available

Buyer's Guide

KerioControl vs. Menlo Secure

April 2025

Free Report: KerioControl vs. Menlo Secure

Find out what your peers are saying about KerioControl vs. Menlo Secure and other solutions. Updated: April 2025.

DOWNLOAD NOW

848,396 professionals have used our research since 2012.

See our KerioControl vs. Menlo Secure report.

See our list of best Firewalls vendors.

We monitor all Firewalls reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.