KerioControl Reviews

Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool.

• Site-to-Site VPN
• Easy configuration
• Really easy and user friendly GUI
• Stability
• AD integration
• Traffic shaping options
• QoS management is great
• VLAN options per interface
• Proxy and Reverse proxy with SSL options
• Two step authentication
• The real-time built-in monitoring applications
• Intrusion prevention system
• DNS redirection
• Easy monitoring and configuration of the routing table
• Guest interface feature

We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our internet connections and LAN-to-LAN connections. We even have a better control of our site-to-site VPN tunnels.

The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you cannot configure per IP exceptions. Some diagnostic tools can be improved too, however they are good enough to the everyday usage. Last,lu the Ubuntu/Debian VPN client can be improved a lot.

It does not offer high availability option yet, however you can do that through VMware's fault-tolerance feature.

Guest Interface has a built-in web site for access to the internet (like a hotspot). In some cases, guest users cannot see this interface and then they cannot navigate/use the internet, however this only happens on rare occasions.

I have used this for four years in several locations, and all of them are happy with it.

We had no issues deploying it.

Kerio Control can be used with three internet connection modes:

• Single internet connection
• Fail-Over
• Load-Balancig.

If you put the appliance in Fail-Over mode it will simply FAIL, and will bypass your routing rules. It will start balancing connections (even when you have not configure it) and the stability will be annoyingly poor. However, the user manual says that you have to put it on Load-Balancing mode if you want to use routing policies which is contradictory, but that's how it works. When you put the appliance in Load-Balancing mode it i will work great.

Once again you have to double-check licenses, remembering the licences count the IP that is passing through the firewall to the internet, and site-to-site connections will not count.

Here in Argentina they are terrible, as they will not answer emails and will not reurn the phone calls. Otherwise Kerio support is great.

We had a mix of Linux IPtables and Cisco appliances. We switched because the business needs a quicker and more precise response from IT.. Now, with a clicks, we can see everything.

It's not complex at all, however I have to modify the virtual appliance because it came with the E1000 virtual network adapter. I removed them and put VMXNet3 in instead. I also had to change the amount of default configured RAM. It's now working great.

I implemented it myself as it's really easy to setup and use.

To test it, you can setup a mini-lab inside of a VMware hypervisor. The major problem that you will find with this is the licensing, as it´s confusing and you have to remember that they licence the appliance per IP basis. The basic licence includes five users and 25 IPs for every device that pases through the firewall which counts as a used licence. If you have one user connected to the VPN and 24 devices using the internet (Tablets, Phones, VoIP phones, computers) then you are using 25 of the available IPs so no-one else would be allowed to use the VPN or navigate through the firewall until the VPN user disconnects, or one of the devices is not being used to connect to the internet. So you have to double-check how many IP address/users you will need before buy and deploy it. Luckily for us, Kerio offered a 30 day free trial for testing. Also, they sell the product with Sophos AV and a really good content filter.

Connection Monitor

Debug Area

The Main Dashboard

Traffic Rules

We use the tool for hosting and virtualization.

The solution has an app manager and a portal where you can maintain all your Keri products. It is a firewall that includes antivirus and anti-malware, which adds security. The VPNs, both site-to-site and client VPNs, are pretty easy to set up.

The solution's VPNs help us to work from home or other locations. 

The solution's hardware is not that great and could use more improvement. However, the VM software and the virtualized KerioControl itself are pretty good. The software is good; it's just the hardware that needs improvement.

With KerioControl, it's much easier to see what areas to configure. Unlike Sophos and other devices, their security features are harder to navigate. But with KerioControl, it's just easy.

The tool's deployment is very easy. It can be easily accessed via a web browser or GFI web portal. One resource is enough to handle it. 

You can get ROI in months. 

There's a one-time fee. For KerioConnect, it's just a server. With KerioControl, you have an option. You can virtualize it on a VMware system or have the hardware. I think mid-range or desktop KerioControl hardware could cost around 2000 dollars for a 25 user client. You need annual renewal for additional features like antivirus. 

I rate the overall solution a ten out of ten. 

The filtering rules are valuable. The product is easy to use.

There is no protocol for VPN in Android. It would be good if the product added a protocol for VPN. The upgrades make the network slower.

I have been using the solution for four years.

I rate the product’s stability a seven out of ten.

The solution is scalable. Four people in our company are using the solution. We are planning to increase the number of users to five or six.

I have contacted the support team by email. The team's answers are good. They answer quickly.

Positive

The solution was easy to deploy. Documentation was available online so that we could install it easily.

We installed the product in-house in a couple of months.

We have seen an ROI on the product. It is efficient. We are satisfied with it.

The pricing is reasonable. We have to pay approximately EUR 175 for the product.

We are working for some customers. If someone wants to buy the solution, they must check the internet. The internet is full of advice, which would help them with any questions they have. Overall, I rate the product a seven out of ten.

We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

I really like their general IT.

I like how it's possible for me to block other countries immediately if I see the need to do so.

The initial setup is a breeze.

The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

I've been using the solution for about five years now.

The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

I handled the implementation myself.

We're using the latest version of the solution.

I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.

We have our server in our head office, so we have offices that log into it from various other cities and run their accounting software on it.

We have several offices in different provinces across Canada and because of that, the connection has been very secure and reliable. We haven't had any downtime with it other than when we had the NG100 fail. Other than that, it's made the connection to our websites, our office, and our eCommerce sites all very reliable. That's been very important.

The most valuable feature is the reliability of VPN capabilities. The VPN has been very reliable and secure. The security has been very good and the VPN connections are reliable in that they stay up. We don't have a lot of problems with downtime and that type of thing.

The comprehensiveness of the security features is extremely good. 

Kerio offers everything I need in one product. 

The firewall and intrusion detection features are good. We've had some intrusion attempts that were stopped. The firewall has been doing extremely well for attempted hacks, as well as working well with the intrusion protection.

The VPN features are good They have a solid VPN client, which we found to be extremely good and reliable on various operating systems. Other than that, the VPN has been good. 

Kerio is extremely easy to use. They're easy to install and pre-configure. If you have to do any maintenance it's well handled through the system. Remote connection, logging in, and doing changes on the system is extremely well handled.

We do use the failover in our head office. The failover is working extremely well. The last test on that was May of 2000 and 2020. The failover seems to be working well and the security has been good, so they've felt very confident in having it up and working as it's supposed to be. It's configured as per the instructions and it's working really well.

Kerio has enabled us to double the number of VPN clients extended to those outside of our environment. It started a little bit before the pandemic but just because some of the companies started to work more from home to cut down on costs. But since COVID that's where it shows it's doubled.

One of the problems we do have causes problems with the VPN. The software slows the throughput down too much. You could have a one-gigabit connection from the internet, and it slows it down to where the area of upload and download is extremely slow. There's too much content filtering at that point.

Quality control is another problem that needs to be handled better, particularly in the NG100 series. We have had to replace a couple of those. Other than that, the throttling down of the speed is too much. It is too heavy.

Other than that, I think they're good. 

We first started with Kerio back in 2003.

We have an NG300, NG100, NG300W, and we still have a couple of 1120s.

Other than the quality of the NG100, stability has been extremely good.

The scalability has been extremely well handled. We can very quickly figure out what size of a machine a customer needs and put it into position.

We have four people that do them, but usually, when we're shipping out, one person sets it up and then they deploy it remotely and have the customer follow their instructions remotely.

We don't have plans to increase usage because of the problems we have encountered with the company and the follow-up. We would have. We had quite a few of them, I don't know an exact count anymore because it's changed over but even now we've still got about 32 of them in use right now. But we've switched over probably triple that away from it.

GFI's technical support is improving but at the very beginning, it was very bad. There was no way to contact them. When you did call, you didn't get returned messages. It is improving, but it's still not at a level where we're happy with it.

We previously used SonicWall. We were looking for something that was really rock solid. We had a very bad experience with SonicWall and their support was very bad. We had a client that was down and they couldn't and didn't help us. We had to find something else in a hurry. 

One of our technicians had been reading up on Kerio so we brought one of their machines in and configured it. That's one of the first ones he did and he said that the setup was really good. He installed it and got the client back up and running, and then we started looking into it and found it was much better. Strangely enough, shortly after that, the sales rep we were dealing with at SonicWall left and he went to Kerio also.

Something that really bothers us about GFI, is that as a partner or a reseller, they believe that the customers belong to them. As a reseller, we take a lot of time building trust and confidence with our clients. We've been in business 30 odd years, and we still have clients with us that we took on back 30, 32, 37 years ago. They're still our clients, they deal with us, and they trust us. SonicWall did it and now GFI does it. They insist on all of the contact information for our customers if we sell them a machine. Then they start direct emailing them and our clients start saying, "I hired you to take care of this, why are these people sending me all this junk?"

Plus, we're in Canada and they send out this information and emails and it has U.S. pricing on it. They make a big deal about that it's only $100 or something, and then by the time we convert it to Canadian, we're looking at $135 and the clients forget that very quickly. It's very misleading to clients. Our customers don't like it. That's one of the other reasons that we're moving everybody from Kerio, because of what GFI's policy is of insisting on having all of our customer's names, addresses, phone numbers, emails, and everything else.

The initial setup is pretty good. The guys are used to it now. They've done a fair number of machines and they're very used to it.

It has become familiar and they're consistent from one model to another. The instructions are straightforward and a good tech should have no problem with it at all. The thing is that they're not a home machine, they're for business. If it has a tech working on it is no problem at all. It's quite simple.

An average deployment takes two and a half hours. 

Network engineers set it up. Even one of our web developers has set up some of them. They have been very happy with training other people to do them. They don't have any problems. It's quite simple. The engineer was the first one to start working with Kerio back when we took them on, and he found that even in the beginning, from learning on his own, it only took him about four to eight machines to feel confident that he could do it without having to follow the instructions every time.

The size of the companies we work with vary. We call them medium-size, but some of them are only one location with 5 to 20 employees. We host a lot of our e-commerce systems and clients have those on their machines so that when the e-commerce inquiries come in, they go through that router. They become a medium-sized business very quickly because of the amount of business they're doing.

Kerio is a good solution for companies of this size. It comes down to the same thing, reliable, cost-effective, the VPN connections are good for the security between the e-commerce sites. Our eCommerce site is dynamic, so it's connected between the customers' inventory, warehousing, shipping, and billing system, directly to the e-commerce site. It makes it a lot tighter and more security is required because they are connecting directly to the customers' business machines, as well as just e-commerce hosted sites. Reliability and security are very highly needed because it does run their e-commerce sites. 

We see ROI through the ease of setup. We have a flat fee for configuring one, we charge for one before we ship it out for installation or go and install it. A customer pays the retail price, converted to Canadian at the current exchange rate, and that's what we charge the customer for the machine based on Kerio's MSRP. Then we charge them a flat rate for configuring it, which is two hours and we charge them for two hours labor. Then we charge them for whatever time it takes to do it remotely on-site, or if we're going on-site and having to install it, we charge for that time. If you charge for your time and the value, then you're going to make a good return on it.

But if you go in undercutting prices, something has to suffer. We have never had a customer say to us that they're upset because we haven't taken care of them if they have a problem with one of the Kerio devices. There have been issues, they're machines, they're going to break down. But we've never had a customer say that it wasn't taken care of properly by us. When we had SonicWall that was a problem, we took care of the customer, we couldn't get the machine that he should have had properly under warranty, so we just went and got him a different machine, put it in and got him up and going.

That's where we have to charge for it. We did charge the customer for that, but he felt that we provided the service he needed. It just gave him a very bad taste in his mouth because he couldn't get it under warranty. Undercutting prices, either in your services or your pricing of the hardware is what's happening now on the internet, we see that people are buying Kerio cheaper. We say to them "If you insist on buying it and want us to install it, we're going to charge you to install it, and if there's a problem with DOA or anything like that, dead on arrival, that's up to you." We hand it back to them and say this machine's got a problem, you have to get it fixed.

The pricing is good. Our businesses have been around a long time and we've done that by not being the cheapest, but trying to be the best or one of the best. There's a lot of very good software and hardware companies out there, but a lot of them try to just undercut pricing and try to get the deal. We do not do that. We have a feeling we know what the value of our product is, if it's our own product. In a case where we have a router system, we know the value of it, we know what the value of the software licensing is for renewal and for the initial startup. We look at those things at the beginning, and we felt that Kerio was well in line. The price seems to be going up now, it hasn't gone up as bad as some of its competitors yet, but we'll keep an eye on that. Right now the pricing is valid for the product and the service they get.

We did look at and we're also an authorized Cisco reseller, but they're doing the same thing as SonicWall now. These big companies forget who puts all the work in. What they're trying to do, in my opinion, is get the little reseller to go out and hire the right people and go out and move their product, get them installed, and then they want to start going to them directly. I understand that smaller companies come and go but we've been here 37 years in total. They shouldn't go to our customers and start trying to direct sell to them and that type of thing. 

We were also a Dell reseller and we quit because we had to register every sale with them, and then they were going direct to the customers. It's not fair to the company that's gone out and done all the work.

The machine is a good value for the price and the software is extremely good value for the price. It's proven out to be good, but we're just disappointed in the company that now owns it and took over from it. They're improving, but it took too long to improve and it cost us a lot of money in that way. But I can't blame it on Kerio, I have to blame it on GFS.

I would rate Kerio Control a nine out of ten. 

Our client base is private yachts and on private yachts, we have different LAN connections, as well as different VLANs. Kerio Control allows us to maximize and control the different LAN connections, both from a performance and a financial standpoint.

The single largest component was the introduction of MyKerio and the ability to be able to remotely connect the challenge that we have with MyKerio. By yacht, I'm referring to the 1% of the 1% of the people that are out there with $50 million to $60 million yachts. They have satellite systems on board so one of the challenges that we have with MyKerio is the sensitivity to latency. What that means is that if you're on a landline like a DSL or a cellular connection, your ping time may be 20 milliseconds, but with satellite, because of the distances involved, those ping times could be 700 to even 1,100 milliseconds. This is a challenge that we have because just about any application or hardware device that is out in the market is not really designed to take that into account.

In this particular case, if we have a boat that is traveling from South Florida down to the Caribbean and the entire boat is on satellite and we need to be able to log into MyKerio for the boat, it's not optimized or set up for satellite communication. It sometimes becomes problematic in trying to connect to the vessel. Where if the entire boat, like on 4G or landline, then it's no big deal because MyKerio is optimized for that. 

That would be an area for improvement, but the benefit of it is that we can handle issues remotely. The other benefit is through a minimal amount of instruction to the boat, they can complete what I would refer to as basic tasks.

For example, if a boat is down in the Bahamas and the owner is on board, we typically have these in cellular and a landline connection and then on top of that, we'll have an owner, the crew, and guests. So in this particular case, we would want the owner on the fastest 4G connection. Then we would want to put the crew on the satellite connection, which may not be as fast. So it's just about optimizing the experience for the owner and being able to control the bandwidth.

The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.

It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.

I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.

I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.

Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.

In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes. 

From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.

It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.

It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment

I have been using Kerio Control for four years. 

It is deployed in our office, as well as at our customer sites. Our customer sites are private superyachts.

The only stability issue that we have is with regard to the latency and using MyKerio. A potential deficiency I've encountered has had to do with the actual physical ethernet ports on the device. They seem to be very susceptive to shock. We have had to replace a few units due to that. Especially if there are devices that are POE devices. Part of it has a POE that goes out to the antenna and then there's an ethernet connection that goes back to the Kerio. We've noticed that for whatever reason, that particular device or combination don't play well together.

The way it works now, we can take an NG300 with four ports, and then we can create ports on additional switches. So the only instance that we really use an NG500 is for two reasons. One of them is processing power, and then the other one is if they actually have the requirement for different or more connections than the Kerio has.

Three people in the company, more from a customer interface perspective, and about six people in the company from a technical support perspective use Kerio Control.

We have it deployed somewhere in the neighborhood of 60 to 75 remotes. We will increase usage if we can increase customers. 

I would say that we're a medium-sized business. We're certainly an established entity within the superyacht communications industry. Besides our office here in Florida, we have offices in France as well, and we're headquartered in Majorca, the point being is that we cover all of the Mediterranean, the US, as well as The Bahamas and Caribbean. So it has not been unheard of based upon an issue to helicopter somebody out to a boat kind of thing.

I have not used the technical support. My experience initially with Kerio was dealing directly with Kerio and then at a certain point, they offloaded their distribution to a company called Lifeboat and GFI, and that has been a bit difficult. In my opinion, it's made things a bit harder.

If I need to get an answer to a question, I have to go through Lifeboat or GFI, and then ultimately they in turn have to get with Kerio. So it's created a middleman process. The case in point is that we have an order and the order just kind of kept going and there were no updates, there was no tracking, there was no nothing. I would go to Lifeboat and Lifeboat would say, "Well, we're trying to get a hold of Kerio and there was just a breakdown in communication."

Kerio Control is something that's being added to most of the network of the boats that we deal with. We deal with a lot of boats that look fantastic on the outside, but on the inside as far as the nuts and bolts go, they are not well maintained or they have really old equipment. That's one of the things that we always deal with. One of the things I always talk to captains about when I go on a boat is I ask them, "What are the chances that the owner's going to come on board with a 10-year-old computer and a 10-year-old phone?" And he answers, "Zip to zilch." So I say "Well, your network's 10 years old." It's going to work based on what you have in the technology of anywhere from even five years ago compared to today. It's not just a matter of throwing a Kerio in and saying, "Everything's going to be fine." Typically, it's a component of a network upgrade to include switches and access points.

The initial setup is straightforward for us now because we've done it for so long. The other side of it is that there haven't been a lot of changes per se. There have been tweaks. The consistency of the platform has pretty much stayed the same. So while they have optimized certain components of it, it's kind of like Microsoft Word. You could go back to a version of Microsoft Word 10 years ago and know exactly how to use it because everything's going to be in the same place. It's just an evolution of the platform.

It takes around an hour and a half to license and configure.

We have a uniform deployment process and then that's followed by adjustments based on the client's specific requirements. They may have more LAN connections than somebody else, or they may have less of a need for additional VLANs. It's on a case by case basis. But I would say 95% of everything that we do is standardized.

I'm not the one that actually implements it. Full disclosure, I order the device, I get the device, I license the device, I update the device and then at that point in time, I have one of the engineers come remotely into the unit and then they do the final configuration.

On the licensing side, the way Kerio works, and this is what we have to tell boats, is that if you think that you're going to save some money one year by not licensing it and then next year, you're going to license it, you're going to end up paying for that back year. You're better off just keeping it up to date.

Boats are really like life. People want to spend money on things that are sexy, and software licensing isn't sexy. So that's one of the things that we have to go back and let them know that it's going to work as far as the basic functions go, but the features are not going to work and their security will be vulnerable.

There are no costs in addition to the standard licensing. 

Evaluating other solutions would be the responsibility of the CIO because everything that we do has to be agreed-upon on a standardized platform as we are the ones that are going to have to support it. We let any customers that we deal with that are possibly dealing with other brands know where our demarcation point of responsibility is because it's very much so once you touch it, you own it. If you go onto a boat and you touch one thing, you'll be getting a call for the next three weeks about it. It's an industry that you have to be very specific about what it is that you're doing and what it is that you're providing and supporting.

We have been made aware of boats that have had security breaches, but we were not engaged to support their network at that time. We may have just been only the satellite solution provider. It wasn't specifically Kerio Control, but the situation necessitated them to reevaluate their network and invest in their network rather than just have it as a passive source.

We don't necessarily use failover protection. If you have a failover seamlessly set, the boat or the customer won't know that there's been a failure. We don't use the failover because we want the boat to understand if there's an issue with one of their LAN connections.

For example, if you have a cellular and a satellite connection, and you have both of them set to failover to one or the other, if the satellite connection fails over to the cellular connection, nobody on the boat is going to know that it's failed over. Without the failover, they can identify that there's a problem and then that can be addressed. But if it fails over, nobody is going to be aware that there was an issue and then there's nobody working on solving or trying to figure out what that issue is.

My advice would be to have a plan. Have a plan in place and make sure that you document everything that you do. Certainly, if you're talking about multiple deployments, you don't want to run into a situation, for instance, where you have three different IT people and each one of them is doing a different type of configuration. You want to have a policy in place for a standardized configuration. From a support perspective, as well as a usability perspective, make sure those are being addressed.

I would rate it about a seven out of ten. The only reason why I would give it that rating is because MyKerio can be a complicated tool if you don't know how to use it. 

I was at the Monaco Yacht Show and I got a phone call from an engineer on a boat. They were very angry with the service speed of their satellite. We have customers that pay anywhere from $2,500 to $40,000 a month for satellite service. In this particular case, they actually had to send a tender in. They had to take me out to the yacht and I got out to the yacht and I figured out exactly what happened.

As I was getting off the yacht, they were explaining to me how one of the crew members had worked with Kerio in the past. When I got onto the boat, somebody had set a QoS monitor to limit the crew network for the satellite connection to only 5% of the allotted bandwidth, but it wasn't just the crew, it was the entire vessel. So the entire vessel was limited through Kerio to 5% of the speed of their satellite. That problem or that issue did not arise as a Kerio issue. They said, "This is a satellite issue. We're having a problem with our satellite." So that's an example of, if somebody doesn't know what they're doing, they can have a pretty detrimental effect on the network.

The thing about Kerio is that there's not going to be a dummies book for how to use a Kerio Control. It's really designed to be operated and certainly configured by somebody who is in the IT industry. From the perspective of users, if you're the administrator, you can log into this and you have full access to everything. Whereas if you're "just the user," we're going to hide all of this other stuff from you and the only thing that you're going to be able to do is say that the owner network can use the satellite connection and the crew network can use the connection. 

I would like to see a very limited or dumbed down version for the average user. You could literally just do a couple of checkboxes and throttle everything on the entire network and nobody would necessarily be the wiser.

We use it for bandwidth management, filtering, routing, and intrusion detection and prevention. It is our main edge firewall.

I am working with the latest version. 

I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated.

The user login can be improved because we use the captive portal where users have to register before they access the internet server. That has been a huge challenge. They can improve the user login part and make it more user-friendly. It looks user-friendly, but it doesn't work as it is expected to work. They can also improve the reporting feature.

They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper. 

Its inability to provide content filtering for search results was a high-impact issue. We've been talking to them about this issue. It was a very sensitive issue for us because we had kids in year four who were exposed to images that they were not supposed to see. Because of Kerio Control, we failed to protect kids from such content, and we expected them to respond to it with the urgency it required, but their support was pathetic. The ticket was escalated, but we had to send them a couple of emails to let them know how serious the case was, and then we had a live call with their support team.

We have had issues with its performance and stability. They can do better. We've had situations where we had a terrible performance on the network, and when you restart it, everything goes back to normal.

I have been using this solution for six or seven years.

Its performance is average, and it isn't that stable. I would give it a 50 out of 100. 

It is easy to scale. We have about 600 users.

We've been talking to them about the content filtering issue. The ticket was escalated, but we had to wait for two days for it to be answered. We sent them a couple of emails to let them know how serious the case was, and then we had a live call with their support team. We found their support to be pathetic, and we really expected them to take it seriously.

It is straightforward. It is easy to configure.

We do it internally. On the maintenance part, it requires patching, seeing if we want to block anything from our network, and adding more rules.

Its price is fair. There are no additional costs.

We are evaluating Juniper. In terms of monitoring, the response from Juniper was good. We requested a demo, and we got more than a demo. They went above and beyond to get a specialist in security who sat with the team. He presented not just what the product can do; he also presented what is involved in security. Their support seems good. From what they demonstrated, its monitoring, reporting, and intrusion detection features look pretty good.

It is a good firewall. It does what it is required to do, but it needs improvements. Their support and reporting could improve, and they can also do some work on the user login part.

For a campus, you can't depend on Kerio Control to provide everything. You need to look at some of the other tools if you're dealing with students, but for all other organizations, it is perfect as it is.

I would rate it a seven out of 10. 

It's the Edge firewall for my business. I'm a small business IT consultancy and I'm subcontracted out to a larger organization. It's really just me working from home, which is a bit more permanent now, but we do have a couple of other side projects I work on with a couple of other partners. One of them is a financial trading solution, so we want Kerio to beef up the edge security to make sure that the solution itself was secured nicely because it meant building out a rack of a couple of rack-mounted servers and beefing up the solution. 

Being an SMB, we do find that Kerio fits our needs. It fits nicely in that space because any time that I've been to an enterprise it's pretty much dominated by Cisco products. A product like this probably wouldn't get much air time to get in the door of a really big organization, whereas a small to medium-size enterprise where they're big enough to have some sort of IT presence, it would probably fit in nicely. With an enterprise that's my size that doesn't have an IT presence, then they'll probably use some sort of managed service solution.

We wanted to beef up the firewall and not just run off some sort of IoT style firewall that's built into a modem. It didn't seem to be adequate for our needs. So that's where we went into Kerio because at the time, we had some remote desktop services running and we were getting a lot of attempted cyber attacks coming out of China and a few other places. Kerio was one of the few that could actually geo-block, which was really quite handy.

Its primary job is to protect us and give us a degree of comfort. We're putting a lot of effort into creating a financial trading system. We want some comfort that it's secure behind the quality firewall and that's really what beckoned its purchase. The fact that we've not had any issue indicates that it must be doing that job reasonably well, and the fact that we don't get any of those attempted attacks from the block in China, because of geo-blocking, is probably the strongest feature for us. I wouldn't say it improves what we do because it doesn't affect what we do. It's really just security.  It's a tool to improve our security profile for what we do.

We don't expose our remote desktop connected servers to the internet anymore. But when we did have that, because the security log is a really easy thing to set up, it would show you all the attempted, brute force attacks. That's now down to zero. We don't get any brute force attacks, but at the same time, we don't expose the Port 3389 out to the internet. We could achieve the same result with a domestic firewall in a domestic router. However, this gives us a degree of comfort that we can actually analyze any traffic that looks a bit suspicious, inbound, or outbound. That's a definite step change compared to what we'd have in an out-of-the-box type of router.

Security is there to slow things down and make things a bit tricky. That's its bottom line. If security is easy, it's probably being done wrong.

Certainly in the first few months of using it, it was quite time-consuming to get a configuration working that was reliable. Because I work from home, I originally had it protecting everything coming in and out of the home which didn't work well at all. It's protecting the home office and the server environment. Everything else just goes straight out of the domestic router out to the internet because we've got IPTV, with kids on devices. They don't need such a high level of protection. It would be nice to give them that because if you've got this perimeter that's protected by a really good quality product, you want to protect everything.  But when we tried that, it seemed to struggle with the high volume of traffic that was being generated by the IP cameras, the IPTV service, and the myriad of devices and iPads that we have in the house. So we stopped using it for that purpose.

The top features are ones that we're not using yet but we soon will be because we've just had broadband upgraded in Australia. We've got something called the National Broadband Network, which is forced onto you, so you have to take it when it arrives. We'll be trying the high availability out soon. We tried that with some load balancing, it didn't quite work as we expected, but I think that was more of a configuration thing rather than a product thing.

The geo-blocking is essential because the partners we deal with are typically either in the US or Australia. We know where our traffic needs to come from and we don't post anything publicly that the general world needs to see. It's just a few discreet services that need to be hosted on this financial trading stuff.

The integration of Active Directory is very good as well. We don't use the VPN service. We use VNC. We get mixed results from the QoS, but that's another good feature. Really, dashboarding, track, and monitoring are the most important features for us as well.

We are about to test the high availability and failover protection because one of the issues we have is the device or the Hyper-V host seems to need a regular rebooting, which isn't an issue directly in itself, but it would be nice if it could do that on its own. We can't find a feature to do that. That's the complaint I'd have of that and the HA might solve that problem for us. So we'll give that a go.

Out-of-the-box, the overall comprehensiveness of the security features is pretty good. It's not just a firewall, it's kind of a firewall proxy, reverse proxy, everything out-of-the-box sort of solution. It's pretty comprehensive. I can't imagine wanting anything else, because for me as a consultant, it's not just about protecting the environment. It's also about having something that's commercial-grade because when you go in as a consultant, you need to be exposed to these tools and you need a lab environment to test these tools out. This is as close to a good commercial tool that you could possibly ask for.

In terms of the availability issue, I've considered that there are hardware options as well, which is nice. We're not sure if that will be an improvement over using Hyper-V, but that's to be decided.

The antivirus seemed to be a bit laggy on the connection so I disconnected that. It's definitely good. The only issue we've had with any sort of cyber attack seemed to be coming from a couple of distinct locations, people trying to get into known ports on remote desktops and stuff like that. The fact that we can block all that traffic is just great. It simplifies it.

The last time we used the antivirus, it seemed to slow down some of the connections. I didn't dig too deep into it, we just turned it off and it seemed to rectify the problems. It's hard to say whether it was that directly but it seemed to be creating a bit of overhead on the connections.

The reliability is its biggest downfall. I don't expect to be rebooting a product like this every couple of days. In fact, it's become a start of day thing just to reboot so it doesn't let me down in the middle of a team's call or something like that. It's quite slow as well. I could be on a team call and it would drop the connection. Then we'll get a warning that we've got poor call quality and as soon as you restart the device all the problems go away. There's clearly maybe some sort of memory leak problem or something in there that's affecting its reliability.

We've just had our national broadband network connection today, which is a high throughput connection. We will be reconnecting the entire household through the device, to see how it copes and we'll see if it improves anything.

I have been using Kerio Control for two and a half years. 

If I came across a client that was a small to medium enterprise, I'd probably recommend it, but a lot of them have a solution in place now anyway. It's hard to get those opportunities for new business in that regard, but I reckon it would probably scale quite well. I'm at 25 licenses, but that's only because we have so many devices in this house. It looks like it probably would scale. As I said, with that level of reliability, that probably would be an issue if you wanted to scale 100 to 200 licenses.

We did try the proxy feature, but once again, that failed miserably. It ran well for a few weeks and then it died on us, and it was really quite hard to diagnose what had gone wrong. We turned it off and went back to a previous configuration which was a bit disappointing. It comes back to that reliability, whatever it is that makes it conk out is clearly a problem.

I used support once or twice when I hit the first license ceiling. I did log a support ticket in. They were fine. There were no complaints from that. They offer 24/7 support, via email. I don't think I actually phoned them up. It's pretty good. There are no real issues there.

We tried a few different Windows-based products. That's how we found Kerio because it offered a Hyper-V solution and it also offered a hardware solution if you wanted. I'll try the software one first and see where we go. There were a couple of other products we used before. Originally, we used to use Microsoft, the ISA server back in the day because that got swallowed up by Fortinet and we didn't touch that. 

There was another Windows product, WinGate. That has a really bad reliability problem. It would stay up but the connections were very slow going through that thing. Maybe it was poorly configured on my part, but it just seemed to be incredibly slow at managing the connections. We'd notice a very latent response from web pages and it never, even though it had a massive caching there for caching pages, it just seemed to never be as quick as bypassing the WinGate software. That wasn't virtualized. That was running on a native Windows server at the time so that was really quite poor in terms of performance.

Given that it's a Linux deployment, the support it offered, like giving you a Hyper-V client out-of-the-box, is fantastic. It's a really clever idea because you're not then left with a painful configuration of spinning up some sort of Linux host and then trying to do an installation. The fact that it comes pre-packaged with Hyper-V images was a very smart and clever move because that made it a lot easier to get it going if you like. Getting that up and running was quick, it was just a configuration, and finding the right configuration was the hardest part.

The deployment was less than half an hour. It was very quick to get it up and running and get it operational. It was just fine-tuning that configuration to suit my environment that took the time, which I would expect of any device, no device is going to come out-of-the-box and just work like magic unless you've got a really simple environment. Whereas I've got a home environment, where it's just me as a small business, but I've got that many servers and hosts running.

Our strategy was to take it out-of-the-box and get it working.

The setup was pretty easy. The external remote control was really good and simple. It gave extra manageability on the road which was good. It was pretty straightforward.

In terms of maintenance, it's just me. In terms of my time, it doesn't take much time at all. I'll hardly make any changes to it. Now it's running fine. The only next thing I'll be doing is trying out the HOA.

With security, I don't think you can calculate ROI. It's not easy to call a return on investment with security products because anything security that's done properly is going to be a cost overhead. That's by its very nature. If security is quick or cheap it's probably wrong. I don't look at it as a return on investment, I see it as security. A bit like saying if I bought a new car and they said, "I can save you $500 if you say no to the airbags." For 99.9% of the time, you'd be saving $500, until one day it costs you lots of money and maybe your life. I see it the same way.

It's not an optional extra, it is an overhead that you have to pay if you want to secure an important asset. You've got to weigh up how important that asset is against how well you want to secure it, and that's where you say, "Well, it's going to cost you the price of a Kerio license, the price of a VNC license, sort of remote management. And that's what it costs to manage and secure properly those services." I'd say we've achieved that. It's hard to really put a return on investment with security.

I think it is a bit on the pricey side, but it's okay. I've got 50 licenses which I think is $250 a year or something like that. It's not terrible. It's actually cheaper than what we pay for VNC. We probably could save money thereby utilizing the Kerio VPN and not VNC. For a firewall proxy solution, it's probably a bit on the higher side price-wise.

We have to provide our own Hyper-V host to spin it up or buy the Kerio hardware, but otherwise, there are no other costs.

I'm experienced in networking, but I'm not a network engineer per se, I'm more software development. The fact that I was able to get it set up and going with minimal fuss was definitely a plus for the product. I've seen products before where you can get them running, you make the slightest configuration change, and the whole thing comes crashing down. It's quite a stable product in that respect and it does look after itself quite well. For example, risk proxying solution and buying a GoDaddy certificate to secure a couple of APIs was a piece of cake. It really didn't hurt us at all. I think the important lesson there is, if we had tried to do the same thing with a NETGEAR sort of a firewall with a built-in firewall product, I think we would have had a hard time. Kerio definitely has made it easier.

I'd say give it a look for sure. I'd totally recommend it.

I would rate Kerio Control a seven out of ten. If I didn't have to reboot it so often, then it would probably score a nine.

It's not a cheap product and it's not a particularly reliable product at the same time which tends not to be a good mix. Something like this should be able to cope with my entire household, every device I throw at it, and it should be able to cope with that fine. It clearly didn't two years ago. We'll try it again in about 24 hours and we have to hook up this high-speed connection to it and we'll see how well it performs there. Reliability is about the only qualm I have with the product.