KerioControl Reviews

Our main customer base is superyachts, and they have the Kerio for traffic rules and bandwidth management of the various networks on board. They can optimize traffic for crew versus owners and guests, the VIPs that might be on board. They also use it for bandwidth sharing. They usually have a mixture of the VSAT satellite internet and 4G internet access. Sometimes they have WiFi, for example if they connect to a WiFi hotspot in a marina, as well as shoreline or fixed DSL. They use it to manipulate the internet traffic, so they can say the crew uses the slower VSAT and the guest gets the fast 4G or shoreline.

They also use it to see what's going on. If the boss complains that the internet's slow, they can quickly see if someone is downloading a load of updates or streaming Netflix and they can block them. They just want to have control, as the product name suggests, over the internet traffic.

In-house, we use the NG300, but because we are a partner, we use various hardware platforms. At the moment it's nearly all the NG series, the 100, 200, and 500. The most common that we use is the NG500. I'm interested in using the next-generation, which is due out in the next couple of months, but I've also used the virtual Kerio platform on a VMware hypervisor.

There's a virtual appliance, but also software installed on a Windows PC. We build our own virtual "guest" on a host, we've done a couple of those, and then attached it to a switch with VLANs, so we've covered all platforms.

We have these Kerios on anything from a 30-meter Sunseeker, with five or six crew members, four guest cabins, and a couple of master cabins, or a master and a VIP. They might have 20 guests so there would be a total of about 30 users and some 50 devices for those users. There is also all the AV equipment. And we've gone right up to a 120-meter superyacht, with 50 to 100 crew and space for about 200 guests. We've also got a couple of ski chalets, and a private island in Ibiza. A few hundred users is its top end, but as far as network-connected endpoints go, it could be in the few thousands of devices.

The way it improves the way our company functions is through the VPN, because we offer support services. Normally, we would have to rely on TeamViewer to a computer on board, or to get on the phone and tell somebody to take pictures or press buttons, where we can't see what's going on. 

In the last year or two, after setting up the VPN, any of our guys can log straight in to the system and they are effectively on board. That is a big help because our customers are all over the world. They could be in Ibiza one day, but then they're heading to the South of France and then they're going off to Greece or crossing the Atlantic. Sometimes it's difficult to send somebody out to them quickly. They might not want to pay for somebody to come out. It could be two or three days of round-trip travel for a half-hour job. The VPN makes it more efficient. We can jump in and see what's going on. We can mimic our engineer's being on board the vessel via the VPN. That's the biggest benefit. And it's instant. Someone rings me up and I've got a single VPN connection and I can get to their networks.

The most common feature is the Traffic Rules, so the users can define which network or which users access which internet interface. But bandwidth management and content filtering are also commonly used.

With the Traffic Rules we define all the different sources, such as various user groups or network interfaces for the crew. And we show them that if they want the guests to access 4G internet, this is how they do it. They're defining who gets what, in the Traffic Rules. 

If they've only got a single connection, and everyone's sharing it, then they would jump into bandwidth management and prioritize the boss, but also allow the crew a little bit of internet, just to get by, for WhatsApp messages and emails. 

Content filtering is to stop malicious content. They don't want people accessing the various categories in the filter. The default is usually pretty good for them, things like BitTorrent, downloads, and sharing, but also the more "adult" parts of the internet.

It gives our customers pretty much everything they need in one product, in terms of security features. It's a firewall, but generally for what they want, it works.

What our customers like about it is that it has a nice interface. It's been around in the yacht sector for a long time. I was introduced to Kerio by the yacht customers. They were saying they want this firewall and I hadn't really heard of it. They're usually comfortable with it because it's a familiar interface.

By default, the firewall stops everything coming in but allows everything going out. For everything we've needed, it's done the job. If we've needed to open something up or block something we've managed to do it.

We also use the VPN quite a lot. We have an NG500 in our data center and we actually create a VPN tunnel between and our data center and each of our current customers who have a Kerio. Technically, it's one-way because they don't talk to each other via VPN. All the customers are separate, but as a support company, we can VPN from our laptops to our data center and from there we can access all our customers' networks. That is handy for us because we can log on to their IT switches or their AV equipment to offer support. We also use it for delivering email for some customers, whereby because they don't always have a guaranteed fixed IP address, we give them one, in a sense. We have a pool of IPs in our data center. All the mail hits their assigned IP address and is sent over the VPN to their email servers on board.

We also have some third-party subcontractors and we can give them access to specific customers. We can give them an account on our firewall and through our own traffic rules we can allow them or deny them access to specific customers and specific parts of that customer's network. Because they're hitting the central point, we don't necessarily want them to access all our customers. The customers themselves don't often have a big, remote-work environment because the crew is either on board or off. But we have seen a small increase in customers wanting to use VPN to access files on board, and during the COVID outbreak some of the ETOs (electronic technical officers) and the technical guys have not actually been able to get to the yacht, physically. So we've set them up with VPN so they can actually continue to do certain work. When we first started using Kerio we never really used VPN. Now, pretty much every Kerio we supply gets on the VPN.

The ease of use of Kerio is very good. Everything's there, once you know where to go or how to find things. One thing we use quite a lot, as well, is the DHCP Server, because we do a lot of work where all our devices need to have static IP addresses. Rather than going around and configuring every box, we do it all through DHCP reservations. It's easier. We've got a record of it. We can manipulate it if we need to change something or change some hardware. It's all easy. Even guys who are not used to using it can pick it up quite quickly.

The learning curve is pretty quick. It helps if someone has a general IT understanding of networking, for certain aspects. What we don't always have on a customer's site is somebody who is familiar with all aspects of the Kerio, such as interfaces, VLANs, and IP subnetting. They don't always understand DHCP, what it is and how it works. They pick it up pretty quickly, but it usually helps if someone has at least some knowledge of IT and networking. Normally, though, we find it's quite a decent balance because they will do what they want to do after a little bit of training. Anything else they'll leave to us or they'll ask us the question, and then we can either do it or go and figure it out and then come back and do it.

Sometimes it might not be detailed enough, or it might have more details but the customers just don't know where to look. The issue is usually when it comes to specific packets. Sometimes they find it slightly difficult to see exactly what's going on.

For example, we had a customer who was using the content filter. They tried to block Facebook using the web filter categories, and in combination with that they wanted to always require that a user was authenticated before accessing web pages. What would happen was that even though they had the content filter enabled to block social networking — Facebook may even be a category — it still allowed them to get in through mobile apps. If they went to the website, it would prompt them for login and then it would deny it, but they would get into the app and they weren't even logged in. That might have been an HTTPS issue and the way that the app was talking, rather than an actual website or what page. We always managed to find a way around. They'll come to us with a question and then we'll figure it out and usually they're happy enough with that.

There's also room for improvement in the Traffic Rules. We define networks to use a specific outgoing interface, say VSAT, shore, or marine WiFi, which is okay. But then all we have is a checkbox that says "Use other internet interfaces if this one is unavailable." What we would prefer would be to have a priority list. So if VSAT is unavailable, try to use 4G, etc. We haven't really found a reliable way of doing that in the current release.

Finally, the customers sometimes want to use the VPN link for outbound traffic. But at the moment, it appears that there is an all-or-nothing solution, so either everything uses the VPN and breaks out at the remote site or nothing does. The simple example is for the email system we've put in. We can direct traffic in over the VPN, but we'd also like to send that same email traffic out of their server over the VPN to break out on a specific IP address in our data center. We would like to see a little bit of functionality in prioritizing of internet interfaces.

I have been using Kerio Control for about 10 years. 

The stability is good. 

There have only been a couple of occasions where we've had high RAM usage of the Kerio, where it may be a more complex network. What we found is that over the course of a week or 10 days, the RAM utilization would slowly increase to a point where it would be 100 percent usage and then you couldn't do anything with the box. You would have to physically power it off. 

We do have cases open for Kerio with GFI and they're looking into it. Apparently there is going to be quite a big software update coming soon, which will change the backend workings. That's hopefully going to make a big difference, but the problem has only happened in one or two cases. Other than that, it's generally pretty solid.

If you've got a hardware appliance, then you are generally limited to its own specifications, in terms of throughput and power. That's what you've got. If you start hitting that, then it's time for a new box, or you need to look for something else.

On the NG500 you can increase the RAM slightly and you can also increase the storage space.

But there is no way of changing processing power. So you have to specify the right box. You can increase physical network interfaces if you want to. You attach a switch to it and scale it that way if you need more physical interfaces. We haven't needed to do that. Or if you wanted to have fibre connections; you would have to attach it to something else. 

It would be nice to see SFP slots in new hardware, which I think is coming in one of the models. 

Overall, you'll hit a point with the box where you can't really scale any higher. But if you've got a virtual appliance, if you want to give it more processing power you can. If you want to give it loads of memory or storage, I would find it quite easy to really scale it up in terms of hardware resources.

Technical support is pretty good. They're quick to respond. You get an answer straight away, although it might not be the final answer. 

I have learned a few things from contacting support, things that I probably wouldn't have ever found out just researching online or playing with it myself. 

At the moment, the particular questions we have are a bit more complicated than just, "How do I configure this traffic rule to do this job?" We've got a problem with RAM being utilized and we don't know why, and I had to send them system logs. I've had to do full system resets, complete erase and recovery. It's a bit tricky. It's more development-type work rather than user support. I think they're holding back from really getting involved with that because they are developing the new system. At the moment, our workaround is just to reboot the box every two weeks, which is inconvenient, but if they're going to solve this, then we just have to wait.

The setup is straight out-of-the-box. Take it out of the box, run through the wizard, configure it with the settings that you should already know, and then it works and you get in online. That's the basic setup, because the Traffic Rules, by default, allow everything out and stop everything coming in. That's enough to just get online.

You then go to start defining your networks and your traffic rules. Putting multiple VLANs in there is easy. Even as it gets to be a more complex configuration, it's easy to do.

Sometimes it's time-consuming if it's a large configuration, but that's just what it is. It takes time to click boxes if it's a large network with lots of different scenarios, and to type in all the IP addresses.

But it's easy out-of-the-box for a basic configuration and still fairly easy if you've got that knowledge of the Kerio and networking. Just a little time-consuming. If there were some kind of import or bulk add, that would be nice, but that's on a wish list. It's really not that necessary.

If a customer just wants something out-of-the-box, we plug it in, make it work, and it probably takes a couple of hours, at the most. If it's a bit more complex, it might take a day. It might take longer if you don't know what you're doing.

I've always told customers that there is no fixed configuration. This thing will work and do what you want it to do. As time progresses, it evolves with the changing requirements. So we can give them a solution. They can give us some key config points telling us "Okay, we want this many networks and we want these users, and these particular rules," etc. We configure all that  in a day and test it the next day. After that, it's ongoing. They might decide, "Oh, we actually want to change the bandwidth allocation," or "We've got a new internet interface," or we want to block Facebook at a specific time. It's ongoing.

We have definitely seen return on investment with Kerio Control because it would take us a lot longer to fix something in a lot of support calls we get. We might be stuck on the phone for four hours just to try and talk someone through something that we could fix in 20 minutes, because they're not looking in the right place or they don't see something that is relevant. Whereas, we've been able to use the VPN through Kerio, so we can sometimes fix a problem before they've even finished describing it. It has definitely helped us a lot.

Kerio's VPN has easily saved us 50 percent, maybe more, in terms of time spent on support. We're connected in seconds. We can see things quickly. We can be connected to five different customers at once through a single connection.

Pricing depends on the requirements. The more powerful boxes, like the NG500, are more expensive on licensing terms, depending on how you license them. At the moment, the NG500 doesn't have an unlimited user option. I believe they took it away, although I might be wrong. 

Figure out how many users you're going to need because there's no point in configuring or licensing it for 200 users "just in case," when you might only need 50. It's obviously going to cost you four times as much. 

There is an option to have GFI Unlimited, which is their all-in-one licensing model, which includes Kerio Control. It works for hardware boxes as well the software virtual appliances. Depending on the number of users, it might be more beneficial to go for GFI Unlimited. It can work out cheaper.

The other real experience I've had is with Cisco ASA, Palo Alto, and WatchGuard. 

The Cisco was more complicated and people didn't really like it because it was a more complicated interface or it seemed more complicated for them.

The WatchGuard and, from what I saw, the Palo Alto are good firewalls; some would say better as firewalls than Kerio. But they don't have all the other features and they didn't seem as easy. They may have more specific options you could set in the actual firewall rules; you could drill it down a bit further. But my experience has been pretty limited, so it might have just been that they looked like they did more, but in fact they just looked more complicated and only gave the impression they would do more. But these devices didn't have all the features of Kerio like the users, the groups, domain logins, bandwidth management, and content filters. They were just firewalls.

Generally, our customers are all small to medium, if you were to compare them with a typical business. They're not "enterprise" technically, even though they do run a lot of enterprise hardware, like full Cisco networks, etc. They just don't really have the same configuration. They've got the budget, but they just don't always want to spend it. I think Kerio could work in an enterprise. A lot of the time, it depends on who is running the security and what they prefer and what is approved by any governing bodies.

Kerio seems to have a reputation, for some people, not to be a true firewall. It's just a feeling that people get, but that's biased towards what they prefer to work with.

On the same price point, you can't compare them. If you're looking at a Kerio box that might be £3,000 a box plus a year's license every year, versus our £100,000 security system, you can't really compare them. But for devices and hardware/software in the same price range, I wouldn't knock it back for something else.

Regardless of whether you get a box or virtual, the interface is nearly always the same. There are very few changes between versions. Research what you think you're going to need. Don't just buy the biggest box or the most expensive box because you think it's going to be better.

The biggest lesson I have learned from using this solution is that you don't always have to be onsite to fix something.

The malware and antivirus features are pretty good. We generally have other malware and antivirus protection as well. A lot of the time, things come in via email so we do have services from Symantec, which filters that out beforehand. Very occasionally I have seen a false positive, where it's blocking something that's actually allowed, but then I can usually figure it out and just allow it. When I've seen something has been blocked or someone has reported they're trying to do something and they can't access or download a file, I can quickly see in the logs that something has been blocked because of the antivirus detection. And I've managed to go from there, allow the file.

One feature we haven't used yet is the solution's high availability failover protection. It's something that I've not even tested myself. I was interested in it when it was first announced, but I was reading about it and a few people said that some of the early implementations were a little bit buggy. I have a feeling it's gotten better now. But I've not used it and no one has asked for it either.

Our client base is private yachts and on private yachts, we have different LAN connections, as well as different VLANs. Kerio Control allows us to maximize and control the different LAN connections, both from a performance and a financial standpoint.

The single largest component was the introduction of MyKerio and the ability to be able to remotely connect the challenge that we have with MyKerio. By yacht, I'm referring to the 1% of the 1% of the people that are out there with $50 million to $60 million yachts. They have satellite systems on board so one of the challenges that we have with MyKerio is the sensitivity to latency. What that means is that if you're on a landline like a DSL or a cellular connection, your ping time may be 20 milliseconds, but with satellite, because of the distances involved, those ping times could be 700 to even 1,100 milliseconds. This is a challenge that we have because just about any application or hardware device that is out in the market is not really designed to take that into account.

In this particular case, if we have a boat that is traveling from South Florida down to the Caribbean and the entire boat is on satellite and we need to be able to log into MyKerio for the boat, it's not optimized or set up for satellite communication. It sometimes becomes problematic in trying to connect to the vessel. Where if the entire boat, like on 4G or landline, then it's no big deal because MyKerio is optimized for that. 

That would be an area for improvement, but the benefit of it is that we can handle issues remotely. The other benefit is through a minimal amount of instruction to the boat, they can complete what I would refer to as basic tasks.

For example, if a boat is down in the Bahamas and the owner is on board, we typically have these in cellular and a landline connection and then on top of that, we'll have an owner, the crew, and guests. So in this particular case, we would want the owner on the fastest 4G connection. Then we would want to put the crew on the satellite connection, which may not be as fast. So it's just about optimizing the experience for the owner and being able to control the bandwidth.

The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.

It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.

I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.

I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.

Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.

In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes. 

From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.

It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.

It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment

I have been using Kerio Control for four years. 

It is deployed in our office, as well as at our customer sites. Our customer sites are private superyachts.

The only stability issue that we have is with regard to the latency and using MyKerio. A potential deficiency I've encountered has had to do with the actual physical ethernet ports on the device. They seem to be very susceptive to shock. We have had to replace a few units due to that. Especially if there are devices that are POE devices. Part of it has a POE that goes out to the antenna and then there's an ethernet connection that goes back to the Kerio. We've noticed that for whatever reason, that particular device or combination don't play well together.

The way it works now, we can take an NG300 with four ports, and then we can create ports on additional switches. So the only instance that we really use an NG500 is for two reasons. One of them is processing power, and then the other one is if they actually have the requirement for different or more connections than the Kerio has.

Three people in the company, more from a customer interface perspective, and about six people in the company from a technical support perspective use Kerio Control.

We have it deployed somewhere in the neighborhood of 60 to 75 remotes. We will increase usage if we can increase customers. 

I would say that we're a medium-sized business. We're certainly an established entity within the superyacht communications industry. Besides our office here in Florida, we have offices in France as well, and we're headquartered in Majorca, the point being is that we cover all of the Mediterranean, the US, as well as The Bahamas and Caribbean. So it has not been unheard of based upon an issue to helicopter somebody out to a boat kind of thing.

I have not used the technical support. My experience initially with Kerio was dealing directly with Kerio and then at a certain point, they offloaded their distribution to a company called Lifeboat and GFI, and that has been a bit difficult. In my opinion, it's made things a bit harder.

If I need to get an answer to a question, I have to go through Lifeboat or GFI, and then ultimately they in turn have to get with Kerio. So it's created a middleman process. The case in point is that we have an order and the order just kind of kept going and there were no updates, there was no tracking, there was no nothing. I would go to Lifeboat and Lifeboat would say, "Well, we're trying to get a hold of Kerio and there was just a breakdown in communication."

Kerio Control is something that's being added to most of the network of the boats that we deal with. We deal with a lot of boats that look fantastic on the outside, but on the inside as far as the nuts and bolts go, they are not well maintained or they have really old equipment. That's one of the things that we always deal with. One of the things I always talk to captains about when I go on a boat is I ask them, "What are the chances that the owner's going to come on board with a 10-year-old computer and a 10-year-old phone?" And he answers, "Zip to zilch." So I say "Well, your network's 10 years old." It's going to work based on what you have in the technology of anywhere from even five years ago compared to today. It's not just a matter of throwing a Kerio in and saying, "Everything's going to be fine." Typically, it's a component of a network upgrade to include switches and access points.

The initial setup is straightforward for us now because we've done it for so long. The other side of it is that there haven't been a lot of changes per se. There have been tweaks. The consistency of the platform has pretty much stayed the same. So while they have optimized certain components of it, it's kind of like Microsoft Word. You could go back to a version of Microsoft Word 10 years ago and know exactly how to use it because everything's going to be in the same place. It's just an evolution of the platform.

It takes around an hour and a half to license and configure.

We have a uniform deployment process and then that's followed by adjustments based on the client's specific requirements. They may have more LAN connections than somebody else, or they may have less of a need for additional VLANs. It's on a case by case basis. But I would say 95% of everything that we do is standardized.

I'm not the one that actually implements it. Full disclosure, I order the device, I get the device, I license the device, I update the device and then at that point in time, I have one of the engineers come remotely into the unit and then they do the final configuration.

On the licensing side, the way Kerio works, and this is what we have to tell boats, is that if you think that you're going to save some money one year by not licensing it and then next year, you're going to license it, you're going to end up paying for that back year. You're better off just keeping it up to date.

Boats are really like life. People want to spend money on things that are sexy, and software licensing isn't sexy. So that's one of the things that we have to go back and let them know that it's going to work as far as the basic functions go, but the features are not going to work and their security will be vulnerable.

There are no costs in addition to the standard licensing. 

Evaluating other solutions would be the responsibility of the CIO because everything that we do has to be agreed-upon on a standardized platform as we are the ones that are going to have to support it. We let any customers that we deal with that are possibly dealing with other brands know where our demarcation point of responsibility is because it's very much so once you touch it, you own it. If you go onto a boat and you touch one thing, you'll be getting a call for the next three weeks about it. It's an industry that you have to be very specific about what it is that you're doing and what it is that you're providing and supporting.

We have been made aware of boats that have had security breaches, but we were not engaged to support their network at that time. We may have just been only the satellite solution provider. It wasn't specifically Kerio Control, but the situation necessitated them to reevaluate their network and invest in their network rather than just have it as a passive source.

We don't necessarily use failover protection. If you have a failover seamlessly set, the boat or the customer won't know that there's been a failure. We don't use the failover because we want the boat to understand if there's an issue with one of their LAN connections.

For example, if you have a cellular and a satellite connection, and you have both of them set to failover to one or the other, if the satellite connection fails over to the cellular connection, nobody on the boat is going to know that it's failed over. Without the failover, they can identify that there's a problem and then that can be addressed. But if it fails over, nobody is going to be aware that there was an issue and then there's nobody working on solving or trying to figure out what that issue is.

My advice would be to have a plan. Have a plan in place and make sure that you document everything that you do. Certainly, if you're talking about multiple deployments, you don't want to run into a situation, for instance, where you have three different IT people and each one of them is doing a different type of configuration. You want to have a policy in place for a standardized configuration. From a support perspective, as well as a usability perspective, make sure those are being addressed.

I would rate it about a seven out of ten. The only reason why I would give it that rating is because MyKerio can be a complicated tool if you don't know how to use it. 

I was at the Monaco Yacht Show and I got a phone call from an engineer on a boat. They were very angry with the service speed of their satellite. We have customers that pay anywhere from $2,500 to $40,000 a month for satellite service. In this particular case, they actually had to send a tender in. They had to take me out to the yacht and I got out to the yacht and I figured out exactly what happened.

As I was getting off the yacht, they were explaining to me how one of the crew members had worked with Kerio in the past. When I got onto the boat, somebody had set a QoS monitor to limit the crew network for the satellite connection to only 5% of the allotted bandwidth, but it wasn't just the crew, it was the entire vessel. So the entire vessel was limited through Kerio to 5% of the speed of their satellite. That problem or that issue did not arise as a Kerio issue. They said, "This is a satellite issue. We're having a problem with our satellite." So that's an example of, if somebody doesn't know what they're doing, they can have a pretty detrimental effect on the network.

The thing about Kerio is that there's not going to be a dummies book for how to use a Kerio Control. It's really designed to be operated and certainly configured by somebody who is in the IT industry. From the perspective of users, if you're the administrator, you can log into this and you have full access to everything. Whereas if you're "just the user," we're going to hide all of this other stuff from you and the only thing that you're going to be able to do is say that the owner network can use the satellite connection and the crew network can use the connection. 

I would like to see a very limited or dumbed down version for the average user. You could literally just do a couple of checkboxes and throttle everything on the entire network and nobody would necessarily be the wiser.

I currently use the solution for on-network management. 

We are using the product in our factory and in our main office. We use the channel to connect the network, and also, we are using it for user access control, as a router, actually. That's it.

All of the features are great. I can't point out one of them. It's very easy to use

There is not a special technical feature. However, the graphical interface and the UI (the user interface) are great. We've had a good user experience when compared to others.

The product is affordable.

It's stable.

The setup is easy.

I don't have any idea how to make the solution better at this point. 

We'd like to have more integrations Kerio Operator.

I've been using the solution for six or seven years. 

The solution is stable and reliable. There are no bugs or glitches.

However, we changed something, and we've had some problems with performance. We are in the process of debugging the issue. For the most part, it is reliable. 

The solution has been scalable and easy to extend. 

I've never contacted technical support in the past. 

The initial setup is very easy. 

We deployed it six or seven years ago, so I cannot recall the exact steps or how long it took, however, the deployment wasn't hard. 

We changed office recently, and we will need to set it up again. 

The pricing of the solution is reasonable. 

We are a customer. I don't recall the exact version number I am using. 

We decided to use this solution based on the features which we needed at the time. 

I highly recommend the solution to others. We've had a good experience. It's very easy to use.

I'd rate the solution ten out of ten.

There were some issues with our main firewall and it went down. In a short time, I deployed KerioControl and save our business.

The most valuable features of KerioControl are ease of configuration, user-friendliness, and comfortable to use. It is an all-in-one solution, it comes with many features, such as a firewall, antivirus software, and network protection.

The GUI should be changed because it remains the same consistency across versions. However, those who have been using KerioControl for a long time may be accustomed to the current interface. Installing a new version in the same location makes it easy to find, but overall, there are no notable changes between versions.

I have been using KerioControl for approximately five years.

KerioControl is stable because it is a Lunux-based system. However, it depends on the cores because they do not change the base core of Linux systems.

The scalability of KerioControl is good and it is easy to do.

I have worked at many companies, and the most users that have been using KerioControl has been 500.

If our company grows and the popularity of KerioControl increases we will increase our usage of the solution.

I have not had the need to use the support from KerioControl because I have found all the answers to my questions online.

I previously used Cisco Firepower and Netgear.

The initial setup of KerioControl is straightforward.

The implementation of the solution was done in-house.

We have received a return on investment.

I compared KerioControl with other companies based on price, functionality, features, and ease of use, ultimately choosing KerioControl as the best option.

The KerioControl is a good solution. It can be deployed on old servers and it works well with no issues.

I use Kerio Control as a firewall or IPS.

Kerio Control has helped my organization by hiding my private IP address behind the firewall and we use the proxy destination instead of my website.

I have found the most valuable features of Kerio Control to be the IPS and firewall.

Kerio Control could improve content filtering.

In the next release, it would be beneficial to have a new signature to the IPS technology. Additionally, some of the features are not able to be modified or configured, there needs to be more flexibility. 

I have been using Kerio Control for approximately four years.

The solution is stable.

I have found Kerio Control to be able to scale horizontally and vertically.

We have approximately 40 users using this solution. Many of them are administrators.

I do not use the technical support from Kerio Control. When I have an issue I find the solution by searching the internet.

The initial setup was simple, it was standard. It only takes a few minutes.

We have approximately two people that do the implementation and maintenance of the solution.

I pay approximately $50 for the solution on an annual basis.

I rate Kerio Control an eight out of ten.

We use it for bandwidth management, filtering, routing, and intrusion detection and prevention. It is our main edge firewall.

I am working with the latest version. 

I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated.

The user login can be improved because we use the captive portal where users have to register before they access the internet server. That has been a huge challenge. They can improve the user login part and make it more user-friendly. It looks user-friendly, but it doesn't work as it is expected to work. They can also improve the reporting feature.

They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper. 

Its inability to provide content filtering for search results was a high-impact issue. We've been talking to them about this issue. It was a very sensitive issue for us because we had kids in year four who were exposed to images that they were not supposed to see. Because of Kerio Control, we failed to protect kids from such content, and we expected them to respond to it with the urgency it required, but their support was pathetic. The ticket was escalated, but we had to send them a couple of emails to let them know how serious the case was, and then we had a live call with their support team.

We have had issues with its performance and stability. They can do better. We've had situations where we had a terrible performance on the network, and when you restart it, everything goes back to normal.

I have been using this solution for six or seven years.

Its performance is average, and it isn't that stable. I would give it a 50 out of 100. 

It is easy to scale. We have about 600 users.

We've been talking to them about the content filtering issue. The ticket was escalated, but we had to wait for two days for it to be answered. We sent them a couple of emails to let them know how serious the case was, and then we had a live call with their support team. We found their support to be pathetic, and we really expected them to take it seriously.

It is straightforward. It is easy to configure.

We do it internally. On the maintenance part, it requires patching, seeing if we want to block anything from our network, and adding more rules.

Its price is fair. There are no additional costs.

We are evaluating Juniper. In terms of monitoring, the response from Juniper was good. We requested a demo, and we got more than a demo. They went above and beyond to get a specialist in security who sat with the team. He presented not just what the product can do; he also presented what is involved in security. Their support seems good. From what they demonstrated, its monitoring, reporting, and intrusion detection features look pretty good.

It is a good firewall. It does what it is required to do, but it needs improvements. Their support and reporting could improve, and they can also do some work on the user login part.

For a campus, you can't depend on Kerio Control to provide everything. You need to look at some of the other tools if you're dealing with students, but for all other organizations, it is perfect as it is.

I would rate it a seven out of 10. 

It is mainly for user control, e.g., who is downloading the most.

We are using the latest version.

It helped a lot with the bandwidth because a lot of our clients complained that the Internet was really slow, then we found it's a Windows update or some guy inside the company using YouTube. With Kerio Control, we found out what was going on, blocked it, or pushed it down.

It helps the IT manager monitor their staff. As for the servers, it gives protection from the outside. Their intrusion protection works extremely well, so you can see if there are issues from outside in the log files. The whole system is just easy to read.

Right before the lockdown, we got requests for home connections like crazy from customers. We put all of them onto Kerio VPN, which is much easier for them. They log onto Kerio VPN and can see their local drives and servers, then they can work.

The VPN is a useful feature.

When you go under status to, "active host", you see what all your users are doing. We found that this is the most useful feature.

The security features are quite easy to use. It gives us everything we need in one product.

The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked.

The antivirus is good. Since they changed over to a new provider (GFI), we haven't had issues with it.

A little bit more info when we search on the client under active hosts. We would like to see a column to say what is going on: Is it encrypted? Is it HTTP or HTTPS? Is it connected to a gaming services?

I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN.

Since 2006.

The stability is good.

The VPN features are awesome. The only issue that we had is when they changed versions. They removed a security feature and blocked out all the old VPN connections. As a service provider, we had to do an update for a lot of clients' VPNs after their update came out, which created more work for us.

The scalability is awesome.

For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.

We have five to six support technicians who work with Kerio Control.

I have never used their technical support.

The initial setup is straightforward. It is easy to install. You just put in a memory stick and boot it up. Or, you just start up the device and follow the on-screen prompts. The deployment takes five minutes.

We do use the online services Kerio provides for our implementation strategy.

Our clients see ROI with Kerio Control, as they are saving bandwidth costs.

Kerio Control has saved time for the members of our team who manage security. It can save us two hours to a day, because if we use Mikrotik or something else, we have to sniff through the logs. With Kerio Control, we just log on and can see immediately what is wrong.

We tried FortiGate and Mikrotik, but they don't do what we want. Licensing is easier with Kerio Control. Also, troubleshooting and implementation on a network is much easier. You don't need to call support all the time. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on.

It tells you what your users are doing or what is happening on your network. It goes into detail and you don't find that on FortiGate.

The way that we sell Kerio is we show our customers what they can do with it. They don't really care much about licensing after they see that you can view each person one by one to see what they're doing. 

I would give the product a 10 out of 10. I have been using this solution for an extremely long time. It is very helpful. With clients that don't have Kerio and have issues with their network, then we'll install a demo version of Kerio, fix the errors and problems, showing them what Kerio does. After, we'll take it out and put them back onto their normal router. It will take about a week or two weeks later, then they will phone us and say, "Please send us a quote for Kerio."

We use the Kerio Control as the firewall, and we manage all the load balancing for it, as well as DHCP, bandwidth control, failover, and basic reports.

It has saved time for the members of our team who manage security, because everything can be done from the Kerio. If a problem arises or something needs changing, we can just put it into the same rule that we already have or make a new rule, a duplicated rule, which is quite easy  to do.

The most valuable features are the 

• firewall
• load balancing 
• bandwidth control
• routing.

We need these functions. We need to do what we do and then the Kerio is quite intuitive in terms of getting everything set up and managing it after. It has quite a nice UI which is fairly straightforward.

The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.

In addition, content filtering is good. We use that a lot. In terms of the content filtering we use all the basic ones that it already comes with, like phishing sites and peer-to-peer. We only use the VPN a little bit, for admin purposes, to go in and administer the other equipment onsite, like the switches.

The comprehensiveness of the security features Kerio Control provides seems good. And it seems to just work. I don't really get down into the detail of it too much, but I'm happy with what it picks up. We haven't really had any problems.

It is easy to use. We've never really used the wizards that are provided. We had a guy come in and set it all up for us in the first instance and then we built upon it by just using what he already did as a template, to do other things. But it's pretty straightforward.

We also use the failover. We have two internet lines going into it, and it works. We have a loss of connection at the minute because of a problem with BT, our ISP, so it has gone over to another line. It keeps our security going, which is good.

We have been implementing solutions with Kerio Control for our clients since about 2016.

The stability is very good. I don't think it's ever failed. 

We had one time where there was an update, a couple of years ago, and it changed a setting for the failover and load balancing. As a result, we almost needed to roll back to a different version. We ended up finding the right setting. But that was the only thing that's happened really. Apart from that, they update fine.

For the sorts of things we do, we'd only ever really need one Kerio in any one location. Scalability is beyond the Kerio, for what we do.

We have about 150 users of the solution.

We don't have plans to increase usage. It's been the same for about four years now and I think it will stay the same for at least another one or two. In the place where it's installed it's being used very extensively. It's the endpoint for the whole network so everything in the company ends up going through it.

I've never used their technical support.

We did not have a previous solution.

We hired a guy to do the initial set up for us. I think he was a Kerio reseller and we used him for consultancy before it started and then he actually did the work on the Kerio as well, and the network in general.

Our experience with him was excellent. We've used him a couple of times since. He's brilliant. His knowledge of everything is incredible. We tried to do it all ourselves at first, but he came in and knew exactly what the problems were. Something that had taken us about four days, he did in five minutes. He's just incredibly knowledgeable about everything to do with networks: Cisco, Kerio, everything.

I've set up another one since, for the same company. I just copied the configuration file of the one and put it straight onto the other. They're in separate buildings, but they wanted them exactly the same so it was really easy.

That deployment took an hour, but it was because we already had one set up.

As for deployment and maintenance of these solutions we generally need just one person: me.

The return on investment is the fact that the network keeps going. In that respect the ROI is good. But the licensing fee seems to be getting too expensive. I wouldn't say it's a waste of money, because it's required, but it would make us look at the possibility of using another solution in the future, if it keeps going up at the rate it is.

It's too expensive. The license, in the last year or so, has gone up by over £100. We're almost being out-priced by the annual license at the minute. If we do need to change, it will be because of the annual license fee, and we will have to get a different solution.

Ubiquiti is cloud-hosted. We use a lot of those as well. If that was around at the time, in the same way it is now, we probably would have used that to start with.

A solution like Kerio Control is a nice-to-have for a medium size business. It just works. It does what it is meant to do. The hardware itself isn't too expensive, it's just the licensing fee that has gone up and up every year.

I would recommend it. My advice would be to get a professional for the implementation.

Overall, I would rate the solution at seven out of 10, because of the licensing, and there are other things on the market now that are probably as good.

We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

On average, deployment of Kerio Control takes us maybe 30 minutes.

The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

Kerio Control is the primary firewall for our corporate network to the outside world. We use an IP transit that connects to an IP transit, so all the internet traffic in and out of the corporate network goes through the Kerio Control firewall. We use Kerio Control VPN Clients for our remote workers to dial into that corporate network with two-factor authentication.

We service all areas of Queensland in Australia and we've got clients from Thursday Island down to the border. We have regional sales guys, agents, and technicians throughout the state that require access to the corporate network for various reasons and that's how they get in. They require access for our call logging system and all that sort of stuff. It's the primary gateway for that. Apart from that, we also run Kerio devices in the field to do point to point VPNs.

We've had very few problems with the VPN features. Once we've set it up, it's pretty functionally user-friendly in terms of the firewall functions that we need to open and close ports on. Our users don't have a lot of problems with it. We've had to reboot it occasionally, but nothing extraordinary. Just standard maintenance rebates. Other than that, it just does the job.

We about 60 users that have access. Concurrently, there's probably only 10 concurrent users at only one time. Because of COVID, there's a lot more remote work going on. It would have been busier over that time, but I haven't actually looked at the stats since then. I know that it worked well and we didn't have any issues. Which is a nice thing not to have to worry about when there's a lot of other things on your plate.

There are only two of us that would really get in there and reconfigure the firewall. Most of the time we'll run that past TechPath anyway, just to make sure that we're not going to punch a hole. We don't intend to. In terms of checking problems, checking logs, in terms of people management as well, seeing who's been logged in, who hasn't, it's very easy to get online and get onto the device and do from anywhere. It's very easy and flexible to use.

Prior to Kerio, we couldn't uncover that data. Prior to Kerio, we were using a hardware device but it didn't have remote access or any of those features. It was something we had to do on-site and it wasn't very user-friendly. It wasn't something that management could do if they wanted to and yet this one's pretty easy if they had access.

The main example of how Kerio has improved my organization would be through the COVID shutdown in terms of just being able to scale. It scales very easily to users that weren't normally remote workers. The fact that it scales well at very little trouble to scale with the amount of users on there, and then to have no issues over that period with increased usage, it did the job. The less I know about it, the better it's doing.

It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good.

We turned on two-factor authentication just after the shutdown when we knew we were going to get more users using it. That was the only feature that I've used recently that was different and it worked fine. You only have to authenticate once every 30 days, once you've fully authenticated. It was easy. Technically, it's not a full implementation. It's two-factor on every login, but it's certainly more secure than it was.

In terms of the comprehensiveness of the security features, I know that we haven't had any breaches before. We've had security issues before but it hasn't been with the data center implementation. We have a technology partner that we use to consult for configuration and Kerio was their number one recommendation at the time. We've never had an issue since implementing that. While it works, it's not an issue for me. Best to our knowledge, we haven't had any data breaches.

We do a lot of audits in terms of data security. I don't know if that's ever been an issue here because a lot of our production stuff is actually walled off from our corporate network so it's of lesser risk factor. We were regulatory. We're a licensed regulatory body as well. We monitor gaming machines throughout the state. A lot of our security and the production network is a lot higher than our corporate. Not that corporate's not high, but there are a lot more freedoms for the user under the corporate network umbrella anyway. But it does what it needs to do. We haven't had an issue with it. The most we've had to do when we've had an issue is upgrade the VPN Client's software.

Before using Kerio, with another software, we did experience security breaches. Not so much with a firewalling product. We've had issues with breaches of user breaches. So phishing attempts and so forth. Just the general user stuff, but not through the corporate firewall. And honestly, we didn't handle all of that previously. We only took that on board about six or seven years ago when we changed ownership. So a lot of our services are in the cloud these days as well. Office 365 and so forth.

In a roundabout way, its security features played a role in our decision to go with it. We rely on the advice of our consultant and the consultant recommended this configuration, this software, and this appliance. So, it was more about the appliance. It was more about the flexibility than what we needed to do in a data center environment as well, to be able to manage it remotely and securely. It's been very easy to manage. 

The consultant was TechPath. TechPath is very good. I have full faith in TechPath. They're an MSP and we've just used them as a consultant when we initially set up our wide area networks and the security around it. They have good guys there. We don't have a lot of network engineers in what we do. That's their job. That's why we use another consultant.

Because it's all ID integrated, it's very easy for a user to get online step by step. And in terms of the actual configuration of the firewall itself, it's an intuitive interface if you know what you're doing, in terms of logging traffic, spanning, and the rest of it. The logging is fine. 

Remote work has been increased by 100%. We would have had around 25 - 30 remote users. That's probably increased to 60 over the shutdown, including contact center staff. That'll scale back a little bit as people come back into the office, but overall, people don't stay connected during office hours, it's more of an as-needed basis. We still only have 10 to 15 concurrent users, but in terms of licensing, we have under five concurrent users at any one time before that. There was an increase, but it was not a resource-hungry increase. We said to make sure the licenses were sourced in advance.

If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces. That's been more of an experience thing as well, you have to have some networking experience to understand what you're trying to do when you set up these things, whereas it could be a little bit more user-friendly, wizard-based.

I've been using Kerio Control for six years. It was introduced to us by a previous sister company. We started some of the systems that we took over that were using Kerio Clients and so forth.

We use it primarily to get into our corporate network through a data center appliance. So our off-site workers use Kerio Control VPN to get into the corporate network. We have a private data center space that we use for our production network as well. It's the primary gateway into our corporate network from remote workers. It's a private cloud. We've got our own rackspace in one of the data centers in Brisbane. And then we've got connectivity that lands in the DC to allow satellite sites.

The stability has been very good. I can only think of one or two occasions where we've had an issue and a restart of the firewall seems to bring it up again. I don't think I've ever had a major issue with it at all.

The high availability and failover protection haven't been that critical for us. The stability of it has been so good that we haven't needed to look at it. Because of the use case, an outage doesn't affect us as much as if it was a production network. And TechPath would be on standby with other hardware if we needed or with assistance. So we never really looked at the high availability stuff.

In terms of scalability, we did not see any limitation for the amount of users that we increased to. We had to add some licensing once we evaluated how many end users are going to be in the end but that was very quick as well. I think that came through in a day or two. We just added in the licensing to it and there we went. It was very easy to do. If there was a huge increase in numbers, as in if the appliance itself might need to be increased, but it's actually a virtual appliance anyway so resourcing is not that big a deal. We can increase the resources pretty easily.

Whether or not we increase usage depends on users. I don't think we'll exceed what we've currently grown in the last six months, based on the fact that everyone's currently working remotely. We don't have real plans to expand at this stage but it's nice to know that we can.

I would consider my company to be an SMB. We have 110 staff. Our company is part of a larger group of companies called the Federal Group. Our business unit is 110 employees, and we're fairly self-sufficient in that respect, but the Federal Group of companies is 1,800 employees and we run a number of different businesses around the country, hospitality businesses, casinos, cape transport, trucking companies, that sort of thing. For our size, definitely, it's worked flawlessly for what we needed it to do.

A lot of the IT is within the Federal Group. We've only actually been part of them for just over a year now. They have their own technical services group and a lot of those guys are hardcore Cisco nuts. They're based in Tasmania, which is the other end of the country for us. It's hard to get anything done when we've got to chase someone on the other side of the country. They've desegregated the business unit, so we can manage our own internal business decisions on that infrastructure. But I wouldn't be surprised if they did use Kerio in some form, I know that a lot of those guys are gold plated in what they do.

I haven't contacted their technical support. If there are any issues then I get a network engineer guy first and see if he can take care of it.

We have used SonicWall and I've also used Ubiquiti around the place a little bit, but nothing on a production level. We've played around with Ubiquiti internally. We used to implement SonicWall at our customers to do some deep-end firewalling on their gear but now we're mostly using Kerio devices at the moment in the field as well.

Our systems supplier became our sister company. We got bought and converged in a vertical integration, and then we got divested again. We checked the systems, and the staff from our sister company got taken away to our opposition company. SonicWall was something that we inherited and we weren't really familiar with its use. I was familiar with Kerio's configuration, so we moved to a Kerio device to do the same job.

For our main firewall, the setup was fairly complex at the time because we had multiple internal networks to deal with. We had test environments versus operational environments. We had a lot of rules we wanted to put in place for corporate, so it was complex. It wasn't confusing in terms of how to configure it, but it was fairly complex. 

We started off focusing on corporate first. This was the least risk and then we moved our production phases over to that as we were confident in that we were secure and connected up correctly, so to speak, or the data center configuration was the way we needed it to be. Then we did a little post-testing in the configuration, not just with the firewall and stuff, but overall with penetration testing.

The deployment didn't take very long. TechPath took care of most of it. In terms of the site to site stuff, we do that fairly regularly. It might take an hour to configure devices, but it's not onerous. You've just got to make sure you get the settings right. The setup required a few engineers from their end, myself, and another employee. 

We do maintenance once a month and it requires one person. It doesn't quite a lot of maintenance because we just give it a courtesy reboot more than anything like we do with a lot of our gear. We just make sure that the updates are up to date, from time to time.

I have definitely seen ROI since the shutdown. Given its stability and its function, it certainly hasn't slowed down our ability to produce in a diverse environment especially with the contact center. A lot of what they do is hybrid Software as a Service, telephony, and all the rest of it, so having corporate access was key to be able to do their jobs. We went from a very secure, regulated on-prem environment to a diverse working from home environment overnight, and Kerio was key to that.

I never had to go out there and try and find an alternate solution because Kerio just did the job. I don't know how long it would've taken or how much it would've cost, but it certainly would have been at best, a minimum of setting up a much more permanent type of secure connection from each user's premises. It would have been a lot harder to do.

I didn't even blink at the price but I can't even remember what it cost. It was pretty reasonable. The cost was very affordable. We just ended up licensing our own because we didn't know who was going to be working remotely at the end of the day. I think anyone that had a chance to work at home, they got the license. It wasn't a factor of having to do to a view and make sure that every user absolutely needed one. It is a very affordable solution.

There are no additional costs to the standard licensing that I know of. We maintain the highway that it sits on and obviously the data center space and there might be transit and costs and that sort of thing associated with it, but not with Kerio itself. 

We didn't really look into other solutions. We were using MikroTik routers to do some of the work, but not really. Rather than learn SonicWall, we just switched to Kerio, because we we're familiar with the interfacing.

The biggest lesson I've learned from using Kerio is that you can quite easily and securely diversify your network security and access without compromising on cost and central control. Since this all comes down to is that it's all centrally controlled, I have confidence that the users were accessing our systems remotely and securely.

We have used the Kerio Control appliances to do point to point VPNs at the customer sites quite a few times now, and that's the one we recommend. Customers have been using Ubiquiti and have issues so we replaced them with Kerio appliances and they seem to work great. They're moderately priced, good value, and I haven't had to reboot one of those devices in the field yet. These things run point to point VPN for some pretty business-critical functions, such as wide-area gaming systems that transfer money between venues. I haven't had any issues.

I would rate Kerio Control a nine out of ten.