KerioControl Reviews

I currently use the solution for on-network management. 

We are using the product in our factory and in our main office. We use the channel to connect the network, and also, we are using it for user access control, as a router, actually. That's it.

All of the features are great. I can't point out one of them. It's very easy to use

There is not a special technical feature. However, the graphical interface and the UI (the user interface) are great. We've had a good user experience when compared to others.

The product is affordable.

It's stable.

The setup is easy.

I don't have any idea how to make the solution better at this point. 

We'd like to have more integrations Kerio Operator.

I've been using the solution for six or seven years. 

The solution is stable and reliable. There are no bugs or glitches.

However, we changed something, and we've had some problems with performance. We are in the process of debugging the issue. For the most part, it is reliable. 

The solution has been scalable and easy to extend. 

I've never contacted technical support in the past. 

The initial setup is very easy. 

We deployed it six or seven years ago, so I cannot recall the exact steps or how long it took, however, the deployment wasn't hard. 

We changed office recently, and we will need to set it up again. 

The pricing of the solution is reasonable. 

We are a customer. I don't recall the exact version number I am using. 

We decided to use this solution based on the features which we needed at the time. 

I highly recommend the solution to others. We've had a good experience. It's very easy to use.

I'd rate the solution ten out of ten.

We use Kerio Control primarily for site-to-site VPN and client VPNs.

The solution is easy to manage. Kerio Control is unique compared to other firewalls because it has been around since 2000 when we switched and the name it started with was WinRoute, and then later became Kerio Control. It evolved over time and it is more of a proprietary firewall on its own and has been developed through open source.

The Kerio hardware devices look cheap and could be improved. Some of our clients are switching to Sophos because their hardware has a more sleek design.

I have been using Kerio Control for a long time.

Kerio Control stability is extremely stable. On the administration side, you have total control because of MyKerio. Which is a portal that allows you to control all your Kerio Controls and other Kerio solutions. Similar to other firewall vendors nowadays, they have their own portal to centralize the management of your firewalls. 

The solution is scalable. If you are using virtualized machines you can have as much memory and much storage, but you do not need much storage for this solution. It is powerful and fast, although it can slow down the internet because of the filtering. For example, if you have most of your services running, such as antivirus, content filtering, and intrusion prevention. When all of those are all enabled and there is a lot of configuration and it might slow down your internet service to about 70%, instead of a direct simple router.

The technical support is good as a reseller. We have direct connection with the technical support, we can send them an email and they will get back to us. If it requires phone calls, they phone us up or we phone them.

The initial setup is straightforward. You receive a box and then you receive the activation keys. When you receive the activation keys, it will work fine. Without the activation keys, your subscription for firewall, antivirus, and web filter, is not going to work.

If you are doing a fresh installation without the VPN, you have to set up all your routers on each different location to have a site-to-site VPN. However, if you are migrating from a firewall to Kerio Control, you have to migrate the users, DHCPs, and static IPs, that you want to have on the devices to keep you from losing service. For up to a five-site location, it could take approximately one hour for each location to set up the firewalls.

To start out you are going to have to purchase the firewall hardware and the subscription itself which could be approximately $2,000 and for the annual subscription, it will be approximately $400. The subscription entails many aspects, such as you do not lose your antivirus upgrades or your web filtering does not stop.

We are switching from Kerio Control to Sophos because of the sleek design of the devices. If you want a cheaper solution, you can choose Kerio Control, but if you want a much sleeker design, then should consider Sophos.

I rate Kerio Control an eight out of ten.

Kerio Control is the primary firewall for our corporate network to the outside world. We use an IP transit that connects to an IP transit, so all the internet traffic in and out of the corporate network goes through the Kerio Control firewall. We use Kerio Control VPN Clients for our remote workers to dial into that corporate network with two-factor authentication.

We service all areas of Queensland in Australia and we've got clients from Thursday Island down to the border. We have regional sales guys, agents, and technicians throughout the state that require access to the corporate network for various reasons and that's how they get in. They require access for our call logging system and all that sort of stuff. It's the primary gateway for that. Apart from that, we also run Kerio devices in the field to do point to point VPNs.

We've had very few problems with the VPN features. Once we've set it up, it's pretty functionally user-friendly in terms of the firewall functions that we need to open and close ports on. Our users don't have a lot of problems with it. We've had to reboot it occasionally, but nothing extraordinary. Just standard maintenance rebates. Other than that, it just does the job.

We about 60 users that have access. Concurrently, there's probably only 10 concurrent users at only one time. Because of COVID, there's a lot more remote work going on. It would have been busier over that time, but I haven't actually looked at the stats since then. I know that it worked well and we didn't have any issues. Which is a nice thing not to have to worry about when there's a lot of other things on your plate.

There are only two of us that would really get in there and reconfigure the firewall. Most of the time we'll run that past TechPath anyway, just to make sure that we're not going to punch a hole. We don't intend to. In terms of checking problems, checking logs, in terms of people management as well, seeing who's been logged in, who hasn't, it's very easy to get online and get onto the device and do from anywhere. It's very easy and flexible to use.

Prior to Kerio, we couldn't uncover that data. Prior to Kerio, we were using a hardware device but it didn't have remote access or any of those features. It was something we had to do on-site and it wasn't very user-friendly. It wasn't something that management could do if they wanted to and yet this one's pretty easy if they had access.

The main example of how Kerio has improved my organization would be through the COVID shutdown in terms of just being able to scale. It scales very easily to users that weren't normally remote workers. The fact that it scales well at very little trouble to scale with the amount of users on there, and then to have no issues over that period with increased usage, it did the job. The less I know about it, the better it's doing.

It has saved a lot of time and it was a secure way of doing it too. We had a whole contact center that worked from home for a period of time and that's a 21 hour a day contact center that we moved, that was spread out across the greater Brisbane region and working on home internet connections. Surprisingly, we didn't have a lot of stability issues anyway on those connections, but Kerio didn't blink, so that was good.

We turned on two-factor authentication just after the shutdown when we knew we were going to get more users using it. That was the only feature that I've used recently that was different and it worked fine. You only have to authenticate once every 30 days, once you've fully authenticated. It was easy. Technically, it's not a full implementation. It's two-factor on every login, but it's certainly more secure than it was.

In terms of the comprehensiveness of the security features, I know that we haven't had any breaches before. We've had security issues before but it hasn't been with the data center implementation. We have a technology partner that we use to consult for configuration and Kerio was their number one recommendation at the time. We've never had an issue since implementing that. While it works, it's not an issue for me. Best to our knowledge, we haven't had any data breaches.

We do a lot of audits in terms of data security. I don't know if that's ever been an issue here because a lot of our production stuff is actually walled off from our corporate network so it's of lesser risk factor. We were regulatory. We're a licensed regulatory body as well. We monitor gaming machines throughout the state. A lot of our security and the production network is a lot higher than our corporate. Not that corporate's not high, but there are a lot more freedoms for the user under the corporate network umbrella anyway. But it does what it needs to do. We haven't had an issue with it. The most we've had to do when we've had an issue is upgrade the VPN Client's software.

Before using Kerio, with another software, we did experience security breaches. Not so much with a firewalling product. We've had issues with breaches of user breaches. So phishing attempts and so forth. Just the general user stuff, but not through the corporate firewall. And honestly, we didn't handle all of that previously. We only took that on board about six or seven years ago when we changed ownership. So a lot of our services are in the cloud these days as well. Office 365 and so forth.

In a roundabout way, its security features played a role in our decision to go with it. We rely on the advice of our consultant and the consultant recommended this configuration, this software, and this appliance. So, it was more about the appliance. It was more about the flexibility than what we needed to do in a data center environment as well, to be able to manage it remotely and securely. It's been very easy to manage. 

The consultant was TechPath. TechPath is very good. I have full faith in TechPath. They're an MSP and we've just used them as a consultant when we initially set up our wide area networks and the security around it. They have good guys there. We don't have a lot of network engineers in what we do. That's their job. That's why we use another consultant.

Because it's all ID integrated, it's very easy for a user to get online step by step. And in terms of the actual configuration of the firewall itself, it's an intuitive interface if you know what you're doing, in terms of logging traffic, spanning, and the rest of it. The logging is fine. 

Remote work has been increased by 100%. We would have had around 25 - 30 remote users. That's probably increased to 60 over the shutdown, including contact center staff. That'll scale back a little bit as people come back into the office, but overall, people don't stay connected during office hours, it's more of an as-needed basis. We still only have 10 to 15 concurrent users, but in terms of licensing, we have under five concurrent users at any one time before that. There was an increase, but it was not a resource-hungry increase. We said to make sure the licenses were sourced in advance.

If I would suggest anything, it would be to expand on its multifactor authentication to be a little bit more user-friendly. They should do multifactor authentications for the client itself perhaps, rather than served on a webpage, in a page hijack, that might be more user-friendly, but I don't have a lot of complaints about it. It's doing its job. You have to have a certain amount of skills to configure these things anyway, the ones that we use on-site doing point-to-point, and we've been tricked up a few times with their interfaces. That's been more of an experience thing as well, you have to have some networking experience to understand what you're trying to do when you set up these things, whereas it could be a little bit more user-friendly, wizard-based.

I've been using Kerio Control for six years. It was introduced to us by a previous sister company. We started some of the systems that we took over that were using Kerio Clients and so forth.

We use it primarily to get into our corporate network through a data center appliance. So our off-site workers use Kerio Control VPN to get into the corporate network. We have a private data center space that we use for our production network as well. It's the primary gateway into our corporate network from remote workers. It's a private cloud. We've got our own rackspace in one of the data centers in Brisbane. And then we've got connectivity that lands in the DC to allow satellite sites.

The stability has been very good. I can only think of one or two occasions where we've had an issue and a restart of the firewall seems to bring it up again. I don't think I've ever had a major issue with it at all.

The high availability and failover protection haven't been that critical for us. The stability of it has been so good that we haven't needed to look at it. Because of the use case, an outage doesn't affect us as much as if it was a production network. And TechPath would be on standby with other hardware if we needed or with assistance. So we never really looked at the high availability stuff.

In terms of scalability, we did not see any limitation for the amount of users that we increased to. We had to add some licensing once we evaluated how many end users are going to be in the end but that was very quick as well. I think that came through in a day or two. We just added in the licensing to it and there we went. It was very easy to do. If there was a huge increase in numbers, as in if the appliance itself might need to be increased, but it's actually a virtual appliance anyway so resourcing is not that big a deal. We can increase the resources pretty easily.

Whether or not we increase usage depends on users. I don't think we'll exceed what we've currently grown in the last six months, based on the fact that everyone's currently working remotely. We don't have real plans to expand at this stage but it's nice to know that we can.

I would consider my company to be an SMB. We have 110 staff. Our company is part of a larger group of companies called the Federal Group. Our business unit is 110 employees, and we're fairly self-sufficient in that respect, but the Federal Group of companies is 1,800 employees and we run a number of different businesses around the country, hospitality businesses, casinos, cape transport, trucking companies, that sort of thing. For our size, definitely, it's worked flawlessly for what we needed it to do.

A lot of the IT is within the Federal Group. We've only actually been part of them for just over a year now. They have their own technical services group and a lot of those guys are hardcore Cisco nuts. They're based in Tasmania, which is the other end of the country for us. It's hard to get anything done when we've got to chase someone on the other side of the country. They've desegregated the business unit, so we can manage our own internal business decisions on that infrastructure. But I wouldn't be surprised if they did use Kerio in some form, I know that a lot of those guys are gold plated in what they do.

I haven't contacted their technical support. If there are any issues then I get a network engineer guy first and see if he can take care of it.

We have used SonicWall and I've also used Ubiquiti around the place a little bit, but nothing on a production level. We've played around with Ubiquiti internally. We used to implement SonicWall at our customers to do some deep-end firewalling on their gear but now we're mostly using Kerio devices at the moment in the field as well.

Our systems supplier became our sister company. We got bought and converged in a vertical integration, and then we got divested again. We checked the systems, and the staff from our sister company got taken away to our opposition company. SonicWall was something that we inherited and we weren't really familiar with its use. I was familiar with Kerio's configuration, so we moved to a Kerio device to do the same job.

For our main firewall, the setup was fairly complex at the time because we had multiple internal networks to deal with. We had test environments versus operational environments. We had a lot of rules we wanted to put in place for corporate, so it was complex. It wasn't confusing in terms of how to configure it, but it was fairly complex. 

We started off focusing on corporate first. This was the least risk and then we moved our production phases over to that as we were confident in that we were secure and connected up correctly, so to speak, or the data center configuration was the way we needed it to be. Then we did a little post-testing in the configuration, not just with the firewall and stuff, but overall with penetration testing.

The deployment didn't take very long. TechPath took care of most of it. In terms of the site to site stuff, we do that fairly regularly. It might take an hour to configure devices, but it's not onerous. You've just got to make sure you get the settings right. The setup required a few engineers from their end, myself, and another employee. 

We do maintenance once a month and it requires one person. It doesn't quite a lot of maintenance because we just give it a courtesy reboot more than anything like we do with a lot of our gear. We just make sure that the updates are up to date, from time to time.

I have definitely seen ROI since the shutdown. Given its stability and its function, it certainly hasn't slowed down our ability to produce in a diverse environment especially with the contact center. A lot of what they do is hybrid Software as a Service, telephony, and all the rest of it, so having corporate access was key to be able to do their jobs. We went from a very secure, regulated on-prem environment to a diverse working from home environment overnight, and Kerio was key to that.

I never had to go out there and try and find an alternate solution because Kerio just did the job. I don't know how long it would've taken or how much it would've cost, but it certainly would have been at best, a minimum of setting up a much more permanent type of secure connection from each user's premises. It would have been a lot harder to do.

I didn't even blink at the price but I can't even remember what it cost. It was pretty reasonable. The cost was very affordable. We just ended up licensing our own because we didn't know who was going to be working remotely at the end of the day. I think anyone that had a chance to work at home, they got the license. It wasn't a factor of having to do to a view and make sure that every user absolutely needed one. It is a very affordable solution.

There are no additional costs to the standard licensing that I know of. We maintain the highway that it sits on and obviously the data center space and there might be transit and costs and that sort of thing associated with it, but not with Kerio itself. 

We didn't really look into other solutions. We were using MikroTik routers to do some of the work, but not really. Rather than learn SonicWall, we just switched to Kerio, because we we're familiar with the interfacing.

The biggest lesson I've learned from using Kerio is that you can quite easily and securely diversify your network security and access without compromising on cost and central control. Since this all comes down to is that it's all centrally controlled, I have confidence that the users were accessing our systems remotely and securely.

We have used the Kerio Control appliances to do point to point VPNs at the customer sites quite a few times now, and that's the one we recommend. Customers have been using Ubiquiti and have issues so we replaced them with Kerio appliances and they seem to work great. They're moderately priced, good value, and I haven't had to reboot one of those devices in the field yet. These things run point to point VPN for some pretty business-critical functions, such as wide-area gaming systems that transfer money between venues. I haven't had any issues.

I would rate Kerio Control a nine out of ten.

We use the solution mainly as a firewall. 

I am impressed with the tool's firewall filtering capacity. 

The product's technical support is not good as it used to be. 

I have been working with the product for 15 years. 

The tool's stability is great. 

The solution is scalable. 

The product's setup is straightforward. 

I would rate the product an eight out of ten. 

There were some issues with our main firewall and it went down. In a short time, I deployed KerioControl and save our business.

The most valuable features of KerioControl are ease of configuration, user-friendliness, and comfortable to use. It is an all-in-one solution, it comes with many features, such as a firewall, antivirus software, and network protection.

The GUI should be changed because it remains the same consistency across versions. However, those who have been using KerioControl for a long time may be accustomed to the current interface. Installing a new version in the same location makes it easy to find, but overall, there are no notable changes between versions.

I have been using KerioControl for approximately five years.

KerioControl is stable because it is a Lunux-based system. However, it depends on the cores because they do not change the base core of Linux systems.

The scalability of KerioControl is good and it is easy to do.

I have worked at many companies, and the most users that have been using KerioControl has been 500.

If our company grows and the popularity of KerioControl increases we will increase our usage of the solution.

I have not had the need to use the support from KerioControl because I have found all the answers to my questions online.

I previously used Cisco Firepower and Netgear.

The initial setup of KerioControl is straightforward.

The implementation of the solution was done in-house.

We have received a return on investment.

I compared KerioControl with other companies based on price, functionality, features, and ease of use, ultimately choosing KerioControl as the best option.

The KerioControl is a good solution. It can be deployed on old servers and it works well with no issues.

We use it ourselves and deploy it to our customers, which are small and medium-sized businesses. Our use cases are for both ourselves and our clients, mainly as a frontline protection for their internal networks to filter viruses and threats as well as for web filtering to ensure employees and guest networks don't access material that wouldn't be appropriate to be viewed. It's also used for remote access VPNs so remote users can access internal servers and resources, as well as site-to-site VPNs for multi-site offices to access resources located either at the main HQ headquarters or at an alternate site.

It does antivirus, malware, and ransomware. We feel the coverage is complete across the entire spectrum of malware, viruses, and most ransomware. It also covers some types of adware, which is an unwanted program that's not necessarily bad, but there's no reason to have it.

We have a lot of other companies that were multi-site companies which had servers at different sites not talking to each other. They had remote workers or maybe they were using open RDP as their access to their internal network. These customers were getting ransomware infections and constantly just getting frustrated not being able to share resources between sites and this gives them the capability. I have a lot of customers, especially in the non-profit market, where we've had a lot of success deploying the solution. 

A lot of the non-profits also have open WiFi and the filtering tools have been great for making sure that the WiFi bandwidth isn't drained by somebody sitting there and just surfing videos. We can control the open WiFi and we can control public computers to make sure that they stay just on the sites that we want them to stay on, e.g., employment sites, training, etc. So, it's been really helpful for the non-profits.

If a tech has a basic understanding of firewalls, NATing, and security, it is amazing how quick we can teach them how to use the product to its full capabilities. We can take a half day to a day and a brand new tech who's never seen the product can pretty much understand it enough to set it up, work with a customer, and make changes that a customer requests. There's nothing better than a customer calling and saying, "We need to add this site," and instead of saying, "Well, let me open a ticket and get an engineer to look at the thing," we go, "One second," and, through the MyKerio portal, find their firewall, remote into it, make the change, and say, "Okay, test it now. Works? Perfect." Hang up the phone and we are done.

With COVID-19 and everything that has happened, customers would call us up and say, "We're shutting down. Friday's our last day. Everybody is going to work from home." In 24 hours, we could have them all working remotely. The amount of time and simplicity of getting users set up with the VPN allowed us to get massive numbers of users working remotely at businesses that had never even considered remote work as a possibility. Or, maybe the owner had a little bit of remote capability, but that was it. Just through the ease of and the free VPN client it was amazing how quickly we could roll out VPN to everybody, we had whole companies remotely working overnight.

The most valuable feature for us is the ease of use. We don't have to go crazy trying to figure out how to do something. It allows you to make changes, set things up, turn on things for a customer without having to go through 37 different menus, read the manual, and try to remember it. It's pretty straightforward. That's what attracted it to us in the beginning. While we can work with complicated systems, most of our customers don't need them, then we end up just spending more time setting up the solution than we really need to. It's more productive, the customer saves money and at the same time and we make more money off of it. I can set up a whole firewall solution in 30 minutes and that's valuable to me.

We have been very happy with the security features. We find that the keyword filtering is great. Also, the antivirus filtering is excellent. One thing we always tell our customers is that we have never had a client using Kerio Control and the antivirus tools that we suggest who has been infected with any type of ransomware. We have customers who have had ransomware, but they were all ones who chose not to go with Kerio Control. That's always just been a very simple, easy, and powerful fact that we can explain to people, "We've never had a customer who has used this firewall along with our recommended antivirus and had a ransomware infection."

It is very comprehensive. It has all the active protections. It's updated regularly. We love that you can set how often threat definitions updated so you can work what is right for the site. A large company with a lot of bandwidth can update the virus definitions and security definitions hourly, if they want. A smaller site that's remote, where maybe updating the definitions will eat into the bandwidth, we can schedule those more to go later at night. It's very flexible and works for us in all types of situations. This is great because then we don't have to learn seven different products to be able to work with seven different scenarios.

We've been very happy with the solution’s firewall and intrusion detection features. The company has been pretty good when it comes to maintaining it and closing out security holes. For example, when there was a security bug found in the encryption in the VPN, they were very quick about reacting to that and coming out with a new VPN client encryption. At the same time, they made sure that for those cases where maybe you couldn't upgrade right away, there was a bit of overlap of backward capability so you weren't like, "Oh geez. I have to do everybody at once."

We love the VPN feature. That is one of our favorite things. The free client that they have makes it so easy to attach computers to the company network and we can usually set somebody up in like five minutes or so. It's real simple for the users because of the way that it presents the information you don't have all types of weird keys and stuff that users have to remember or write down, which is great because a key lost on a piece of paper is just as bad as a key found by a hacker. So, the computer memorizes it all, stores it, and makes it real simple with a push button to either connect, disconnect, or keep the connection persistent, which we love because then for a company-owned computer it stays connected from the moment the user logs in to logs out. Then, we can actually sync the user's VPN credentials to their Active Directory account and that is really helpful, because if a user leaves, disabling their Active Directory credential also disables their VPN credentials automatically and now when an employee is no longer with the company we don't have to worry about going to a separate system and shutting that VPN down until we can get our hands physically back on the laptop. We don't have security risks hanging out there.

MyKerio is a really neat tool where there's one central website that I can go and see every Kerio firewall that we manage. I don't have to go find specific logins for every firewall because I log into the MyKerio site with my master credentials, and it has two-factor authentication to make sure it's secure. Once I'm in, I can choose any of the Kerio firewalls that we manage: Kerio firewalls, Kerio Operator Phone Systems, or their Kerio Connect mail product. I can find any of them and quickly attach to it, then help the customer. It makes it real nice instead of having to chase down a list of IP addresses and passwords. As a managed service provider, it's nice because if a tech leaves, then I can cut them out of all our customers by simply closing their MyKerio account since they never actually had a direct login to the firewall itself.

The one feature that seemed to be missing for a while that they finally just readded was the ability to filter by known IP lists, either specific countries, or lists of IPs know to be hackers. That was in the product awhile ago, but just wasn't maintained for a while, but they recently did start to maintain it again it.

The MyKerio online portal could probably use a little touch up and tweaks, sometimes the backups just fail or you have to log off and back in with a new browser to connect to a device. The site is glitchy every now and then.

The guest network that they had behind a splash screen is the one spot that we're not thrilled with. We believe the guest network could have a more reliable and better customization on the splash screen, and sometimes we have issues with users getting to the splash screen at all. Our solution is just buy unlimited licenses to get around that. Then instead of using the guest WiFi, we create a whole separate VLAN with no splash page or use a splash page through the access points if we need a splash page. Its also not customizable at all so you can't put logos or names on it, make them accept a usage agreement, etc.

It was long before GFI even owned them. It has to be almost 10 years.

We have not had any problems with the stability at all. It's pretty solid once we get them running. Besides reboots for updates, we usually never have to do anything with them. The only ones that I can ever remember failing are caused by physical hardware failures. A lot of times either there is a lightning strike, electrical surge, or something like that. Once or twice, we've had a fail where we can't tell exactly why it failed, but it's always been the hardware that's failed, not the firewall software. I do remember one very old box that had gone through multiple iterations and had copied backups from hardware to hardware to hardware for almost a decade, which started acting a little funny. It stayed up, but we would see weird logs that didn't make sense. For that one, we finally did a backup, wiped it, restored the backup, and all the problems went away. That's the only time where the software was the cause and it was nothing that actually affected end users.

I have it in customers that have four users. The largest site that we've had (with a single box) is probably 150 users, including guests, and it scaled right up and I'm sure I could have pushed it much farther. Again the nice part about the product is they have a software-only version where you could put it on your own hardware, where you can slap it in a Xeon server if you really needed to, and I'd have no fears that the product could actually filter a whole school campus.

In our company, it's mainly our techs who work with this solution. The roles are usually customer-facing techs and support techs. We call them technology specialists, but it would be equal to a tech support type person. Everybody in the company dealing with customers knows how to manage the product because it's so simple. There's no reason to have a firewall engineer. We have a senior person for a really complex setup, but every tech can work on the product and set it up for the average company. Every tech can make changes that the customer requests right then and there when they call.

I would like to see a little improvement in their technical support when you have a problem.  I may be a little jaded because I came from Kerio when we could call and get a person on the phone who actually worked on the product and every tech had their own demo setup for testing. They also had instant messaging capability with the developers. If we found a problem, then we could get a result for it quickly. Now, the product seems to be 24 hours response no matter what the issue. They have also gone to the model that if you need quicker support, then they now charge you additional for the exact same level of support that they used to give for free. I am assuming it's the exact same level of support that they say it is. I'm not paying extra for it. That's the biggest flaw with the product.

Positive

We have a mix. A lot of our customers are just building or starting to manage thier network, so this is their first new product that didn't come from an office store. We also have some that were replacing an existing product either because the product got old and it was time to replace it, or sometimes because we've seen issues with other products we know this will fix. For one product in particular, we will see point-to-point VPN instability sometimes that customers have been dealing with years. We'll say, "Hey, let us put this in. Chances are it's going to clear up." Usually, it does. One customer had a point-to-point VPN with a that product that would go down almost every day. Now, the point-to-points have been up for about five months straight. This shows how reliable the solution is. 

For other customers, sometimes we'll replace another product because they got oversold. They'll have some very large product that's really expensive, and we're like, "Hey, that's cool. It does a ton of neat things you don't even need. But this product will do pretty much all the same things, especially all the things you currently use as well as give you some capability to grow into." A lot of customers didn't realize they need VPNs until all of a sudden they grow. There is nothing worse than telling a customer, "Remember when you saved a couple hundred bucks a year ago. Well, that's all gone now because the product you chose doesn't support this." That's what we like about this solution. It is priced low enough for entry-level, but it has the power to grow with a company without them having to replace it.

The initial setup is super straightforward. We can get a basic firewall running in under an hour. That is from opening the box  to getting it working. We tend to take it out of the box and do a little bit of preconfiguring for half an hour, maybe 45 minutes if it's a really complex multi-VLAN setup. Once you have it ready and bring it out to the customer site, then you plug it in and do a couple of final steps. We can get a sealed box to set up in under an hour.

We do have some basic guidelines that we try and use across all of our customers (minimum requirements), but because we deal with a wide range of customers, where some of our customers have four employees and others have 400, there will be minor changes. Everybody usually has a regular network, then a VLAN for guests, but sometimes our larger companies have VLANs for labs and other sections of the business: for example maybe development and admins get more rights. We always make sure the antiviruses, the IPS, filtering are running with a basic number of rules.

Don't over think the implementation. The biggest thing that you can do is start overthinking when you're setting it up, and be like, "Well, what do I have to do next?" You're probably already done. It's real simple. Anybody could take the manual home if they've never seen it before. They have a complete 30-day demo that you can download. Even if you aren't hooked into the Internet, you can log into the web GUI and look through it. It's great because it gives you an opportunity to do that and play with the product. If you're a technical person, you could take the manual home for the night, then the next day set one of these things up.

We always deploy it by ourselves, I think anyone with some IT experience could do it. I mean its not for Grandma but if you understand routing you can do it.

We're rolling out a four location non-profit right now that pretty much had zero network infrastructure. We're bringing our third site on out of four next week. Getting the firewall up is the easy part. It's been more of tying in their computers to the rest of the network and stuff, but eventually we're going to replace this hodgepodge of laptops and emailing files with central shares backed up and secured with the proper permissions all through the VPN.

Once customers get into doing site-to-site, employee remote VPNs, they start seeing savings in travel time and time costs. When everybody talks about savings, a lot of people forget to think about, "If my employees have to individually mail a bunch of files to somebody else, spend time trying to access files, or getting somebody in the office to send the files, that's a lot of time spent," this is where giving VPN capabilities both site-to-site and for end users who usually can't afford them is a giant cost savings, being able to seamlessly work remotely, include roaming employees who are able to go site-to-site and access the same resources at any location.

It's generally inexpensive compared to a lot of other products out there.

We don't use the solution’s high-availability/failover protection. For our market, it just hasn't been something that's been worth it for the cost. Because the software can run on both the Kerio hardware as well as regular off the shelf computer hardware, we've actually just maintained a standard computer with some extra NICs in it or a microcomputer as a backup. So, if a box goes out, we just run out there, pull the backup file off the web (since it is backed up through the MyKerio portal), and push it to the box, then we can have them back up in an hour or two. We can then worry about a permanent replacement once the client is back up. 

The biggest advice that I could probably give people is when you buy the solution be prepared to buy a few extra licenses if you want a guest network but you don't need to go crazy. Each user license gives you one employee and five devices. In the world nowadays where everybody has a cellphone, tablet, desktop, and laptop, that's still four devices and you still get one more device per person to cover the company printers, servers, etc.

We do evaluate other products both before we choose Kerio Control and on a regular bases. We do have one or two smaller firewall product that we use for the true entry-level businesses who don't need any capabilities, and we are constantly seeing products as we get new customers and what products they are using currently. We don't like to rip them out right away until we understand the network and its issues, we have to get familiar with a customer before we can make a recommendation.

Vendors are always coming out with new things and there are always new features. True cloud management seems to be the big buzz right now, so we've been looking at those type of products. However, so far we keep going back to Kerio Control.

A lot of times I can do things in one screen of Kerio Control that would take two to three screens. I was just making a firewall rule with NAT forwarding on a different product for a customer a couple of days ago and that took four different screens and four different menus. One of the nice things about Kerio is how it does firewall rules and port forwarding.You do it all-in-one screen called "rules" where It creates the forwarding, the NAT, and the port holes.  

With some products I'd have to go into a window to create a firewall rule of VLAN 1 to VLAN 2, then I have to create a firewall rule of VLAN 2 to VLAN 3. Finally, I have to create a firewall rule of VLAN 1 to VLAN 3. That's three separate firewall rules that I have to build. If I want to block one port, then that's three separate firewall rules I have to edit. On Kerio Control, the way it's setup, I can make one rule that encompasses all three of those rules by having my source have multiple sources, multiple destinations, and multiple ports. For example, a security camera system needs three ports forwarded to it. I might have to create three rules and 3 NAT translations, one for each of those ports. Some of them I can group, but others you can't. With Kerio firewall, I can list all those ports in one spot. Therefore, I can create a rule that allows the WAN and VPN 2 to access a camera system on VPN 3 on these two ports and point it all to the Camera System using only one rule.

It is not the most powerful firewall out there, I understand that, but it's a great balancing act between the capabilities. It's as capable as many of my other firewalls, but at the same time, it's not as complicated. You don't need to take a three-month course like you do with some of the other products in order to be able to use it properly. It's all GUI-based, unlike some products. Sure a lot of products have a GUI where you get just so much done, then at a certain point, you have to jump into command line. There is no command line option in Kerio Control because its not needed, there isn't a point where I have to pull out a manual and find obscure commands to type in to get the product to do something I want it to do.

It's definitely well suited for and marketed for SMBs but could some enterprises use it? I believe that they could. I believe that there are some spots in the enterprise market that should be looking at this product. I think that some companies would be pleasantly surprised if they considered it for enterprise market use. 

It's inexpensive and secure enough that you could have multiple instances running across a campus, if you needed to do routing. It supports a ton of VLANs, especially if you put it on your own hardware. You can easily have this thing run thousands of users just by scaling up the hardware because it has the ability to run on standard PC or Server hardware so you can pop it right into a computer and boot it up. This is great because you can choose any amount of hardware that you want to put it on to get it to scale to what you need, and you can upgrade it as needed. It's also great when you do have virtual environments.

The company has always been pretty good to work with, which is important. Obviously, GFI's a much bigger company than the original vendor, so some things have changed, but they're a friendly company and want to work with you. They have a nice NFR program. We always like products that have NFR programs, not because we're always looking for free stuff, but because it's nice to be able to use the same equipment inside that we sell to customers, even if it doesn't make sense for us financially (though Kerio Control makes sense for us). Just having that capability to say, "Hey, we use this product ourselves." It's a question that customers ask IT companies a lot, "What do you use?" So, if I can say, "I use Kerio Control." That goes a long way to making the customer understand I really like this product. I trust my business to it. You can trust me when I say, "You can trust your business to it."

I would rate the product as a nine out of 10. I've never heard a customer that went on it be upset. I have never had a customer tell me, "I want to get rid of this thing."

We use it for bandwidth management, filtering, routing, and intrusion detection and prevention. It is our main edge firewall.

I am working with the latest version. 

I like intrusion detection and prevention and bandwidth management. The routing part is also awesome. It is a good firewall. We never had a major breach from outside. We've never been impacted by ransomware, and our systems have never been infiltrated.

The user login can be improved because we use the captive portal where users have to register before they access the internet server. That has been a huge challenge. They can improve the user login part and make it more user-friendly. It looks user-friendly, but it doesn't work as it is expected to work. They can also improve the reporting feature.

They don't provide content filtering when it comes to search engine results. We had an incident on the network where a blocked site was showing up in search results. We are in a school environment, so we have blocked a site with some of the explicit content so that kids wouldn't see it. When one of them did a search, the results came on the search engine part. When you try to drill down to the website, it blocks, but when you search by image, it brings up all the images. That's one of the reasons why we are looking at Juniper. 

Its inability to provide content filtering for search results was a high-impact issue. We've been talking to them about this issue. It was a very sensitive issue for us because we had kids in year four who were exposed to images that they were not supposed to see. Because of Kerio Control, we failed to protect kids from such content, and we expected them to respond to it with the urgency it required, but their support was pathetic. The ticket was escalated, but we had to send them a couple of emails to let them know how serious the case was, and then we had a live call with their support team.

We have had issues with its performance and stability. They can do better. We've had situations where we had a terrible performance on the network, and when you restart it, everything goes back to normal.

I have been using this solution for six or seven years.

Its performance is average, and it isn't that stable. I would give it a 50 out of 100. 

It is easy to scale. We have about 600 users.

We've been talking to them about the content filtering issue. The ticket was escalated, but we had to wait for two days for it to be answered. We sent them a couple of emails to let them know how serious the case was, and then we had a live call with their support team. We found their support to be pathetic, and we really expected them to take it seriously.

It is straightforward. It is easy to configure.

We do it internally. On the maintenance part, it requires patching, seeing if we want to block anything from our network, and adding more rules.

Its price is fair. There are no additional costs.

We are evaluating Juniper. In terms of monitoring, the response from Juniper was good. We requested a demo, and we got more than a demo. They went above and beyond to get a specialist in security who sat with the team. He presented not just what the product can do; he also presented what is involved in security. Their support seems good. From what they demonstrated, its monitoring, reporting, and intrusion detection features look pretty good.

It is a good firewall. It does what it is required to do, but it needs improvements. Their support and reporting could improve, and they can also do some work on the user login part.

For a campus, you can't depend on Kerio Control to provide everything. You need to look at some of the other tools if you're dealing with students, but for all other organizations, it is perfect as it is.

I would rate it a seven out of 10. 

We use the Kerio Control as the firewall, and we manage all the load balancing for it, as well as DHCP, bandwidth control, failover, and basic reports.

It has saved time for the members of our team who manage security, because everything can be done from the Kerio. If a problem arises or something needs changing, we can just put it into the same rule that we already have or make a new rule, a duplicated rule, which is quite easy  to do.

The most valuable features are the 

• firewall
• load balancing 
• bandwidth control
• routing.

We need these functions. We need to do what we do and then the Kerio is quite intuitive in terms of getting everything set up and managing it after. It has quite a nice UI which is fairly straightforward.

The firewall and intrusion detection features are good. It has blocked certain things. We have a lot of blocked sites that the staff or anyone using it, the public, etc., can't go on. It works for that. I get quite a few messages every now and again, saying that a virus has been detected and I can go in and block the user who's causing the problem.

In addition, content filtering is good. We use that a lot. In terms of the content filtering we use all the basic ones that it already comes with, like phishing sites and peer-to-peer. We only use the VPN a little bit, for admin purposes, to go in and administer the other equipment onsite, like the switches.

The comprehensiveness of the security features Kerio Control provides seems good. And it seems to just work. I don't really get down into the detail of it too much, but I'm happy with what it picks up. We haven't really had any problems.

It is easy to use. We've never really used the wizards that are provided. We had a guy come in and set it all up for us in the first instance and then we built upon it by just using what he already did as a template, to do other things. But it's pretty straightforward.

We also use the failover. We have two internet lines going into it, and it works. We have a loss of connection at the minute because of a problem with BT, our ISP, so it has gone over to another line. It keeps our security going, which is good.

We have been implementing solutions with Kerio Control for our clients since about 2016.

The stability is very good. I don't think it's ever failed. 

We had one time where there was an update, a couple of years ago, and it changed a setting for the failover and load balancing. As a result, we almost needed to roll back to a different version. We ended up finding the right setting. But that was the only thing that's happened really. Apart from that, they update fine.

For the sorts of things we do, we'd only ever really need one Kerio in any one location. Scalability is beyond the Kerio, for what we do.

We have about 150 users of the solution.

We don't have plans to increase usage. It's been the same for about four years now and I think it will stay the same for at least another one or two. In the place where it's installed it's being used very extensively. It's the endpoint for the whole network so everything in the company ends up going through it.

I've never used their technical support.

We did not have a previous solution.

We hired a guy to do the initial set up for us. I think he was a Kerio reseller and we used him for consultancy before it started and then he actually did the work on the Kerio as well, and the network in general.

Our experience with him was excellent. We've used him a couple of times since. He's brilliant. His knowledge of everything is incredible. We tried to do it all ourselves at first, but he came in and knew exactly what the problems were. Something that had taken us about four days, he did in five minutes. He's just incredibly knowledgeable about everything to do with networks: Cisco, Kerio, everything.

I've set up another one since, for the same company. I just copied the configuration file of the one and put it straight onto the other. They're in separate buildings, but they wanted them exactly the same so it was really easy.

That deployment took an hour, but it was because we already had one set up.

As for deployment and maintenance of these solutions we generally need just one person: me.

The return on investment is the fact that the network keeps going. In that respect the ROI is good. But the licensing fee seems to be getting too expensive. I wouldn't say it's a waste of money, because it's required, but it would make us look at the possibility of using another solution in the future, if it keeps going up at the rate it is.

It's too expensive. The license, in the last year or so, has gone up by over £100. We're almost being out-priced by the annual license at the minute. If we do need to change, it will be because of the annual license fee, and we will have to get a different solution.

Ubiquiti is cloud-hosted. We use a lot of those as well. If that was around at the time, in the same way it is now, we probably would have used that to start with.

A solution like Kerio Control is a nice-to-have for a medium size business. It just works. It does what it is meant to do. The hardware itself isn't too expensive, it's just the licensing fee that has gone up and up every year.

I would recommend it. My advice would be to get a professional for the implementation.

Overall, I would rate the solution at seven out of 10, because of the licensing, and there are other things on the market now that are probably as good.