KerioControl Reviews

We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

On average, deployment of Kerio Control takes us maybe 30 minutes.

The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

For a small office, I'm using it for a firewall. This is the most obvious primary use, along with: 

• The Web Filter subscription for content that gives a bit of protection to users on the network when going to sites with known malware and so on. 
• The Antivirus module, which is good at scanning anything coming through, giving us a first line of defense. 
• Some other features in there, like VLAN. I have quite a few VLANs setup for keeping things separate for a build network and so on. 

I have the hardware appliance on-premise. However, I do use some of the features, like MyKerio cloud, for remote administration and backups. These are hosted on the Kerio site.

Knowing users on the network are confident that they are in a safe and secure network and can't really hurt themselves.

It's a combination of authentication, internal network DNS, filtering, and antivirus. It is a standalone product which has a lot of the features that a Windows domain might have. However, I don't need to have a whole lot of Windows or Mac infrastructure, as I can do all my network management from Kerio.

One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.

The solution’s firewall and intrusion detection features are pretty good. I have, at different times, connected directly to the Internet in bridge modes with the modem, and the noise in the logs is phenomenal. So, it does a good job. I can see that the intrusion prevention catches everything that is coming at it. I tend to not use it in that mode. I have it connect to a port on my modem router, so I let the modem router take all the initial intrusion noise, then not much gets through to Kerio. That just gives me a lot of confidence that I have a secure network.

For the content filter, I am pretty much running their default. I haven't added any rules to that myself. The default does a pretty good job at picking up things. I might have whitelisted one or two things that I use which it tends to pick up, but I know they are okay.

Kerio Control gives us everything we need in one product. 

The feature that I'm relying on: If the appliance died and I had to get another one, Kerio has a configuration backup. Therefore, it's pretty easy to restore to a new appliance.

There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.

One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.

I first used this solution when it was a piece of software called WinRoute. That would have been around the year 2000. I've been using the product in its various forms for quite a long time.

The stability is pretty good. It ticks along nicely. I occasionally have to reboot it. It starts throwing strange errors on different clients. There was a period where Kerio was releasing software updates at least once a month, which would force the reboot, but I think kept it pretty tidy. Over the last year, their updates haven't been very regular. When it gets to running for about 60 days or so, it does get a little funny and the reboot sorts it out. I don't know what's going on there and why their updates have slowed down.

A good thing with the Antivirus module is there are probably six or seven dozen updates every 24 hours to the antivirus signatures. Therefore, they do a pretty good job of keeping at the head of the game.

It is a very low-end device. I am using their base model appliance, so it's a very small piece of hardware with fairly low-end specs. Given the broadband connectivity that we have in Australia, which is pretty poor to start with, that's not really an impediment to me. Moving data around across the land and subnets seems to work fine. 

I have about three users most of the time and each of those users can have three devices. Then I have various servers and audio visual equipment. I'm probably up to about 20 or so IPs that could be used, but not everyone and everything is running at the same time. It seems to cope with the traffic I'm hitting it with.

Our users are mainly doing email, web browsing, a little bit of streaming, and a little bit of Zoom. There is not anything terribly intensive.

I probably utilize 70 percent of the features. I don't do things like VPN. I don't do anything with quotas, forcing people to log in, or bandwidth management. However, these are good features that would help some people.

I am not looking to increase usage at this stage. I know that if I did, it has those extra features that I could use. If I started pushing the performance, then I would need to upgrade to get some bigger hardware. I probably can't increase my usage too much at the moment because the hardware would max out.

To get one little unit and configure your whole network is good. It's also good too for a bigger business where you have a network and a small office somewhere. You could drop one of these in that office to run everything, as it's set and forget. You also have the remote administration of the appliance, which would be quite handy to a lot of businesses.

I found the technical support pretty good. They are very responsive and come back with an answer on things pretty quickly.

I have been using Kerio Control for quite a long time. I didn't use anything else previously.

It has a wizard to sort of get it up and running very quickly. I think I did start with that, then went into the manual configuration for setting up VLANs and DHCP scopes. They were fairly straightforward to set up. 

It's a product that you can get up and running pretty quickly. Then, if you want to get into advanced configuration, that's what takes a bit more time.

Out-of-the-box, I had something running in an hour or two, but that's probably because I've been using the product for quite a few years. I know what to look for. But as for the advanced configuration, that's days of work. It's ongoing with the administration and tuning the network. I spend maybe a couple of hours a month just making sure everything is configured and working correctly. The logs are pretty good too. It's good to keep an eye on the logs as it gives you an indication if anything's wrong or if things are going haywire.

You need to have a pretty good idea of how you want to structure unit work and what you want your network to do, especially when you want to set up things like authentication. You need to preplan your subnets and IP address ranges for different users so you can then map them to the user accounts. If you're going to a new organization and setting this up, then there is a bit of work in planning all that and what you want the device to do.

For deployment and maintenance, it takes me few hours here and there.

I have definitely seen ROI. It has saved in client software acquisitions, such as, antivirus or any dedicated security software. In my configuration, I haven't needed any Windows infrastructure because this device does all the network management for me. So, it has saved me from buying software and some amount of hardware. It gives three or four people antivirus, which is probably about $500 AUS a year just in client security software that I've saved. Plus, there are servers I haven't had to buy, which gets pretty expensive, especially with Windows licenses.

Kerio Control saves us time when it comes to managing security. Otherwise, I would have to invest in software running on clients, which get frustrating.

On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.

It gets expensive pretty quickly if you need to purchase license packs. In the previous model, I was buying packs of five. It was concurrent: If you had 10 address licenses, then you can have as many devices as you want, but if you hit 10 devices, you hit your license limit. People will get frustrated. They do appear to be expensive, but I don't have anything to really compare that against. I've not done any market evaluation for quite some time, because my model has unlimited addresses, so I haven't had to think about that.

The comprehensiveness of the security features this solution provides is the reason why I have stuck with them for so long. It has all the features that I need, and I haven't had to go and buy separate products. However, there are competing products that have a lot of these features in them. I did toy with the SonicWall product for a little while. SonicWall, who is a subsidiary of Dell EMC, offered an appliance, but it didn't do the internal network DNS nor was it good at authentication. I think the Kerio products are more rounded for running a small network out of a single appliance and not needing other infrastructure. SonicWall was frustrating because it didn't have a lot of the features that Kerio had.

SonicWall was my first foray into appliances. Up until that point I had been using the Kerio Control software edition. I liked the idea of appliances. If you're running something on a PC, you need to have a PC running, along with fans and hard drives spinning. Your appliances, even though they're lower spec hardware, are small and quiet. At the time, SonicWall was a fair bit cheaper, but that was how I discovered it was a false economy. It just didn't have the pool of features in it that Kerio had, so I would have needed to have a number of work arounds.

Looking at Cisco's documentation, they look a bit more complex to set up than Kerio Control.

The overall ease of use depends on your skill set. I have a networking background, so I find it okay. As you get into more advanced features, it's probably a bit technical, but I managed to find my way around it through the documentation to get things working. It has some good features in there, like you can create a firewall rule and the console lets you test that rule, which is helpful when you're trying to build a firewall rule.

One of the features that I haven't used yet is Kerio Control's high-availability/failover protection. However, it is something I would be interested in setting up in the future. We have started using it yet because we are small scale with a very small number of users.

Provides the simplicity of having a small appliance that you can rely on to configure. If someone wants a network that can be structured to keep things segregated and safe from each other, then it's a cost-effective device, which is easy enough to set up and configure.

I haven't had any security issues. However, back then, I would have been relying on an antivirus, running on clients, hoping that it would catch things.

I would rate it as a seven out of 10, but then I don't have a lot of experience with other products to compare it against. Though, from what I see and read, it's as good as anything out there. Everything is good. However, I'm a little bit concerned that I'm not getting a lot of updates. Probably if I needed more performance, it would get expensive fairly quickly.

We primarily use the solution on the VPN for protection purposes. We utilize its antivirus capabilities as well.

I really like their general IT.

I like how it's possible for me to block other countries immediately if I see the need to do so.

The initial setup is a breeze.

The support the solution offers needs a lot of improvement. GFI took over the product and since the takeover, the support, the backups, the after-sales support, etc., has basically dropped off quite a bit.

When it comes to dealing with updates, there are often bugs on the solution. They should do a lot more testing before they release new versions.

I've been using the solution for about five years now.

The solution is very stable. Organizations won't have to worry about the solution crashing. I consider it to be very reliable. We have only had one firewall go down in the five years we've been using it, and I can't recall any other problems.

That said, when it comes to major updates, they need to do a lot more testing before they release things. Last year there had been a lot of bugs in major releases. It may have been because of the takeover. GFI has since taken over the brand.

The solution is pretty scalable. I updated it about two years ago and I didn't have trouble scaling. A company shouldn't have any problems expanding it.

Technical support is not the best. As an example, this past weekend I had an issue. It took me four days to get a hold of their support team. I'm a premium client. I tried everybody: America, Germany, UK, Africa. Everybody. That's unacceptable. There is no reason that their response should be that slow. In the past, I had managed to resolve issues quickly. That's not the case anymore. We're very dissatisfied with the level of service they are providing their clients.

I've previously come across Barracuda. I've spoken to the team there. In terms of meeting our needs, I've found that, with a lot of other products, it's very modular. Kerio tends to keep everything in-house. Due to that, there are certain functionalities that I prefer to have with Kerio as opposed to other solutions.

The fact that the setup is so easy is one of the solution's great selling points. It's straightforward. It's not complex at all.

It only takes one person to deploy and maintain the solution. The deployment itself only takes about an hour or two. Looking at the branches, it may just be 10-15 minutes of work for them. It's pretty quick. Of course, it depends on how many walls. A super basic setup is 10-15 minutes, however, if you have to put in a lot of rules, it will take longer because that process takes time.

I handled the implementation myself.

We're using the latest version of the solution.

I would recommend the solution. It doesn't take too many people to set it up or maintain it, like, for example, Cisco, which is a bit more complex and difficult.

I would rate the solution seven out of ten, and that's mostly due to the fact that their support is so awful right now. If their support was better and more reliable, I would rate them much higher.

Our client base is private yachts and on private yachts, we have different LAN connections, as well as different VLANs. Kerio Control allows us to maximize and control the different LAN connections, both from a performance and a financial standpoint.

The single largest component was the introduction of MyKerio and the ability to be able to remotely connect the challenge that we have with MyKerio. By yacht, I'm referring to the 1% of the 1% of the people that are out there with $50 million to $60 million yachts. They have satellite systems on board so one of the challenges that we have with MyKerio is the sensitivity to latency. What that means is that if you're on a landline like a DSL or a cellular connection, your ping time may be 20 milliseconds, but with satellite, because of the distances involved, those ping times could be 700 to even 1,100 milliseconds. This is a challenge that we have because just about any application or hardware device that is out in the market is not really designed to take that into account.

In this particular case, if we have a boat that is traveling from South Florida down to the Caribbean and the entire boat is on satellite and we need to be able to log into MyKerio for the boat, it's not optimized or set up for satellite communication. It sometimes becomes problematic in trying to connect to the vessel. Where if the entire boat, like on 4G or landline, then it's no big deal because MyKerio is optimized for that. 

That would be an area for improvement, but the benefit of it is that we can handle issues remotely. The other benefit is through a minimal amount of instruction to the boat, they can complete what I would refer to as basic tasks.

For example, if a boat is down in the Bahamas and the owner is on board, we typically have these in cellular and a landline connection and then on top of that, we'll have an owner, the crew, and guests. So in this particular case, we would want the owner on the fastest 4G connection. Then we would want to put the crew on the satellite connection, which may not be as fast. So it's just about optimizing the experience for the owner and being able to control the bandwidth.

The interface control manager where we can allocate LAN connections to certain VLANs is the most valuable feature. The other feature that's important for us is because everything is remote with MyKerio, as long as the boat has an internet connection, we can log onto the Kerio and get statistics, as well as provide support.

It's important because unlike a company where a company has an IT person on-site because these are yachts, they have a boat crew that is not necessarily "IT," so they rely upon us to provide them with their IT services. This is a platform that allows us to control and troubleshoot as necessary.

I would say about 95% to 97% of all of our support is managed remotely because of the nature of superyachts, where they're located, and the importance of the people that own them.

I have not run into any issues or complaints with regard to the firewall and intrusion detection features. I find that in this industry, the fact that those are services that are included is important. But I can't speak to the operability of it.

Because I interface the most with the boats and the crews, I've never run into an issue with the comprehensiveness of the security features.

In terms of the ease of use, if you took 15 different network professionals and told them to configure a Kerio Control, you would get 15 different configurations. Having said that, within our specific business segment, we have learned the configuration that works best for us and works best for our customers. The way that we have set it up is to not put the onus on the boat to make any changes, but if they need to make any changes they allow us to go in there and make changes. 

From my experience, I don't necessarily do the configuration on them, but I do manage them. If there's a boat that has a problem, I'm the first phone call. Most of the time I can figure it out, but what we provide as a service is that we refer to it as a virtual ETO which is an electronics and technology officer. That would be an actual IT person, but for the most part, we just encourage our customers to defer their technical queries to us and allow us to manage it for them.

It has saved time for the members of our team who manage security based on how they're using it. It has saved time in the sense that they have an integrated security solution. I think the maritime industry is moving towards a standardized security initiative because the problem is that everything within the maritime industry is based on international, not national standards. So where and how the Kerio Control will fit into that is undetermined because the IMO, International Maritime Organization, has not yet determined what those standards are going to be. It's still a work in process.

It has a VPN back to our data center but I don't think it has increased the number of VPN clients extended to those outside our environment

I have been using Kerio Control for four years. 

It is deployed in our office, as well as at our customer sites. Our customer sites are private superyachts.

The only stability issue that we have is with regard to the latency and using MyKerio. A potential deficiency I've encountered has had to do with the actual physical ethernet ports on the device. They seem to be very susceptive to shock. We have had to replace a few units due to that. Especially if there are devices that are POE devices. Part of it has a POE that goes out to the antenna and then there's an ethernet connection that goes back to the Kerio. We've noticed that for whatever reason, that particular device or combination don't play well together.

The way it works now, we can take an NG300 with four ports, and then we can create ports on additional switches. So the only instance that we really use an NG500 is for two reasons. One of them is processing power, and then the other one is if they actually have the requirement for different or more connections than the Kerio has.

Three people in the company, more from a customer interface perspective, and about six people in the company from a technical support perspective use Kerio Control.

We have it deployed somewhere in the neighborhood of 60 to 75 remotes. We will increase usage if we can increase customers. 

I would say that we're a medium-sized business. We're certainly an established entity within the superyacht communications industry. Besides our office here in Florida, we have offices in France as well, and we're headquartered in Majorca, the point being is that we cover all of the Mediterranean, the US, as well as The Bahamas and Caribbean. So it has not been unheard of based upon an issue to helicopter somebody out to a boat kind of thing.

I have not used the technical support. My experience initially with Kerio was dealing directly with Kerio and then at a certain point, they offloaded their distribution to a company called Lifeboat and GFI, and that has been a bit difficult. In my opinion, it's made things a bit harder.

If I need to get an answer to a question, I have to go through Lifeboat or GFI, and then ultimately they in turn have to get with Kerio. So it's created a middleman process. The case in point is that we have an order and the order just kind of kept going and there were no updates, there was no tracking, there was no nothing. I would go to Lifeboat and Lifeboat would say, "Well, we're trying to get a hold of Kerio and there was just a breakdown in communication."

Kerio Control is something that's being added to most of the network of the boats that we deal with. We deal with a lot of boats that look fantastic on the outside, but on the inside as far as the nuts and bolts go, they are not well maintained or they have really old equipment. That's one of the things that we always deal with. One of the things I always talk to captains about when I go on a boat is I ask them, "What are the chances that the owner's going to come on board with a 10-year-old computer and a 10-year-old phone?" And he answers, "Zip to zilch." So I say "Well, your network's 10 years old." It's going to work based on what you have in the technology of anywhere from even five years ago compared to today. It's not just a matter of throwing a Kerio in and saying, "Everything's going to be fine." Typically, it's a component of a network upgrade to include switches and access points.

The initial setup is straightforward for us now because we've done it for so long. The other side of it is that there haven't been a lot of changes per se. There have been tweaks. The consistency of the platform has pretty much stayed the same. So while they have optimized certain components of it, it's kind of like Microsoft Word. You could go back to a version of Microsoft Word 10 years ago and know exactly how to use it because everything's going to be in the same place. It's just an evolution of the platform.

It takes around an hour and a half to license and configure.

We have a uniform deployment process and then that's followed by adjustments based on the client's specific requirements. They may have more LAN connections than somebody else, or they may have less of a need for additional VLANs. It's on a case by case basis. But I would say 95% of everything that we do is standardized.

I'm not the one that actually implements it. Full disclosure, I order the device, I get the device, I license the device, I update the device and then at that point in time, I have one of the engineers come remotely into the unit and then they do the final configuration.

On the licensing side, the way Kerio works, and this is what we have to tell boats, is that if you think that you're going to save some money one year by not licensing it and then next year, you're going to license it, you're going to end up paying for that back year. You're better off just keeping it up to date.

Boats are really like life. People want to spend money on things that are sexy, and software licensing isn't sexy. So that's one of the things that we have to go back and let them know that it's going to work as far as the basic functions go, but the features are not going to work and their security will be vulnerable.

There are no costs in addition to the standard licensing. 

Evaluating other solutions would be the responsibility of the CIO because everything that we do has to be agreed-upon on a standardized platform as we are the ones that are going to have to support it. We let any customers that we deal with that are possibly dealing with other brands know where our demarcation point of responsibility is because it's very much so once you touch it, you own it. If you go onto a boat and you touch one thing, you'll be getting a call for the next three weeks about it. It's an industry that you have to be very specific about what it is that you're doing and what it is that you're providing and supporting.

We have been made aware of boats that have had security breaches, but we were not engaged to support their network at that time. We may have just been only the satellite solution provider. It wasn't specifically Kerio Control, but the situation necessitated them to reevaluate their network and invest in their network rather than just have it as a passive source.

We don't necessarily use failover protection. If you have a failover seamlessly set, the boat or the customer won't know that there's been a failure. We don't use the failover because we want the boat to understand if there's an issue with one of their LAN connections.

For example, if you have a cellular and a satellite connection, and you have both of them set to failover to one or the other, if the satellite connection fails over to the cellular connection, nobody on the boat is going to know that it's failed over. Without the failover, they can identify that there's a problem and then that can be addressed. But if it fails over, nobody is going to be aware that there was an issue and then there's nobody working on solving or trying to figure out what that issue is.

My advice would be to have a plan. Have a plan in place and make sure that you document everything that you do. Certainly, if you're talking about multiple deployments, you don't want to run into a situation, for instance, where you have three different IT people and each one of them is doing a different type of configuration. You want to have a policy in place for a standardized configuration. From a support perspective, as well as a usability perspective, make sure those are being addressed.

I would rate it about a seven out of ten. The only reason why I would give it that rating is because MyKerio can be a complicated tool if you don't know how to use it. 

I was at the Monaco Yacht Show and I got a phone call from an engineer on a boat. They were very angry with the service speed of their satellite. We have customers that pay anywhere from $2,500 to $40,000 a month for satellite service. In this particular case, they actually had to send a tender in. They had to take me out to the yacht and I got out to the yacht and I figured out exactly what happened.

As I was getting off the yacht, they were explaining to me how one of the crew members had worked with Kerio in the past. When I got onto the boat, somebody had set a QoS monitor to limit the crew network for the satellite connection to only 5% of the allotted bandwidth, but it wasn't just the crew, it was the entire vessel. So the entire vessel was limited through Kerio to 5% of the speed of their satellite. That problem or that issue did not arise as a Kerio issue. They said, "This is a satellite issue. We're having a problem with our satellite." So that's an example of, if somebody doesn't know what they're doing, they can have a pretty detrimental effect on the network.

The thing about Kerio is that there's not going to be a dummies book for how to use a Kerio Control. It's really designed to be operated and certainly configured by somebody who is in the IT industry. From the perspective of users, if you're the administrator, you can log into this and you have full access to everything. Whereas if you're "just the user," we're going to hide all of this other stuff from you and the only thing that you're going to be able to do is say that the owner network can use the satellite connection and the crew network can use the connection. 

I would like to see a very limited or dumbed down version for the average user. You could literally just do a couple of checkboxes and throttle everything on the entire network and nobody would necessarily be the wiser.

Primarily, I use Kerio Control as a firewall and for web-filtering user controls.

The filtering on the unlicensed version of Kerio Control is inefficient - you have to add each website manually, which isn't feasible. It also has no anti-spamming feature for emails.

I've been working with Kerio Control for four years.

Kerio Control's stability isn't good.

Kerio Control can be scaled easily.

The initial setup was very simple and took one or two days - it's on a Linux-based machine, so we just got the setup files and installed it. 

We used an in-house team.

I would give Kerio Control a rating of six out of ten.

I use Kerio Control as a firewall or IPS.

Kerio Control has helped my organization by hiding my private IP address behind the firewall and we use the proxy destination instead of my website.

I have found the most valuable features of Kerio Control to be the IPS and firewall.

Kerio Control could improve content filtering.

In the next release, it would be beneficial to have a new signature to the IPS technology. Additionally, some of the features are not able to be modified or configured, there needs to be more flexibility. 

I have been using Kerio Control for approximately four years.

The solution is stable.

I have found Kerio Control to be able to scale horizontally and vertically.

We have approximately 40 users using this solution. Many of them are administrators.

I do not use the technical support from Kerio Control. When I have an issue I find the solution by searching the internet.

The initial setup was simple, it was standard. It only takes a few minutes.

We have approximately two people that do the implementation and maintenance of the solution.

I pay approximately $50 for the solution on an annual basis.

I rate Kerio Control an eight out of ten.

Providing Firewall functionality, VPN connectivity and content filtering.

1. It decreased malware attacks in our network.

2. It improved employee productivity and data security.

1. The built-in anti-virus and perimeter security. 

2. The VPN feature.

1. The anti-virus and perimeter security functionality minimizes vulnerabilities in our network and better secures our data. This also decreases downtime of devices due to viruses and malware attacks. 

2. The VPN functionality has allowed staff to have stable remote connectivity on a secure and encrypted connection. This has improved the ability to get work done smarter and efficiently whilst working remotely (or from home).

1. More detailed reporting. 

 2. Sometimes you get a few challenges joining to a domain. 

3. Improved and simplified User Interface.

I have been using Kerio Control for over four years. 

It is a stable solution and we have not had any major stability issues in our four years of using it. 

It is very scalable. If you are using a Virtual Appliance make sure your hardware specifications are good then you can easily add licenses as your users increase. On hardware Appliances you might have to upgrade to a bigger appliance as your users increase.

The support is fine. The response time can improve. 

Yes, we switched due to the favourable pricing, many features and robust performance of Kerio Control.

The initial setup was straightforward. We deployed Hyper-V Appliances and everything worked as it should. Connecting the Appliances to MyKerio was pretty simple and hassle free.

In-house.

Our ROI is very good. The savings we have made after deploying were good. We have saved on downtime of devices due to attacks and man hours of the IT staff attending to these issues. This enabled us to invest time and resources into profitable projects rather than to support.

The setup cost is fair especially of the Virtual Appliances. The annual licensing is easy and priced fairly.

Yes we looked at Cyberoam and Sophos.

Kerio Control is a good solution which is reliable and easy to use.

It is mainly for user control, e.g., who is downloading the most.

We are using the latest version.

It helped a lot with the bandwidth because a lot of our clients complained that the Internet was really slow, then we found it's a Windows update or some guy inside the company using YouTube. With Kerio Control, we found out what was going on, blocked it, or pushed it down.

It helps the IT manager monitor their staff. As for the servers, it gives protection from the outside. Their intrusion protection works extremely well, so you can see if there are issues from outside in the log files. The whole system is just easy to read.

Right before the lockdown, we got requests for home connections like crazy from customers. We put all of them onto Kerio VPN, which is much easier for them. They log onto Kerio VPN and can see their local drives and servers, then they can work.

The VPN is a useful feature.

When you go under status to, "active host", you see what all your users are doing. We found that this is the most useful feature.

The security features are quite easy to use. It gives us everything we need in one product.

The solution’s firewall and intrusion detection features are quite good because you can see exactly who is attacking you and who is getting blocked.

The antivirus is good. Since they changed over to a new provider (GFI), we haven't had issues with it.

A little bit more info when we search on the client under active hosts. We would like to see a column to say what is going on: Is it encrypted? Is it HTTP or HTTPS? Is it connected to a gaming services?

I would like the customer statistics to be more user-friendly. It should explain more what users have been doing throughout the day. Sometimes, it'll just say they downloaded a big file. Meanwhile, they were connected through a VPN.

Since 2006.

The stability is good.

The VPN features are awesome. The only issue that we had is when they changed versions. They removed a security feature and blocked out all the old VPN connections. As a service provider, we had to do an update for a lot of clients' VPNs after their update came out, which created more work for us.

The scalability is awesome.

For our big corporate clients, the solution gets used a lot. We have one client with about 200 users and about 10 to 12 servers.

We have five to six support technicians who work with Kerio Control.

I have never used their technical support.

The initial setup is straightforward. It is easy to install. You just put in a memory stick and boot it up. Or, you just start up the device and follow the on-screen prompts. The deployment takes five minutes.

We do use the online services Kerio provides for our implementation strategy.

Our clients see ROI with Kerio Control, as they are saving bandwidth costs.

Kerio Control has saved time for the members of our team who manage security. It can save us two hours to a day, because if we use Mikrotik or something else, we have to sniff through the logs. With Kerio Control, we just log on and can see immediately what is wrong.

We tried FortiGate and Mikrotik, but they don't do what we want. Licensing is easier with Kerio Control. Also, troubleshooting and implementation on a network is much easier. You don't need to call support all the time. With FortiGate, we realized the licensing is really hectic, because if you skip one year, you have to back pay that year. If you skip two years, you have to back pay two years. With Kerio Control, if a license expires, one year later you can just reactivate and go on.

It tells you what your users are doing or what is happening on your network. It goes into detail and you don't find that on FortiGate.

The way that we sell Kerio is we show our customers what they can do with it. They don't really care much about licensing after they see that you can view each person one by one to see what they're doing. 

I would give the product a 10 out of 10. I have been using this solution for an extremely long time. It is very helpful. With clients that don't have Kerio and have issues with their network, then we'll install a demo version of Kerio, fix the errors and problems, showing them what Kerio does. After, we'll take it out and put them back onto their normal router. It will take about a week or two weeks later, then they will phone us and say, "Please send us a quote for Kerio."