We just raised a $30M Series A: Read our story
Arie De Kruijf
EMP Specialist at Global EPM BV
Real User
Top 5
Can be used with our customers' certificates; they can see their connections are properly secured

Pros and Cons

  • "The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us."
  • "The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser."

What is our primary use case?

We're using Kerio Control to protect our solutions in data centers and to provide VPN access, via the firewall, for our clients.

We're EPM specialists, we host and build EPM platforms which are financial software platforms used by large entities all over the world.

How has it helped my organization?

Where previously users were connecting via exotic firewall systems with no certificates on them, Kerio Control can be used with the certificates of the customer so that customers can also see that their connections are being properly secured on the sites that they are using. That helps them identify their sites and to distinguish their connection from other connections.

The solution has increased the number of VPN clients extended to those outside our environment. All our clients that we need to visit have a VPN solution. And the ones that we host in the data center are only accessible by a VPN client.

What is most valuable?

The VPN connection is the feature that we are actually using this solution for, but routing and checking what kinds of sites are being tested or accessed, is also helpful. That can be logged and reviewed to see if everything is going okay. It's for protection of the network behind it.

Kerio Control covers quite a lot, when it comes to security. There are, of course, always things missing in a product that you would like to have, and we have even questioned the vendor to see if they can provide one of the solutions that we would like to have in the product, but that does not seem to be the case at the moment. But for us, it covers almost everything we do with it, which makes it quite a suitable product for us.

The firewall and intrusion detection features are very useful these days because hackers have a lot of tricks that they use to get into a system. With Kerio Control you can see something that's happening. Otherwise, you have to use other tools to see what's happening on the firewalls. Having IPS in it is quite useful for us.

What needs improvement?

The content filtering in the product is pretty sensitive to configure as all content is being scanned. It can take quite some time to find out what content you want to scan. For example, if you use words for scanning content, there are some words that you really can't scan for because they are synonyms and can be used in all kinds of communications. Therefore you get false positives where it finds the word, but it's actually a case that you should ignore. That makes it a bit difficult to use it.

The VPN features are the ones that we really like, but we are using a VPN client to be able to use them. We would like to have an SSL implementation for this same feature so we don't need to install anything on the client side. That's a feature I really miss and that should really be embedded in the product. We really would love to use it via a web browser.

Another area for improvement is to be able to import users from a single text file. That functionality is really not developed enough and it is not easy to bulk-import users into a firewall. 

Finally, if you use a firewall product with a certificate, you can only use one VPN client on one domain name. So if I would serve multiple clients with one firewall, I cannot use different domain names. For example, if I put in the domain name test.com as a certificate name in the firewall, then all users, even if they are using it from different companies, have to use that certificate name as their client settings. That's really not appreciated. We would like to set up a firewall with unlimited users and use it for multiple smaller customers. Those companies use a service from us and we could use one firewall for that, but we can't, simply because we can only use one certificate. We can't use the name of the company with other companies. That's a lack of a feature and we miss it.

What do I think about the stability of the solution?

The product works well. We seldom have issues with the product, hardware-wise or software-wise, and we have firewalls that have been running for more than a year without even a reboot. The only reboot they get is when they need an update.

When they went from Kerio directly to GFI, GFI implemented some new software solutions in it and did some things their own way, which helped to make the product a bit safer than it already was. These were improvements that were really needed and we wanted as much as we possibly could get, and therefore are much appreciated.

The NG100, which is the lightweight firewall — and it can do pretty much the same as the large NG500 — has an external adapter and that has broken at least three or four times, and that's a problem. Even for those little firewalls, an adaptor should not break. It's probably because of heat dissipation or the like. We don't have this problem with the NG300, which also has an external adapter, but it's a bit different and a bigger adapter. The NG500 doesn't have that problem at all. It has an internal power supply and there's nothing wrong with it. We have never had one fail, so far.

What do I think about the scalability of the solution?

As it has an unlimited number of users that we can use it for, we haven't reached the limits of the product. It's a really fair product.

Our customers use it every day. We will increase usage of these firewalls if we have a customer for it.

How are customer service and technical support?

GFI's technical support is way too slow in terms of response times. Their knowledge is okay. They should know their products. Even though they bought Kerio, they were able to update the software with their developers and build some new routines in it.

But regarding the support, if I send out a solution or a request today, it's taking too long to get a proper answer. You should have an answer the same day, at least, and if possible a quick response via email. That would be preferable in our cases. I know that is not always possible. And that's for software issues. 

But if you have a hardware issue it's even worse because we are not able to get hardware maintenance on the firewalls. Ideally, within two hours of going down, a mechanic would come with a new firewall to replace it and to restore your saved configuration from the cloud. They don't have that. If a hardware issue arises with a firewall, then it takes at least a week, maybe a week-and-a-half, to get a new firewall sent by GFI. That's really not acceptable. If we have a hardware issue and we order something from some companies here in The Netherlands, we have it the next day. That would be acceptable.

We deal with that by having a spare NG500 lying around that we can use. We've never used it, so it's already three years old, doing nothing. But it's there.

How was the initial setup?

For us the initial setup is straightforward because we have been using it since the product was called WinRoute, which was 20 years ago, I believe. We pretty much know all about the firewalls and what we can do with them. So the setup for us is really easy to do.

On average, deployment of Kerio Control takes us maybe 30 minutes.

The implementation strategy depends on what the customer needs, and every customer needs something else. In general, the VPN setup is one of the things all customers need, and rules settings, open ports and closed ports, are part of some basic settings we use, but pretty much everything else is different for each customer.

What's my experience with pricing, setup cost, and licensing?

Where we were using, for example, a VPN solution for 75 users, GFI has now changed the contracts to use the unlimited version, and that is a bit cheaper price-wise, compared to having 75-user account licenses.

But it's pretty expensive in licensing costs, especially if you use the product longer than one or two years. The licensing costs are still high, which I don't think is reasonable for a product like this.

The licensing should really be narrowed down and be at least one-tenth of the price. To give you an idea of costs, an NG500 costs about €3000, and the licensing costs are about €1400 to €1500 a year. They call it "maintenance," but they are not doing anything in terms of maintenance on my firewall. They just supply a little update and those updates really don't cover the price that they calculate for it.

By comparison, if you know what a Windows 10 workstation does on your local computer, you get the updates for free and the price of the installation is something like $100, and you can use it as long as the product is supported. That's a reasonable price, and it also has security. 

With those licensing costs for a little firewall, it's really disturbing because people look for different solutions when the price is too high. You can't make money off of it if you need to pay almost €1500 a year just to get the updates, and those are basically firewall updates. Of course, if there is a system update, like firmware, they will implement that as well. But it doesn't match the cost of what they are doing for us with it. It doesn't explain why these licensing costs are so extremely high.

As long as the product works we use it because we know the product. It's much easier to use an existing product than to swap over to a low-cost product that we are not familiar with. That is one of the reasons we use this product, but mostly because we never had a breach, which is, of course, pretty important now.

Everybody has a price when it comes to security. You can use a simple Windows Firewall on a virtual machine, which costs you almost nothing. And if you put the firewall on there and use it as a router, you can also connect VPN clients to it, but you're using the Microsoft solution for that. Kerio is based on a Linux kernel, which is pretty much free and they are asking a lot of money for a firewall because it's called a firewall and it should protect you. But in fact, they cannot guarantee that nobody will ever get through your firewall. Nobody is giving that guarantee to you, and that is why it's too expensive.

Which other solutions did I evaluate?

We have also worked with Cisco, FORTRESS, and Juniper. One of the main reasons that we're using Kerio is that the interface is really simple to handle. It's really laid out well.

I don't like the Cisco interface. In the old days, we had to do everything manually via the console; type in all kinds of stuff. Now, you just want to click something.

What other advice do I have?

Each implementer or solution specialist needs a product that fits the needs of the company or customer. That's totally dependent on each customer. If you have never seen a product like Kerio Control, it's still quite easy to implement the firewall. They're not too complex.

Not every customer wants to install a VPN client to get to a different network. Some of them want to have a browser solution where they just enter an address and they type in a username and password, even verified by a two-step verification. If they are verified and authenticated, they can use the different networks. I believe we had that kind of functionality in previous versions of Kerio, even when it was called WinRoute, but they took it out. These days, everything is being arranged by a browser but I understand why they took it away from the browser. It's because of the security flaws that are mostly in browsers and they're never up to date.  It doesn't matter whether you're using Firefox, Chrome, Mozilla, Internet Explorer, or Edge. They all have their things that are not working correctly. There are vulnerabilities in all browsers.

The biggest lesson I have used from using Kerio Control is that I would choose the NG500, the rack model, over any other model they have, as that has proven to be the most stable version and the most stable product. It just runs forever.

We are using three of Kerio Control's models. The NG100 is for really small solutions where you just need a firewall with VPN capabilities. They have a bit of a larger model, the NG300, which is suitable for faster solutions. And we have the enterprise solution, which is their fastest firewall, the NG500, and that's a rack model firewall.

The antivirus helps people who are uploading files, so that they are scanned. That's not what we are using it for, but our experience with the internal firewalls are a bit different because you can also use an external firewall in the product itself. And now it comes with Defender, which currently works well. For what it is scanning, it's working fine.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor. The reviewer's company has a business relationship with this vendor other than being a customer: Partner
AS
System Administrator Team Lead | Developer at a tech services company with 11-50 employees
Real User
Top 10
Makes it easy to manage and add settings to the firewall, and gives us a single point to manage global rule sets

Pros and Cons

  • "The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data."
  • "If you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically 'find out for yourself.'"

What is our primary use case?

We mostly use Kerio Control as a virtual firewall solution, and the user accounts let people have access to the internet through the firewall. We also have a few cases where we use the VPN. But it's mostly a firewall solution with multiple VLANs and the network behind it.

It's deployed on-premises, both virtual and hardware solutions. The NG100 is the smallest solution for smaller businesses, but we mostly use the virtual appliance.

Most of our customers are small to medium companies, where there are between five and 40 work spaces. Everyone has a PC and they have a VoIP phone and their own phones, and they have tablets. Most of the time, it's one to four devices per user. The biggest client we have is around 30 users.

How has it helped my organization?

It has made it easier for us and our employees to manage and add settings to the firewall, as opposed to another brand where you have to use command-line or really complicated layouts. The ease of use is a big plus.

The solution has also saved us a lot of time in managing security. We have to adjust the content rules and now we have one place where we can enter them. We have a customer with about 20 Kerio Controls and we don't have to set all the rules on each firewall. When we have to add some rules to each of the firewalls, it can be done within one minute. Normally, it would take 20 to 30 minutes, depending on if they're all online — and we would have to check them manually. Now, we just have to enter them and, when they come online, they sync with the global rule sets.

What is most valuable?

The traffic insight page or the administrative portal is really helpful because you can see all the internet usage down to the point where you can see if it's big files or streams. It gives us a good view of what the internet usage is of users who are coupled to an IP address. That way, if there are problems with, for example, a lot of data usage or problems with the connection, we can narrow it down to a single user or server and address the problem. It's really helpful for diagnostic data.

The content filtering is pretty good for our needs, especially with the global rules you can define. We can define global rules and use them on multiple Kerio Control installations. So we have one place to set all the rules for different customers. That's very good. The rules that it auto-updates and that are automatically available — for example, spam or indecent websites, or whatever else is in the firewall by default — are good.

The VPN works pretty well, especially with the Kerio Control VPN software. Some products don't have their own VPN software and, with Windows, sometimes it's just better to have a piece of software. That's especially true for some of our customers because they only have to open the software and press "Connect." Windows can be a little bit weird when it comes to that, and it breaks connections. You really don't see when Windows loses a connection or if you have to reconnect. The Kerio Control VPN client is pretty good at that.

What needs improvement?

The antivirus is either on or off, but we can't really see or measure how well it is doing. Sometimes we get the feeling that some files get past it and then they get caught on the antivirus of the client PC. We would like to have more control with the antivirus.

Also, we have multiple employees working on firewalls and if one employee changes a rule and traffic that shouldn't be there suddenly comes through the firewall, it's hard to pinpoint which rule is affecting that traffic because there is some overlap. It's not clear if it's getting past it because it's not decrypted. It needs more logging or more in-depth diagnostics about which traffic is hitting which rule on the firewall. Sometimes we have 20 or 30 rules and it becomes a whole job to figure that out.

When it comes to QOS, the quality of service, you have to set a fixed bandwidth. But sometimes, when we have multiple connections in front of it, it's a fallback line. For example, when we use Kerio aboard a ship, there is the satellite connection but there is also a 3G or 4G connection. We always have to set a fixed limit for the connection. If we set the fixed limit to 4G and it switches to navigation, one user can use up all the bandwidth for the entire ship. It would be better if there were something more dynamic, where it could sense the total and we could use percentages. For example, we could say a user has always 5 percent of the connection. But now we have 5 percent of a fixed connection number. The fixed limit on a line for QOS is a problem because we don't always know which connection is in front of it.

Also, if you have to dive deeper into the firewall or any other features, then you really have to read up a bit about how to set it up properly. Some of my colleagues, in the beginning, jumped in and made a bunch of rules but then it got really messy. If Kerio had a template or guidelines for best practices, at the beginning, that would really help. With Kerio Control it's basically "find out for yourself."

We've also had some problems with how to set the rules, but that's when more than one rule is overlapping and cancels out all the other rules. However, that's more our fault.

For how long have I used the solution?

I have been using Kerio Control for around six years.

What do I think about the stability of the solution?

It's pretty stable. We had some problems with Kerio Control virtual appliances. If it was running more than 20 days, it would become really slow and sometimes it would just stop working. When we rebooted the solution it would come back up. But that was something that was happening a year-and-a-half ago. Since then, we haven't had any more problems with it. 

We had a few solutions that just went corrupt. We're not sure if that was the disk or Kerio itself. We always have an installation of the virtual appliance on the server, so we can set up a new one, load the backup back in, and be up and running again in 15 minutes.

How are customer service and technical support?

It's been a while since we contacted support, but back when we did it was pretty hard to get a hold of someone. We didn't get a lot of feedback. Most of the time, it was, "Look at the documentation." It was hard to get someone to look over our shoulder and help us with the problem. I think that was before GFI took over.

Which solution did I use previously and why did I switch?

We did not have a previous solution. 

How was the initial setup?

As I said, if there were best practices or a template, the setup would be a lot easier because you start and then you change the setup according to what you think is right. But later on, when you encounter problems and look in the documentation, you see that another way is better. That was a bit of a problem when setting up. It all works, but in managing or adding rules, for example, or we just didn't do it properly. It was a bit of trial and error and that was a problem. It's too much trial and error when you start.

Deployment time, for some customers, is fairly quick. A basic setup can be up and running in 15 or 30 minutes. With other customers that have a lot of rules we do testing so it could take three or four hours.

For our implementation strategy, we just look at what the client wants. For some clients, we have a basic template now, where we always use a backup from an existing Kerio. If it's a new customer, we check if we have an existing Kerio that's pretty much the same, or we just do it from scratch if there aren't too many rules or networking behind it.

What was our ROI?

We see ROI because the ease of use is a lot better, so we spend less time on maintenance, administrating, changing rules, and checking usage.

What's my experience with pricing, setup cost, and licensing?

If you have a lot of users, the licensing can be a bit of a problem because we have a lot of customers who don't use the user feature, but we have five devices per user, and we have to extend the license every time. The fixed model of users and devices is a bit of a problem for us. We want to be able to expand it fast and not have to contact our supplier first to get a license. That takes another one or two days and the customer is waiting.

It might be better if they offered a fixed monthly or yearly price instead of the user-based price. That's really keeping us from deploying with some of our smaller customers or customers that have a more dynamic user base. If they had a larger fixed price with unlimited users or devices, that would help. Now, it's five users each time. A pack of 100 or 200 users for a certain price would make it more dynamic and user-scalable.

Which other solutions did I evaluate?

We looked at pfSense and some paid firewall solutions, but in terms of how user-friendly it is for our employees and my colleagues, and how well we could manage it from a remote portal, Kerio Control was better, in our opinion.

What other advice do I have?

Kerio Control is a nice-to-have for a small business like ours.

My advice would be to look at best practices or get someone to show you how to properly set it up before you try anything and it gets too messy. The biggest lesson I have learned from using this solution is to look out when it comes to firewall rules. Don't use too many firewall rules or content rules because it can get really messy, really quickly, if you don't have a decent strategy for that.

We always try to use auto-update, so most of the time we're on the most recent version. We have some examples where we use Kerio Control aboard ships where the bandwidth is really limited. In those cases we use our own timeframe to update Kerio Control, but it's normally done within a month or two, so most of them are up to date.

We haven't seen anything yet in the antivirus and we haven't had any problems with malware with our systems. I don't know if malware is being detected that well, because sometimes the clients still have some malware. I don't know if it's because it's an HTTPS site or something else.

In our company, most of the work with Kerio is done by about 10 people. Everyone does the same tasks: administrating, changing rules, and installing new Kerios. I work on it in my role as a system admin team lead and developer. As of late, I've been more of a developer than administrator. The others are system administrators, business consultants, and there are two other developers.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Learn what your peers think about Kerio Control. Get advice and tips from experienced pros sharing their opinions. Updated: November 2021.
554,529 professionals have used our research since 2012.
Hugo Van Putten
Owner at Multi Level Software
Real User
Top 5
Gives me the ability to map which ports to allow in and out of the VPN

Pros and Cons

  • "I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN... It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there."
  • "I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is."

What is our primary use case?

I use Kerio Control because it is one of the few firewalls which allows easy failover from two separate internet providers. It also has virus protection built-in. I use it to have reliable access to the internet, which is virus-free and which fails over if one of my internet providers drops — and they do sometimes when it rains. Those were the reasons I wanted Kerio Control. And it just works; provides internet.

We are a very small company, and started with two users. We have now four users who use it on and off. There are nine or 10 computers. I, myself have three or four computers working at the same time. I'm not really dependent on cloud, but I use internet very much in a lot of situations.

It's deployed onsite but as a virtual machine in a Windows server.

How has it helped my organization?

Being an SMB, Kerio Control is nice-to-have. It fulfills my needs completely. 

It allows the users I have to use email without any problem, without their having to know anything about the fact that there is a firewall which protects them in different ways. I might spend an hour per month on maintenance of the Kerio system. So it's very transparent and very hidden. The best thing is the fact that nobody notices it.

It has helped me save time. It allows me to get on with my main work, without spending any time on security or worrying about threats to the data I have. Without it, I would have lost a lot of time. A long time ago, I spent a lot of time cleaning computers, removing viruses, etc. That has all gone away since I have had this set up, as part of a three-layer defense.

The failover has no effect on security. It only affects the availability. There used to be a situation where I had two internet providers with different speeds. If my main provider was down, it would be backed up by the other and I wouldn't notice that it was a little slower, and I wouldn't notice that one of my internet providers was unavailable. This guarantees that I always have internet availability. We had some technical problems with one of the lines which was very sensitive to rain — which sounds weird, but okay. And this setup allowed me to not think about it anymore. Since then, internet speeds have grown and at the moment it's not a big issue, but I'm sure that both of the providers drop once a year for a day. But I don't notice it, and that's very important for me.

What is most valuable?

The most valuable features include 

  • being able to attach to two different internet providers
  • the ability to map which ports you will allow in and out of the VPN, which is built-in 
  • the fact that it reliably works without any attention.

I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN. This VPN is different from most other VPNs, although they have used a standard version. It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there.

I have one or two VPN clients, at most, that are active at one time, so it's there if needed when I'm not working at this location. It helps me a lot to have a reliable VPN client. I have no performance issues when working through VPN.

Kerio Control also has some authorizations so I am able to block internet access for certain hours for certain people.

Overall, the security features are adequate. They do what I need. I don't have much experience with anything else, so I can't compare, but they completely solved my problems.

The firewall and intrusion detection features don't hinder me, and I haven't had any attacks, as far as I can see. I want a firewall to be unobtrusive. I don't want to notice it's there. It should just do its work and protect me and not hinder me when doing real work, and that's what it does. It's very good because it shouldn't be noticed, and it's good at not being noticed and doing its work.

Overall, I don't have any problem using Kerio Control. For me, it's very easy, but I've been working in software for some 50 years.

What needs improvement?

I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is.

It might also be interesting to have a GFI-approved, Docker-containerized version of the Kerio Control system.

For how long have I used the solution?

I have been using Kerio Control for more than 10 years.

What do I think about the stability of the solution?

I don't remember any glitches. I haven't had problems with it for a very long time. But I use it very specifically for a certain purpose and that works fine.

What do I think about the scalability of the solution?

It's very hard for me to give a correct estimate of the scalability, since a lot of overhead in my situation is caused by the fact that I run it in a virtual machine. That means the bandwidth which it can process, which would be scalable, is downgraded because it's in a virtual machine. That's not Kerio's fault.

I have no plans to increase the usage in the future. For me, it's adequate because I have a lot of leeway. I have enough bandwidth available to fulfill my needs.

How are customer service and technical support?

The problems I've had with Kerio, when I wanted to change something, have always been solved by consulting the Knowledge Base.

We are located in Holland and there is supposed to be Dutch tech support, and there is an American tech support, as far as I know. The bad thing about the American tech support is that reaching them by phone is difficult and by mail there's a certain turnaround. So, I'd rather rely on the Knowledge Base so that I'm not really dependent on the person on the other side.

They have an extensive Knowledge Base and, if you can't find something there, you can check the internet and there's enough available.

Which solution did I use previously and why did I switch?

I switched because I wanted something which had the possibility to handle two different internet providers, two network cards, and do load switching and load balancing. The other solution I used didn't have that.

How was the initial setup?

The initial setup is easy. I know what I want to configure so it's easy, no problem at all. 

The biggest problem I have is using it as a container on a virtual machine. You have to connect your hardware network cards to the internal virtual machine. That's a problem that Kerio won't be able to solve because it's the environment I have to create to let Kerio work in the way I work, and that is probably different than most users. But if you use it on a simple PC, it's no problem at all.

I reinstalled it recently and it took me about half an hour, and part of that was getting backups right, etc.

As for an implementation strategy, I changed the system my Kerio was installed on, so I first did a trial-install to figure out if everything worked. After that, when I did the actual production install, it was done very fast because I had tried it out before.

What was our ROI?

It does its job. Converted into hours, it doesn't cost more than five hours per year to pay the price for the 10 users I have. That's a good deal for me.

Having good internet access is a very large requirement for me to do my work. Internet is one of the basic tools I have and I need a firewall. Your internet provider will give you a box that has a simple firewall in it, but that doesn't suffice for me. I need something like this and it's not an option for me not to buy a product like this. I'm really not even thinking of return on investment. If I don't have something like this, I just can't work. It's a basic necessity.

What's my experience with pricing, setup cost, and licensing?

I don't think it's expensive. I'd recommend it to others.

Which other solutions did I evaluate?

I haven't evaluated any other options. I started using Kerio Control and it was sufficient. I haven't spent any time looking at alternatives. I've seen constant improvements in Kerio; they actively enhance the product. That's a good sign for me. I also use the GFI mail server and I prefer to use one company for my tools.

What other advice do I have?

My general advice is always: Read the manual, check your hardware and see if you have everything you need, and if it will suit your needs.

It's hard for me to assess its malware and antivirus protection because Kerio is one part of a three-part defense against malware and antivirus. I'm not sure which part picks up which problem. My philosophy is that no single protocol picks up all the problems, so if you have several of them, you'll fight the virus or malware at some point. That's why I have three different tools with different focus points, and together they keep me safe. Malwarebytes specializes more in malware, ESET is a normal desktop antivirus system, and this system is a general anti-malware and antivirus system of another type. They compliment each other.

I have an internet speed of 200 megabits per second, and 15 might be enough. So the only point I don't know about Kerio is whether it takes a lot of performance out of the maximum you could get if you didn't have a firewall.

Overall, I would give it a nine out of ten, but with the comment that I haven't compared it with anything else. On my scale, 10s are very rare. They're for things that go beyond my expectations and Kerio does exactly what I expect and it does it well.

It's just an essential which does it's work. I don't think about it normally. It's just there and it works.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Robert Allino
Owner at L3GNL LLC
Real User
Top 5
Notifies me whenever there's a problem so we don't have to constantly watch the screen

Pros and Cons

  • "The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature."
  • "I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working."

What is our primary use case?

I use Kerio Control is several different places. I use it at home. I also have a firewall at my grocery store. I have a server on the internet that uses Kerio Connect, and I have Kerio Control in front of it.

How has it helped my organization?

It has improved my organization because I am able to back the mail server through the tunnel to my house. All the video cameras at the store get copied and backed up to my house as well. For example, if I had a break-in and someone took the video server, I would still have copies of all the videos.

Kerio has saved time for those who manage security. It notifies me whenever there's a problem or when something goes wrong so we don't have to constantly watch the screen. It saves us 20 to 30 man-hours a week. 

What is most valuable?

The custom firewalling is pretty intuitive. You don't have to sit there and learn a new language or anything like that. You can just block this, open that, allow this, just allow that. With a lot of firewalls nowadays, you have to know a language. You have to sit there at the keyboard and type in special commands, and those commands are not used anywhere, just for that particular brand of firewall. Connecting the two up in two different locations for a tunnel is easy.

The comprehensiveness of the security features that Kerio Control provides us with is good. Before GFI had it, they would have more updates. The updates have been slower, but I like the things that they keep adding like the ability to block by country. I use pretty much every feature.

Kerio Control gives us everything in one solution.

The firewall and intrusion detection features are pretty good. I haven't had an issue that I know of. I hope no one's gotten any. I think it's good.

I also like the malware and antivirus features. It's sitting in front of my email server and the email server has antivirus too. The firewall catches it before the email server even catches it, so they work pretty well.

I like the VPN but I don't use content filtering that much. It works pretty well but a lot of times kids can get around that kind of stuff. I don't have kids that age anymore, so I don't have to worry about it. I don't use the content filtering that much.

Kerio is easy to use. If you don't know tech, you can't just get up and do it. Nothing can be that easy, but you don't have to be a rocket scientist to do it. `

What needs improvement?

The only thing that I have a problem with is not so much the product itself, but back when Kerio had it, I could call up Kerio or send an email and do an upgrade online. I could renew my subscription online. But now, I have to go through a third-party, and it seems clumsy. 

I can no longer renew my subscription directly with GFI but we have to go through third-party resellers like CDW. The first time I did it with CDW. I went to CDW and it was almost like they didn't even know anything. They didn't know what package I was supposed to get. Then after I got it, it took almost five days to get everything working. I used to be able to go to Kerio's website and then add the stuff to my cart, use my credit card, and it would bill me. Everything would be working in a few minutes. But now, if your subscription is getting ready to expire, you better give it a week or two.

For how long have I used the solution?

I have been using Kerio Control since the late nineties when it was called WinRoute Firewall.

What do I think about the stability of the solution?

The stability is really good. I haven't had any issues whatsoever. 

What do I think about the scalability of the solution?

I'm not a large enterprise, so I don't know how well it scales. But I imagine if you were to throw bigger hardware at it, it would scale really well.

I'm the owner, so nobody else touches Kerio except for me. Everybody else uses it as part of their job. They don't really know it's there.

My company is small-sized and Kerio is good for it. It's good for small and medium businesses. I've never used it on a large or an extra-large enterprise, so I couldn't give my opinion on that. I would imagine it could, I just don't have any experience.

How are customer service and technical support?

I haven't used GFI, but back when Kerio had it, they were very good.

They were very responsive. A lot of times you call the company tech support and they want to treat you like you don't know what you're doing. It's a "Is the power plugged into the wall" kind of a thing. They're very fast to understand that it's not the user that they're talking to on the phone. That the user they're talking to on the phone knows what they're doing to an extent and needs some extra help. It saves time. But I haven't had to call GFI yet, other than when my key wasn't working. It was an email. When I renewed my subscription, the keys didn't update. They had a problem with their update process, so the person had to go and manually update all my subscriptions. It took a few days. 

At first, they didn't understand, because they said it's just automatic. Which it's supposed to be. The next day I told them that it didn't update. Then finally looked and they did one subscription, and then I told them that my other subscriptions didn't update. 

At first, I was supposed to read a manual on how to do it. But I was doing everything that was shown, it just that their process behind the scene wasn't working. It's the online thing, so it was updated. However, my server wouldn't get the notification that it was updated. They thought I was not doing the website properly because they would tell me to go to the website and hit update. It first started as if I was a user that didn't know how to do anything and then they realized we had a problem. I fixed it. It should have been a lot faster.

Which solution did I use previously and why did I switch?

I did try out another solution called Unify but it wouldn't work very well. I couldn't get the VPN tunneling to work. The GUI was not intuitive and it was all over the place. Things were not all in the same spot. 

I actually bought several of them. I was going to go away from Kerio. I didn't like the way Unify worked. You had to have a gateway key in order for it to work. You took two devices to make one device work. I ended up scrapping that project and kept Kerio.

How was the initial setup?

For the initial setup, it walks you through a wizard. I've just never used that. But the wizard can set up a very basic bare bones, don't let anything in kind of a setup, which works. My setup is more complex. I have VPNs and tunnels. Any IP on my network has to be logged in, in order to get out. Mine is more of a complex setup. The ease of setup is pretty easy if you use the wizard. It just asks you a few questions and that's it. It's a bit more complex when you do it yourself. 

The deployment took a couple of hours. 

What was our ROI?

I have seen ROI. All the attacks, malware, and viruses that have been stopped are nonstop. The people out there are attacking all the time. It's nonstop, it never stops.

We have peace of mind that our solution stops all those attacks.

What's my experience with pricing, setup cost, and licensing?

Get the GFI unlimited, unless you're only going to have it at one spot. The pricing for the unlimited is a pretty good deal.

Which other solutions did I evaluate?

I looked into Palo Alto, that had a lot of features and everything else. But when I tried to contact them to get a price, they didn't give me the time of day. They wouldn't even return my call. At the time I was a director for a very large company and they still ignored me.

What other advice do I have?

Make sure the person that's doing it knows what they're doing. If you're not getting overly complicated, pretty much anybody can do it. But if you're going to get complex, you'll need to have somebody that knows their way around or else you might make yourself vulnerable.

If you have a tunnel and you have to change certificates because they expired, you do it in the right order, or else you might have to travel long ways to accept the key on the other side. If you create a new key for the tunnel and apply it, the tunnel is down until the other side accepts the key. If going through the tunnel was your only way there, then you're now traveling unnecessarily or long ways. Luckily for me, it was not too far away. But if you have city to city and you have no one on the other end that has the ability to log in and accept the key, then you're going there.

I would rate Kerio Control an eight out of ten. 

I haven't had a lot of experience with the new owners and I'm worried that they're going to sunset it or not give it the attention it needs. That's just my thought, I have no proof or anything like that. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Mark Spiteri
IT Manager at JB Metropolitan Distributors
Real User
Top 5
If one connection goes down, it automatically switches for me

Pros and Cons

  • "The routing of the multiple internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping."
  • "I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running."

What is our primary use case?

My primary use case is to route traffic and route our multiple Internet interfaces. It routes all of the outbound Internet traffic, none of the internal. I do apply a content filter as well to make sure people aren't going into places that they shouldn't be. We have some traffic rules setup for certain services, blocking certain IP ranges from getting external access as well. We do the same for the Adelaide office, but our South Coast office, in addition to all of that, we also run DSCP off of it. The South Coast is the only place we use the DSCP on Kerio.

How has it helped my organization?

Now that we're both running fiber connections between Sydney and Adelaide, I can access our document server in Adelaide just from my PC, rather than using something like TeamViewer and transferring the file I'm after via TeamViewer from Adelaide. I get to it not much slower than the internal server we have right now. It's fantastic.

What is most valuable?

The routing of the multiple Internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping.

In terms of ease of use, it's pretty easy. It took some playing around for me to understand some of it, but I'd say if you understand what it is you're after, and how that works, then this is pretty easy.

We use the firewall. It's fine, a bit tough. I need to test it against others. I'd rather use the Kerio firewall than the Windows ones.

With the VPN features we can connect all three of our sites together.

The content filtering and VPN features are pretty easy to set up. It's a couple of clicks and it's done, so it's pretty good. I'm pretty happy with it.

I am the only manager who manages the security. It does save me time. In the scenario where one Internet connection goes down, I used to have to run to the server room and unplug a cable, and come back. Now, I don't have to do that at all. It saves me a lot of time, 100%. With the routing, previous to this there are a few things in here that I haven't had the ability to really do how I wanted so I don't have a comparison.

What needs improvement?

I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running.

Someone set a printer to have a static IP address and because they set it as static, it won't show on my LAN, on the DSCP server, because it's not questioning it. So just because the device does not request the rules from the DSCP, I don't see why it wouldn't show up in my LAN on the DSCP server. That's a bit odd. It's different from how a Windows DSCP server would react. Instead of only showing one is requesting DSCP, or on a reservation, it shows all, whether they're reserved or not. A Windows one would. For some reason, it isn't showing me ones that were statically assigned.

For how long have I used the solution?

I have been using Kerio Control for four to five years. 

It's deployed in three different locations now. 

What do I think about the stability of the solution?

The stability is pretty good. I've only had one issue with it before. It was set to update on its own, and it didn't update and the update failed, so it didn't come back on for some reason.

If an update fails, it should have some kind of automatic rollback to bring itself back on. Because when it does that at night and it stops, I don't really get a notification that it's stopped. It's not on anymore so I don't find out that nothing has worked all evening until the next morning.

What do I think about the scalability of the solution?

Scalability is fantastic. I don't see a limit to it.

I am the only admin for this solution.  

We employ a company that contracts stuff out for me, so they're the people that initially installed this for me at the three sites, but I maintain it. If I have other things I don't know how to do, they'll get in, but it's just me and that other team.

Increasing usage depends on whether the business itself acquires other businesses, and that's really why we've got these three locations. We bought a business in Adelaide, so we set up a similar setup to what we had in Sydney. And this year in February we bought another business down in the South Coast of New South Wales and we've set up a similar thing there as well. So if we buy other businesses and I need some other help with the server running, then yes, I'll probably get another license. But only if that happens.

My business is medium-sized and this solution is perfect for it. 

I have one point of access for multiple portions of what I need for routing. We've got an Internal server that's managed by a different company and it was incredibly easy for that other company to put certain rules in place and then for us to create those rules to and communicate to the outside world was incredibly easy to map. There was just no confusion between the two companies that we're talking about what to map. That was in the initial setup, so that all wasn't done by me. They just communicated to each other very easily. This made it very simple. There was no confusion.

How are customer service and technical support?

I've never contacted technical support because I just call the people that I contract to fix things and if they're not quite sure how to fix something, they'd probably contact GFI. 

Which solution did I use previously and why did I switch?

We used to use a Cisco router. That was it. There was a very limited amount of routing I could really perform.

Kerio Control enables us to add multiple routing. We have lots of different options in the one thing. 

Kerio was recommended to me by ITIS. They told me that this one was what they highly recommended we use for what I needed.

What about the implementation team?

The outsourced contractor that we used for the setup was great. There's nothing wrong. I've been using him for a while.

What was our ROI?

I can't imagine not using it. I think if I had to use the Microsoft server to do all of this I'd be very frustrated.

What's my experience with pricing, setup cost, and licensing?

I don't have other ones to compare the pricing to. I haven't used other solutions to know all the features they have. The price seems reasonable to me for something that does so much and works so well.

What other advice do I have?

Kerio Control has not increased the number of VPN clients but we have added clients only because they needed it, not because Kerio is there.

To the best of my knowledge, before Kerio we did not experience a security breach. The only semi security issue we had was that someone had run a virus that encrypted a whole bunch of files on the server. But that was before my time. I was not the IT manager at that point.

If I didn't have the help from someone else that completely understood all of the services that are features of this product, then I probably wouldn't have put it in myself. It's definitely more advanced for people that are handling this type of networking day to day, which I don't. The only other thing that I've had a problem with is Apple servers for some reason, because Apple services come through on so many different servers themselves, and different destinations on the Internet, there's always some kind of issue with updating them on the network with Kerio running. I don't know why. It's just Apple. Everything else is fine.

Personally, I've just learned how to route traffic over a network well. It's helped me to route different parts of the Internet to different parts of my network, which I can't do on a Window server, and visually it's been a great help.

It's been able to add multiple Interfaces, it's good. I have multiple Internet streams and a failover. That's the best.

I would rate it a nine out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
JB
IT Support at Rural Computer Consultants, Inc
Real User
Top 10
Content filtering and VPN simplicity are second to none

Pros and Cons

  • "The ease of use in the GUI itself is the most valuable feature. The GUI is really the best part of it. We like the traffic rules so we can control who can get to what. It's easy to determine the flow of the traffic itself so we aren't having to guess through command lines and reading out basically command-driven output. It's just a very easy-to-use interface. The interface is the best part of the product."
  • "The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a beating on the appliance. And when there's a lot of things going on, the system can get bogged down. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time."

What is our primary use case?

We have over 50 office staff that we use Kerio Control to protect, monitor web traffic, and cloud-host environments. We have a VPN tunnel from outside vendors that we keep connected to our environment and we use it as a switching device between some of our hardware in the hosting environment. We also use it for the security function. 

Our primary use case is for intrusion prevention from attackers, from wherever they may be. And also for doing the quality of service because we have a lot of remote users, especially during this pandemic. We can control the quality of service with phones and network devices, as well as the antivirus scanning. We use the whole gamut of pretty much everything that Kerio has to offer.

We're still a small company but we are pushing what the software is currently able to handle, while it seems to be geared towards small-medium business.

How has it helped my organization?

Content filtering used to be that you had to block specific websites that you didn't want somebody to access, or you had to write a specific rule to say that something is accessible or not accessible. We can apply Kerio-provided categories and rules without having to define large scopes of protocols or malicious websites. That part of it has come a long way in the last five to ten years.

The GUI is the best part of the product. If another team member needs to get in there to do something, it's a really quick click and it's done. There's no learning through command-line tools.

On an annual basis, we save not just hundreds of hours but also labor costs. Over the life of the product, I'm sure it's in the tens of thousands of hours because we don't need an inhouse specialist in Kerio technology.


What is most valuable?

The ease of use in the GUI itself is the most valuable feature. We like the traffic rules so we can control who has access. It's easy to determine the flow of the traffic itself so we don't have to educate on command lines and reading out command-driven output. It's a very easy-to-use interface.

The comprehensiveness of the security features is fairly good. There have been some suggestions that we've made to the GFI team that we would like to see for performance. As our company grows, we need Kerio to grow with us, and so we've suggested some ideas on making the Kerio Control appliance perform better for more users because it can become sluggish under heavy loads.

In terms of security features, Kerio gives us most of what we need. There are some granular items that we would find more useful when we want to stop a particular region from access. 

The firewall and intrusion detection features are really good, it just needs a little bit more fine-tuning.

The content filtering and VPN features are great. The vpn client is ssl based, so no key cipher matching is required when setting up without information in front of you.

What needs improvement?

The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a toll on performance. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time; it is currently running on an end of life linux kernel.

For how long have I used the solution?

I personally have been using Kerio Control for 13 years but it's been at my company for close to 20 years.

What do I think about the stability of the solution?

The stability has actually improved quite a bit. There were some bugs found in previous versions up until about last spring, and then they concentrated on fixing some of the issues causing us some problems. As of the last update, it's very stable.

What do I think about the scalability of the solution?

It's not very scalable when you start to get into the hundreds to thousands of users because the performance of all of the functionality isn't quite there yet. We're hoping that's remedied with some updates coming down the line.

Kerio is pretty much the backbone of everything that we do. Keeping all of our customers connected to us, keeping our staff safe online, and getting our staff into our cloud environment.

How are customer service and technical support?

The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.

It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.

Which solution did I use previously and why did I switch?

I did not have any experience with another similar solution. In fact, I had never heard of Kerio until I started at my company, primarily because Kerio was fairly small at the time. They were based out of California at the time. They were a small company and generally fit into the 100-users-or-less environment. When you would hear about other vendors, they generally ran in the thousands to tens of thousands of users and you just didn't hear about Kerio in that product line.

We take other solutions into consideration based on the growth needs that we have. As our cloud environment gets larger, if the Kerio technology is not able to keep up, that's always under consideration.

How was the initial setup?

The process was pretty straightforward. Something that I expected to take days to weeks took about two or three hours.

What was our ROI?

Network security should not be planned around providing a return on your dollar in terms of a payback in the administration of the process. It should be planned around providing a level of comfort to management that intruders are being kept out of the network, errors and omissions are being kept to an acceptable level of risk.

What's my experience with pricing, setup cost, and licensing?

Price-wise, it's very affordable. Whether you're a smaller or larger business, whether you're five users or a couple of hundred users, the pricing is very fair. The performance of it is what determines how you want to license it because you can purchase a Kerio appliance. We try to make use out of everything because we like to keep it in one place. It has fit our business size and needs.

Which other solutions did I evaluate?

Some of the main differences between the other solutions and Kerio is that Kerio has made their subscription service fairly universal. You get pretty much everything with one subscription. With some of the other vendors, you have to subscribe to each module that you want to use. On the other side of it, other firewall vendors tend to be able to handle in the millions of connections, hundreds of thousands to millions. And we see some of those limitations with the Kerio appliance because of some of the aging architecture of it.

What other advice do I have?

My advice would be to follow the hardware requirements of Kerio and make sure the equipment that you have can run the connections for the number of users that you intend to run and are being planned out to be successful. Working with the Kerio team to determine your needs works out very well. 

Not all firewalls have to be difficult to learn. Kerio has made it a really easy-to-use product.

Which deployment model are you using for this solution?

On-premises
Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Chris Kershner
CEO at Professional Project Managers
Reseller
Top 5
The comprehensiveness of the security feature is exceptional but speed needs improvement

Pros and Cons

  • "Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio."
  • "The overall speed needs improvement. Internet connectivity speed needs to be improved somehow."

What is our primary use case?

Our biggest customer uses Kerio Control as a VPN on a campus network that we use to encrypt all of their heating and air. It's at the University of Mexico. It controls all of their heating, air, and security over their campus network. I have a hundred units doing that.

How has it helped my organization?

I'm a one-person team, and Kerio Control has saved me time. When I looked at the comparison between how much time I spend supporting a business installation of Kerio versus a FortiGate installation, just with the implementation, I have saved a few weeks of time. On a yearly basis, I have saved around 30 to 40 hours on one customer because they're bigger customers.

What is most valuable?

The VPN is the most valuable feature. We filter out outgoing NAT packets by port. So we locked down incoming and outgoing packets with the Kerio software. It's a lot less money than our FortiGate solutions that we installed, for instance. The value in it is money savings and flexibility.

Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio.

For the money, the comprehensiveness of the security feature is exceptional. The next level of security is the sandbox and FortiGate charges me $120,000 a year for that sandbox. I don't see that as something that Kerio would ever be adding. The next step is a big, drastic step up in company size. So for medium and small businesses, I think Kerio is about as good as I can get.

It gives us everything we need in one product for our small-size business.

For medium to small businesses, the firewall and intrusion detection features are very well priced and just excellent. The functionality for the amount that we're paying for them is excellent.

The malware and antivirus features are okay. I add stuff on top of Kerio, I have Malwarebytes. So I would give it an okay. Malwarebytes still catches quite a bit that Kerio doesn't.

I used the content filtering a little bit and it works alright. I've got a hundred VPNs at the University of New Mexico. I don't put it anywhere else though, so I don't know. I don't really have any kind of input on that, I suppose.

Their graphical user interface that allows me to open up particular ports to particular internal IPs with one external IP is very flexible and easy to use. It is also much clearer than when I go into my larger systems with two competitors, Cisco and FortiGate.

Kerio enables me to use one external IP address to cut it into multiples server solutions based on different port numbers. It saves them money if my customers are creative enough to use those features.

What needs improvement?

The overall speed needs improvement. Internet connectivity speed needs to be improved somehow.

If I buy one of Kerio's hardware boxes and put it between me and the Internet, the speed is reduced dramatically using their hardware.

For how long have I used the solution?

I have been using Kerio Control for the last twenty years. 

We currently have one on Macintosh and one on Windows of the most current version of Kerio Control as well as Kerio Connect.

What do I think about the stability of the solution?

I found it to be fairly stable. Their updates have gone very smoothly, which is a nice thing. It doesn't crash during updates. I've had very good luck with that. Whereas I can't say the same thing with both Cisco and FortiGate.

What do I think about the scalability of the solution?

If you buy their hardware box, it doesn't scale so nicely. I found if I put it on a higher-end computer, it does better. I guess it's okay if you put the right hardware in for it. I can't get through those to their boxes.

I had some customers that were running about 200 to 300 machines, those were my larger ones with Kerio. For the most part, I have them on between five and 20 users.

How are customer service and technical support?

One of my customers had some issues that weren't pleasant. Support was pretty good and then it changed quite a bit when Lifeboat and GFI were involved. I personally haven't done too bad. I'm a one-person show, but I have a bunch of subcontractors. I personally have done alright with them. Although some of my people have had some not as good experiences over the last six months. They had time-related issues, about how long it took them to get back to them.

How was the initial setup?

On average, it takes around one to two hours on a small to medium business to set it up. But it's totally dependent on their applications and that can vary up to quite a few hours if they've got some complex application issues. Typically, it's because I have to wait on getting responses from vendors. So we go out and we put in a default setup and modify off of that.

Our default setup pretty much locks their network up to only having HTTP, it turns off FTP and things of that nature. We have a pretty secure default setup and then we go open things.

After you've done it a few times it's pretty smooth.

What was our ROI?

Our ROI is money savings. We bill them every year for their renewal subscriptions, and that goes fairly smoothly. We don't have to spend a whole lot of time trying to figure out how to add a particular port or interface for a new function that the client needs to have access to. They never need the Internet. It takes us considerably less time to do it on Kerio than it does on the competing products that we also deal with. Which, from our perspective, is appropriate. For some people, it would be a mixed blessing because you are not getting as much billable time out of it, but we like to be as efficient as possible and so we appreciate that. We feel it's a good return on investment.

What's my experience with pricing, setup cost, and licensing?

I think that licensing flows pretty smoothly. Make sure that you set them up so you support them over the my.kerio.com web interface because that lets you see all of your customers.

What other advice do I have?

We don't use high availability or fail-over protection. We set one up once and almost gave up on it. You have to have pinnacle boxes and things, so we did set it up and test it but we haven't actually sold any of them.

I feel pretty comfortable having a Kerio firewall in a medium to small business. It can be deployed in an easy fashion, which is the same as everybody's Comcast, CenturyLink, or whatever their modem has. Then if you really spend the time doing it correctly, you can give somebody what, I feel, is an enterprise-quality solution in small business for a good price.

If I pinhole Kerio for small businesses, I would rate it a 10 out of ten but overall, I would give it a seven.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
JG
Head of IT at Glorious Way Church
Real User
Top 10
Keeps our public and private networks separated and protected from any intrusions from the outside

Pros and Cons

  • "In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, and content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful."
  • "There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out."

What is our primary use case?

It's the firewall and the router for our network. That includes both the public side and our private side as well.

How has it helped my organization?

We were having issues with feeling more secure. Keio Control has made me feel like our network is more secure. Also, the VPN feature was easier to manage and assign to different users. There's no more downtime with our VPN. It just works.

Kerio Control has saved time for the members of our team who manage security.

We've increased the amount of clients that use VPN. It's very easy to manage and very easy to setup. All we have to do is set them up with an account and then download the software to their computer. It just works. There has been a 50% increase.

What is most valuable?

The intrusion prevention is good. I like the fact that it's always up, it's always secure, and it never lets us down, never locks up. It just works.

As a firewall, it keeps our public and our private networks separated and also from any intrusions from the outside. 

In terms of the comprehensiveness of the security features, it does a great job of laying out what it does. It's fairly easy to edit and research. Some of the features were turned on by our IT company and I was able to easily find other features on my own by searching for videos on the internet. I've been able to block certain websites, content filter, as well as manage some of our bandwidth because we live stream on Sunday. I'm able to dedicate bandwidth for the encoder that goes to the internet. It always has enough bandwidth, no matter how many people are on the network. That's really helpful.

It provides us with everything we need in one product.

Because of the reputation of Kerio as well as all of the great things my IT company recommended, it's easy to trust a company like this for our intrusion prevention and for our security. It's really easily laid out and it just works.

The malware and antivirus features keep themselves updated once it's turned on. You don't really have to worry about anything. It scans all the incoming email and it scans for web traffic. It just works in the background. You don't even know it's there until it finds something.

The VPN feature works great and it's secure as well. I'm impressed with the speed at which it works and how easy it is to access over the VPN.

What needs improvement?

There were certain things I didn't know about it, but I've always been able to just contact our IT company. They've been able to walk me through certain things. It was quite a monumental task to set up a public site. Support really had to help me with setting up the VLANs and walk me through it. It was not possible for me to figure that out on my own, but that's what they're here for. That could have been a little bit easier laid out.

For how long have I used the solution?

I have been using Kerio Control for two years. 

What do I think about the stability of the solution?

It's extremely stable and the uptime is incredible in terms of how it stays connected, and we have had no issues in over two years of using it.

What do I think about the scalability of the solution?

It can scale and grow as we grow. It has very impressive features. It is a little bit of overkill for what we use it for. But I think it's worth it. I really do. I don't mean for it to sound like a negative. I chose it on purpose, even though I knew it was a little bit more than we needed. Because of the security features and because of the reputation that it had coming from our IT company, I really saw no other option.

Only I manage the device and I'm head of our IT department.

We have roughly 10 VPN users and 20 or so computers. Then we have at least 75 to 100 devices that connect to it at one time on a Sunday. That connects to the internet and it's able to handle the traffic and the bandwidth management perfectly.

It's more than adequate for our size of business. I know it's made for larger companies than ours, with more employees. But it works very well for us and it's easy to manage. It's robust and very consistent. 

How are customer service and technical support?

I've only had to use technical support once and it was on a VPN. They updated the VPN protocol and I had a question about it. They immediately got back with me. It was easy to deal with them. They immediately had the solution that I needed.

Which solution did I use previously and why did I switch?

Our previous solution was off-brand. We upgraded because it did not have enough bandwidth to support our faster internet speeds. That's the real reason why we upgraded. It was not able to have a VLAN and a second LAN for our public site. That was another reason why we upgraded. We didn't feel it was as secure as Kerio.

How was the initial setup?

The initial setup was straightforward, with the exception of the VLANs, and setting up a second LAN. Other than that, it was straightforward.

The deployment took two hours. 

The IT company went through and showed me all of the settings and gave me a tutorial on which features I needed to use and how to turn them on and what they meant. As far as the rest of our office staff is concerned, they just needed the VPN protocol setup. I was able to do that on my own because that was really straightforward and easy.

They set it up for me. They plugged it in for me and then explained all of the features to me and helped me set up some of the features. I was then able to easily find videos online and some instructions to set up other features that I wanted, like content filtering.

Having seen the process, I could easily do it again without their help. I just needed a little bit of a push from them.

What was our ROI?

We have seen ROI. 

What's my experience with pricing, setup cost, and licensing?

I would encourage other people that when considering pricing, you really have to think about how important your network security is and how you're going to save time in the long run on managing your network. It's worth buying a product that's top-notch and the best quality. Your network is worth it and your employee's security is worth it.

Which other solutions did I evaluate?

We also looked into Ubiquiti UniFi system and decided to go with Kerio.

Kerio ended up being a much better solution. 

What other advice do I have?

I would rate Kerio Control a ten out of ten. 

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Buyer's Guide
Download our free Kerio Control Report and get advice and tips from experienced pros sharing their opinions.