The most valuable features are the VPN, SSL VPN, and IPSec VPN.
The port forwarding functionality works well.
We do evaluate other products both before we choose Kerio Control and on a regular bases. We do have one or two smaller firewall product that we use for the true entry-level businesses who don't need any capabilities, and we are constantly seeing products as we get new customers and what products they are using currently. We don't like to rip them out right away until we understand the network and its issues, we have to get familiar with a customer before we can make a recommendation.
Vendors are always coming out with new things and there are always new features. True cloud management seems to be the big buzz right now, so we've been looking at those type of products. However, so far we keep going back to Kerio Control.
A lot of times I can do things in one screen of Kerio Control that would take two to three screens. I was just making a firewall rule with NAT forwarding on a different product for a customer a couple of days ago and that took four different screens and four different menus. One of the nice things about Kerio is how it does firewall rules and port forwarding.You do it all-in-one screen called "rules" where It creates the forwarding, the NAT, and the port holes.
With some products I'd have to go into a window to create a firewall rule of VLAN 1 to VLAN 2, then I have to create a firewall rule of VLAN 2 to VLAN 3. Finally, I have to create a firewall rule of VLAN 1 to VLAN 3. That's three separate firewall rules that I have to build. If I want to block one port, then that's three separate firewall rules I have to edit. On Kerio Control, the way it's setup, I can make one rule that encompasses all three of those rules by having my source have multiple sources, multiple destinations, and multiple ports. For example, a security camera system needs three ports forwarded to it. I might have to create three rules and 3 NAT translations, one for each of those ports. Some of them I can group, but others you can't. With Kerio firewall, I can list all those ports in one spot. Therefore, I can create a rule that allows the WAN and VPN 2 to access a camera system on VPN 3 on these two ports and point it all to the Camera System using only one rule.
It is not the most powerful firewall out there, I understand that, but it's a great balancing act between the capabilities. It's as capable as many of my other firewalls, but at the same time, it's not as complicated. You don't need to take a three-month course like you do with some of the other products in order to be able to use it properly. It's all GUI-based, unlike some products. Sure a lot of products have a GUI where you get just so much done, then at a certain point, you have to jump into command line. There is no command line option in Kerio Control because its not needed, there isn't a point where I have to pull out a manual and find obscure commands to type in to get the product to do something I want it to do.