What is our primary use case?
My primary use case is to route traffic and route our multiple Internet interfaces. It routes all of the outbound Internet traffic, none of the internal. I do apply a content filter as well to make sure people aren't going into places that they shouldn't be. We have some traffic rules setup for certain services, blocking certain IP ranges from getting external access as well. We do the same for the Adelaide office, but our South Coast office, in addition to all of that, we also run DSCP off of it. The South Coast is the only place we use the DSCP on Kerio.
How has it helped my organization?
Now that we're both running fiber connections between Sydney and Adelaide, I can access our document server in Adelaide just from my PC, rather than using something like TeamViewer and transferring the file I'm after via TeamViewer from Adelaide. I get to it not much slower than the internal server we have right now. It's fantastic.
What is most valuable?
The routing of the multiple Internet physical routers I have is the most valuable feature of this solution. Instead of me physically unplugging a cable from one router to the server, if one connection goes down, it automatically switches for me. So I can have all three of them plugged in. If one goes down, it just picks up the other one automatically. There's no physical cable swapping.
In terms of ease of use, it's pretty easy. It took some playing around for me to understand some of it, but I'd say if you understand what it is you're after, and how that works, then this is pretty easy.
We use the firewall. It's fine, a bit tough. I need to test it against others. I'd rather use the Kerio firewall than the Windows ones.
With the VPN features we can connect all three of our sites together.
The content filtering and VPN features are pretty easy to set up. It's a couple of clicks and it's done, so it's pretty good. I'm pretty happy with it.
I am the only manager who manages the security. It does save me time. In the scenario where one Internet connection goes down, I used to have to run to the server room and unplug a cable, and come back. Now, I don't have to do that at all. It saves me a lot of time, 100%. With the routing, previous to this there are a few things in here that I haven't had the ability to really do how I wanted so I don't have a comparison.
What needs improvement?
I would like it if the interface section had multiple failovers. Although I do have three connections, just in case our physical cables get disconnected, I can only set up one failover as a backup. So, if for some reason our fiber and our AFM went down together, I would have to have it search for our 4G modem. I'd love to have extra backups running.
Someone set a printer to have a static IP address and because they set it as static, it won't show on my LAN, on the DSCP server, because it's not questioning it. So just because the device does not request the rules from the DSCP, I don't see why it wouldn't show up in my LAN on the DSCP server. That's a bit odd. It's different from how a Windows DSCP server would react. Instead of only showing one is requesting DSCP, or on a reservation, it shows all, whether they're reserved or not. A Windows one would. For some reason, it isn't showing me ones that were statically assigned.
For how long have I used the solution?
I have been using Kerio Control for four to five years.
It's deployed in three different locations now.
What do I think about the stability of the solution?
The stability is pretty good. I've only had one issue with it before. It was set to update on its own, and it didn't update and the update failed, so it didn't come back on for some reason.
If an update fails, it should have some kind of automatic rollback to bring itself back on. Because when it does that at night and it stops, I don't really get a notification that it's stopped. It's not on anymore so I don't find out that nothing has worked all evening until the next morning.
What do I think about the scalability of the solution?
Scalability is fantastic. I don't see a limit to it.
I am the only admin for this solution.
We employ a company that contracts stuff out for me, so they're the people that initially installed this for me at the three sites, but I maintain it. If I have other things I don't know how to do, they'll get in, but it's just me and that other team.
Increasing usage depends on whether the business itself acquires other businesses, and that's really why we've got these three locations. We bought a business in Adelaide, so we set up a similar setup to what we had in Sydney. And this year in February we bought another business down in the South Coast of New South Wales and we've set up a similar thing there as well. So if we buy other businesses and I need some other help with the server running, then yes, I'll probably get another license. But only if that happens.
My business is medium-sized and this solution is perfect for it.
I have one point of access for multiple portions of what I need for routing. We've got an Internal server that's managed by a different company and it was incredibly easy for that other company to put certain rules in place and then for us to create those rules to and communicate to the outside world was incredibly easy to map. There was just no confusion between the two companies that we're talking about what to map. That was in the initial setup, so that all wasn't done by me. They just communicated to each other very easily. This made it very simple. There was no confusion.
How are customer service and technical support?
I've never contacted technical support because I just call the people that I contract to fix things and if they're not quite sure how to fix something, they'd probably contact GFI.
Which solution did I use previously and why did I switch?
We used to use a Cisco router. That was it. There was a very limited amount of routing I could really perform.
Kerio Control enables us to add multiple routing. We have lots of different options in the one thing.
Kerio was recommended to me by ITIS. They told me that this one was what they highly recommended we use for what I needed.
What about the implementation team?
The outsourced contractor that we used for the setup was great. There's nothing wrong. I've been using him for a while.
What was our ROI?
I can't imagine not using it. I think if I had to use the Microsoft server to do all of this I'd be very frustrated.
What's my experience with pricing, setup cost, and licensing?
I don't have other ones to compare the pricing to. I haven't used other solutions to know all the features they have. The price seems reasonable to me for something that does so much and works so well.
What other advice do I have?
Kerio Control has not increased the number of VPN clients but we have added clients only because they needed it, not because Kerio is there.
To the best of my knowledge, before Kerio we did not experience a security breach. The only semi security issue we had was that someone had run a virus that encrypted a whole bunch of files on the server. But that was before my time. I was not the IT manager at that point.
If I didn't have the help from someone else that completely understood all of the services that are features of this product, then I probably wouldn't have put it in myself. It's definitely more advanced for people that are handling this type of networking day to day, which I don't. The only other thing that I've had a problem with is Apple servers for some reason, because Apple services come through on so many different servers themselves, and different destinations on the Internet, there's always some kind of issue with updating them on the network with Kerio running. I don't know why. It's just Apple. Everything else is fine.
Personally, I've just learned how to route traffic over a network well. It's helped me to route different parts of the Internet to different parts of my network, which I can't do on a Window server, and visually it's been a great help.
It's been able to add multiple Interfaces, it's good. I have multiple Internet streams and a failover. That's the best.
I would rate it a nine out of ten.
Which deployment model are you using for this solution?