What is our primary use case?
Our biggest customer uses Kerio Control as a VPN on a campus network that we use to encrypt all of their heating and air. It's at the University of Mexico. It controls all of their heating, air, and security over their campus network. I have a hundred units doing that.
How has it helped my organization?
I'm a one-person team, and Kerio Control has saved me time. When I looked at the comparison between how much time I spend supporting a business installation of Kerio versus a FortiGate installation, just with the implementation, I have saved a few weeks of time. On a yearly basis, I have saved around 30 to 40 hours on one customer because they're bigger customers.
What is most valuable?
The VPN is the most valuable feature. We filter out outgoing NAT packets by port. So we locked down incoming and outgoing packets with the Kerio software. It's a lot less money than our FortiGate solutions that we installed, for instance. The value in it is money savings and flexibility.
Kerio is a lot clearer to set up to do particular things, whereas when I do it on a Cisco or a FortiGate I have to go fight with it per week sometimes to do something I can do in 20 minutes on Kerio.
For the money, the comprehensiveness of the security feature is exceptional. The next level of security is the sandbox and FortiGate charges me $120,000 a year for that sandbox. I don't see that as something that Kerio would ever be adding. The next step is a big, drastic step up in company size. So for medium and small businesses, I think Kerio is about as good as I can get.
It gives us everything we need in one product for our small-size business.
For medium to small businesses, the firewall and intrusion detection features are very well priced and just excellent. The functionality for the amount that we're paying for them is excellent.
The malware and antivirus features are okay. I add stuff on top of Kerio, I have Malwarebytes. So I would give it an okay. Malwarebytes still catches quite a bit that Kerio doesn't.
I used the content filtering a little bit and it works alright. I've got a hundred VPNs at the University of New Mexico. I don't put it anywhere else though, so I don't know. I don't really have any kind of input on that, I suppose.
Their graphical user interface that allows me to open up particular ports to particular internal IPs with one external IP is very flexible and easy to use. It is also much clearer than when I go into my larger systems with two competitors, Cisco and FortiGate.
Kerio enables me to use one external IP address to cut it into multiples server solutions based on different port numbers. It saves them money if my customers are creative enough to use those features.
What needs improvement?
The overall speed needs improvement. Internet connectivity speed needs to be improved somehow.
If I buy one of Kerio's hardware boxes and put it between me and the Internet, the speed is reduced dramatically using their hardware.
For how long have I used the solution?
I have been using Kerio Control for the last twenty years.
We currently have one on Macintosh and one on Windows of the most current version of Kerio Control as well as Kerio Connect.
What do I think about the stability of the solution?
I found it to be fairly stable. Their updates have gone very smoothly, which is a nice thing. It doesn't crash during updates. I've had very good luck with that. Whereas I can't say the same thing with both Cisco and FortiGate.
What do I think about the scalability of the solution?
If you buy their hardware box, it doesn't scale so nicely. I found if I put it on a higher-end computer, it does better. I guess it's okay if you put the right hardware in for it. I can't get through those to their boxes.
I had some customers that were running about 200 to 300 machines, those were my larger ones with Kerio. For the most part, I have them on between five and 20 users.
How are customer service and technical support?
One of my customers had some issues that weren't pleasant. Support was pretty good and then it changed quite a bit when Lifeboat and GFI were involved. I personally haven't done too bad. I'm a one-person show, but I have a bunch of subcontractors. I personally have done alright with them. Although some of my people have had some not as good experiences over the last six months. They had time-related issues, about how long it took them to get back to them.
How was the initial setup?
On average, it takes around one to two hours on a small to medium business to set it up. But it's totally dependent on their applications and that can vary up to quite a few hours if they've got some complex application issues. Typically, it's because I have to wait on getting responses from vendors. So we go out and we put in a default setup and modify off of that.
Our default setup pretty much locks their network up to only having HTTP, it turns off FTP and things of that nature. We have a pretty secure default setup and then we go open things.
After you've done it a few times it's pretty smooth.
What was our ROI?
Our ROI is money savings. We bill them every year for their renewal subscriptions, and that goes fairly smoothly. We don't have to spend a whole lot of time trying to figure out how to add a particular port or interface for a new function that the client needs to have access to. They never need the Internet. It takes us considerably less time to do it on Kerio than it does on the competing products that we also deal with. Which, from our perspective, is appropriate. For some people, it would be a mixed blessing because you are not getting as much billable time out of it, but we like to be as efficient as possible and so we appreciate that. We feel it's a good return on investment.
What's my experience with pricing, setup cost, and licensing?
I think that licensing flows pretty smoothly. Make sure that you set them up so you support them over the my.kerio.com web interface because that lets you see all of your customers.
What other advice do I have?
We don't use high availability or fail-over protection. We set one up once and almost gave up on it. You have to have pinnacle boxes and things, so we did set it up and test it but we haven't actually sold any of them.
I feel pretty comfortable having a Kerio firewall in a medium to small business. It can be deployed in an easy fashion, which is the same as everybody's Comcast, CenturyLink, or whatever their modem has. Then if you really spend the time doing it correctly, you can give somebody what, I feel, is an enterprise-quality solution in small business for a good price.
If I pinhole Kerio for small businesses, I would rate it a 10 out of ten but overall, I would give it a seven.