What is our primary use case?
I use Kerio Control because it is one of the few firewalls which allows easy failover from two separate internet providers. It also has virus protection built-in. I use it to have reliable access to the internet, which is virus-free and which fails over if one of my internet providers drops — and they do sometimes when it rains. Those were the reasons I wanted Kerio Control. And it just works; provides internet.
We are a very small company, and started with two users. We have now four users who use it on and off. There are nine or 10 computers. I, myself have three or four computers working at the same time. I'm not really dependent on cloud, but I use internet very much in a lot of situations.
It's deployed onsite but as a virtual machine in a Windows server.
How has it helped my organization?
Being an SMB, Kerio Control is nice-to-have. It fulfills my needs completely.
It allows the users I have to use email without any problem, without their having to know anything about the fact that there is a firewall which protects them in different ways. I might spend an hour per month on maintenance of the Kerio system. So it's very transparent and very hidden. The best thing is the fact that nobody notices it.
It has helped me save time. It allows me to get on with my main work, without spending any time on security or worrying about threats to the data I have. Without it, I would have lost a lot of time. A long time ago, I spent a lot of time cleaning computers, removing viruses, etc. That has all gone away since I have had this set up, as part of a three-layer defense.
The failover has no effect on security. It only affects the availability. There used to be a situation where I had two internet providers with different speeds. If my main provider was down, it would be backed up by the other and I wouldn't notice that it was a little slower, and I wouldn't notice that one of my internet providers was unavailable. This guarantees that I always have internet availability. We had some technical problems with one of the lines which was very sensitive to rain — which sounds weird, but okay. And this setup allowed me to not think about it anymore. Since then, internet speeds have grown and at the moment it's not a big issue, but I'm sure that both of the providers drop once a year for a day. But I don't notice it, and that's very important for me.
What is most valuable?
The most valuable features include
- being able to attach to two different internet providers
- the ability to map which ports you will allow in and out of the VPN, which is built-in
- the fact that it reliably works without any attention.
I want to have access to my computer from the outside and Kerio Control plays a role because it has a VPN. This VPN is different from most other VPNs, although they have used a standard version. It is more reliable because it's a smaller group of computers to target for hackers and the like. The VPN works very well. I use it to work remotely very easily and exchange information, both to and from the location where it's deployed, and there have been no problems there.
I have one or two VPN clients, at most, that are active at one time, so it's there if needed when I'm not working at this location. It helps me a lot to have a reliable VPN client. I have no performance issues when working through VPN.
Kerio Control also has some authorizations so I am able to block internet access for certain hours for certain people.
Overall, the security features are adequate. They do what I need. I don't have much experience with anything else, so I can't compare, but they completely solved my problems.
The firewall and intrusion detection features don't hinder me, and I haven't had any attacks, as far as I can see. I want a firewall to be unobtrusive. I don't want to notice it's there. It should just do its work and protect me and not hinder me when doing real work, and that's what it does. It's very good because it shouldn't be noticed, and it's good at not being noticed and doing its work.
Overall, I don't have any problem using Kerio Control. For me, it's very easy, but I've been working in software for some 50 years.
What needs improvement?
I would like to be able to automatically send email from Kerio Control and have it tell me what my external IPs are, because on one of my lines I have a fixed IP address and on the other it is variable. If there were a permanent way for me to figure out, "Okay, my current external VPN and my firm IP is this," it would help. I need to know the IP address to connect with the VPN and, at the moment, one of the lines sometimes changes its IP address without me knowing it. It's a hassle to figure out what it is.
It might also be interesting to have a GFI-approved, Docker-containerized version of the Kerio Control system.
For how long have I used the solution?
I have been using Kerio Control for more than 10 years.
What do I think about the stability of the solution?
I don't remember any glitches. I haven't had problems with it for a very long time. But I use it very specifically for a certain purpose and that works fine.
What do I think about the scalability of the solution?
It's very hard for me to give a correct estimate of the scalability, since a lot of overhead in my situation is caused by the fact that I run it in a virtual machine. That means the bandwidth which it can process, which would be scalable, is downgraded because it's in a virtual machine. That's not Kerio's fault.
I have no plans to increase the usage in the future. For me, it's adequate because I have a lot of leeway. I have enough bandwidth available to fulfill my needs.
How are customer service and technical support?
The problems I've had with Kerio, when I wanted to change something, have always been solved by consulting the Knowledge Base.
We are located in Holland and there is supposed to be Dutch tech support, and there is an American tech support, as far as I know. The bad thing about the American tech support is that reaching them by phone is difficult and by mail there's a certain turnaround. So, I'd rather rely on the Knowledge Base so that I'm not really dependent on the person on the other side.
They have an extensive Knowledge Base and, if you can't find something there, you can check the internet and there's enough available.
Which solution did I use previously and why did I switch?
I switched because I wanted something which had the possibility to handle two different internet providers, two network cards, and do load switching and load balancing. The other solution I used didn't have that.
How was the initial setup?
The initial setup is easy. I know what I want to configure so it's easy, no problem at all.
The biggest problem I have is using it as a container on a virtual machine. You have to connect your hardware network cards to the internal virtual machine. That's a problem that Kerio won't be able to solve because it's the environment I have to create to let Kerio work in the way I work, and that is probably different than most users. But if you use it on a simple PC, it's no problem at all.
I reinstalled it recently and it took me about half an hour, and part of that was getting backups right, etc.
As for an implementation strategy, I changed the system my Kerio was installed on, so I first did a trial-install to figure out if everything worked. After that, when I did the actual production install, it was done very fast because I had tried it out before.
What was our ROI?
It does its job. Converted into hours, it doesn't cost more than five hours per year to pay the price for the 10 users I have. That's a good deal for me.
Having good internet access is a very large requirement for me to do my work. Internet is one of the basic tools I have and I need a firewall. Your internet provider will give you a box that has a simple firewall in it, but that doesn't suffice for me. I need something like this and it's not an option for me not to buy a product like this. I'm really not even thinking of return on investment. If I don't have something like this, I just can't work. It's a basic necessity.
What's my experience with pricing, setup cost, and licensing?
I don't think it's expensive. I'd recommend it to others.
Which other solutions did I evaluate?
I haven't evaluated any other options. I started using Kerio Control and it was sufficient. I haven't spent any time looking at alternatives. I've seen constant improvements in Kerio; they actively enhance the product. That's a good sign for me. I also use the GFI mail server and I prefer to use one company for my tools.
What other advice do I have?
My general advice is always: Read the manual, check your hardware and see if you have everything you need, and if it will suit your needs.
It's hard for me to assess its malware and antivirus protection because Kerio is one part of a three-part defense against malware and antivirus. I'm not sure which part picks up which problem. My philosophy is that no single protocol picks up all the problems, so if you have several of them, you'll fight the virus or malware at some point. That's why I have three different tools with different focus points, and together they keep me safe. Malwarebytes specializes more in malware, ESET is a normal desktop antivirus system, and this system is a general anti-malware and antivirus system of another type. They compliment each other.
I have an internet speed of 200 megabits per second, and 15 might be enough. So the only point I don't know about Kerio is whether it takes a lot of performance out of the maximum you could get if you didn't have a firewall.
Overall, I would give it a nine out of ten, but with the comment that I haven't compared it with anything else. On my scale, 10s are very rare. They're for things that go beyond my expectations and Kerio does exactly what I expect and it does it well.
It's just an essential which does it's work. I don't think about it normally. It's just there and it works.
Which deployment model are you using for this solution?