What is our primary use case?
We have over 50 office staff that we use Kerio Control to protect, monitor web traffic, and cloud-host environments. We have a VPN tunnel from outside vendors that we keep connected to our environment and we use it as a switching device between some of our hardware in the hosting environment. We also use it for the security function.
Our primary use case is for intrusion prevention from attackers, from wherever they may be. And also for doing the quality of service because we have a lot of remote users, especially during this pandemic. We can control the quality of service with phones and network devices, as well as the antivirus scanning. We use the whole gamut of pretty much everything that Kerio has to offer.
We're still a small company but we are pushing what the software is currently able to handle, while it seems to be geared towards small-medium business.
How has it helped my organization?
Content filtering used to be that you had to block specific websites that you didn't want somebody to access, or you had to write a specific rule to say that something is accessible or not accessible. We can apply Kerio-provided categories and rules without having to define large scopes of protocols or malicious websites. That part of it has come a long way in the last five to ten years.
The GUI is the best part of the product. If another team member needs to get in there to do something, it's a really quick click and it's done. There's no learning through command-line tools.
On an annual basis, we save not just hundreds of hours but also labor costs. Over the life of the product, I'm sure it's in the tens of thousands of hours because we don't need an inhouse specialist in Kerio technology.
What is most valuable?
The ease of use in the GUI itself is the most valuable feature. We like the traffic rules so we can control who has access. It's easy to determine the flow of the traffic itself so we don't have to educate on command lines and reading out command-driven output. It's a very easy-to-use interface.
The comprehensiveness of the security features is fairly good. There have been some suggestions that we've made to the GFI team that we would like to see for performance. As our company grows, we need Kerio to grow with us, and so we've suggested some ideas on making the Kerio Control appliance perform better for more users because it can become sluggish under heavy loads.
In terms of security features, Kerio gives us most of what we need. There are some granular items that we would find more useful when we want to stop a particular region from access.
The firewall and intrusion detection features are really good, it just needs a little bit more fine-tuning.
The content filtering and VPN features are great. The vpn client is ssl based, so no key cipher matching is required when setting up without information in front of you.
What needs improvement?
The security part of the software, like virus scanning, website, traffic monitoring, things like that, can take a toll on performance. The actual security functionality of it needs a little bit more work, which I believe they are remedying or attempting to remedy at this time, but that's the downfall at this time; it is currently running on an end of life linux kernel.
For how long have I used the solution?
I personally have been using Kerio Control for 13 years but it's been at my company for close to 20 years.
What do I think about the stability of the solution?
The stability has actually improved quite a bit. There were some bugs found in previous versions up until about last spring, and then they concentrated on fixing some of the issues causing us some problems. As of the last update, it's very stable.
What do I think about the scalability of the solution?
It's not very scalable when you start to get into the hundreds to thousands of users because the performance of all of the functionality isn't quite there yet. We're hoping that's remedied with some updates coming down the line.
Kerio is pretty much the backbone of everything that we do. Keeping all of our customers connected to us, keeping our staff safe online, and getting our staff into our cloud environment.
How are customer service and technical support?
The GFI technical support can be very time-consuming to get down to the root of the problem, but they are very helpful when you do have an issue. It just takes some time to get to it. It sometimes can be communication that's the issue. Sometimes it can be the complexity of the problem.
It doesn't seem to be a lack of knowledge on the technical support side of things. Some of it comes down to whether the product can currently do what we needed to do or not. We were trying to determine if there was something that we could do to get better performance out of the appliance, and the response from the GFI support team was that it wasn't able to do some of the things that we wanted it to do, but it was something that they were looking at with rewriting some of the functionality. There is the possibility that some of those can be overcome easier.
Which solution did I use previously and why did I switch?
I did not have any experience with another similar solution. In fact, I had never heard of Kerio until I started at my company, primarily because Kerio was fairly small at the time. They were based out of California at the time. They were a small company and generally fit into the 100-users-or-less environment. When you would hear about other vendors, they generally ran in the thousands to tens of thousands of users and you just didn't hear about Kerio in that product line.
We take other solutions into consideration based on the growth needs that we have. As our cloud environment gets larger, if the Kerio technology is not able to keep up, that's always under consideration.
How was the initial setup?
The process was pretty straightforward. Something that I expected to take days to weeks took about two or three hours.
What was our ROI?
Network security should not be planned around providing a return on your dollar in terms of a payback in the administration of the process. It should be planned around providing a level of comfort to management that intruders are being kept out of the network, errors and omissions are being kept to an acceptable level of risk.
What's my experience with pricing, setup cost, and licensing?
Price-wise, it's very affordable. Whether you're a smaller or larger business, whether you're five users or a couple of hundred users, the pricing is very fair. The performance of it is what determines how you want to license it because you can purchase a Kerio appliance. We try to make use out of everything because we like to keep it in one place. It has fit our business size and needs.
Which other solutions did I evaluate?
Some of the main differences between the other solutions and Kerio is that Kerio has made their subscription service fairly universal. You get pretty much everything with one subscription. With some of the other vendors, you have to subscribe to each module that you want to use. On the other side of it, other firewall vendors tend to be able to handle in the millions of connections, hundreds of thousands to millions. And we see some of those limitations with the Kerio appliance because of some of the aging architecture of it.
What other advice do I have?
My advice would be to follow the hardware requirements of Kerio and make sure the equipment that you have can run the connections for the number of users that you intend to run and are being planned out to be successful. Working with the Kerio team to determine your needs works out very well.
Not all firewalls have to be difficult to learn. Kerio has made it a really easy-to-use product.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?