What is our primary use case?
For a small office, I'm using it for a firewall. This is the most obvious primary use, along with:
- The Web Filter subscription for content that gives a bit of protection to users on the network when going to sites with known malware and so on.
- The Antivirus module, which is good at scanning anything coming through, giving us a first line of defense.
- Some other features in there, like VLAN. I have quite a few VLANs setup for keeping things separate for a build network and so on.
I have the hardware appliance on-premise. However, I do use some of the features, like MyKerio cloud, for remote administration and backups. These are hosted on the Kerio site.
How has it helped my organization?
Knowing users on the network are confident that they are in a safe and secure network and can't really hurt themselves.
What is most valuable?
It's a combination of authentication, internal network DNS, filtering, and antivirus. It is a standalone product which has a lot of the features that a Windows domain might have. However, I don't need to have a whole lot of Windows or Mac infrastructure, as I can do all my network management from Kerio.
One very good thing about the Kerio device is its authentication. I don't have a Windows domain for authentication. Instead, I use the Kerio product because it can separate users by Mac addresses and give them IP addresses based on their usernames, automatically logging them in. This makes for a very simple authentication system.
The solution’s firewall and intrusion detection features are pretty good. I have, at different times, connected directly to the Internet in bridge modes with the modem, and the noise in the logs is phenomenal. So, it does a good job. I can see that the intrusion prevention catches everything that is coming at it. I tend to not use it in that mode. I have it connect to a port on my modem router, so I let the modem router take all the initial intrusion noise, then not much gets through to Kerio. That just gives me a lot of confidence that I have a secure network.
For the content filter, I am pretty much running their default. I haven't added any rules to that myself. The default does a pretty good job at picking up things. I might have whitelisted one or two things that I use which it tends to pick up, but I know they are okay.
Kerio Control gives us everything we need in one product.
The feature that I'm relying on: If the appliance died and I had to get another one, Kerio has a configuration backup. Therefore, it's pretty easy to restore to a new appliance.
What needs improvement?
There are some pros and cons to its performance when dealing with malware and antivirus features. Maybe once a month, I have gone to a website and it's being blocked. This is because it's a known malware site. So, I feel confident that those filters are doing their job. On the down side, occasionally when iOS devices go to the App Store to do their application updates, it will pick that up as a possible virus in a file: a false positive. This only happens on the iOS updates and the antivirus signatures.
One area that confused me a bit when I was building my current network. I use VLANs to have separate functionality on the network, and the appliance I got was the WiFi model, but I discovered that you can't assign WiFi channels to the VLAN. So, you can have WiFi, but its own subnet. You can't run that over the VLAN. Effectively, I can't use the WiFi facility in the appliance and had to purchase a separate web that supports VLANs. In the end, I had to go to GFI support. They confirmed this is just a limited functionality of that device, as it is a low-end device. I don't know if any of their high-end models have a better facility or not.
For how long have I used the solution?
I first used this solution when it was a piece of software called WinRoute. That would have been around the year 2000. I've been using the product in its various forms for quite a long time.
What do I think about the stability of the solution?
The stability is pretty good. It ticks along nicely. I occasionally have to reboot it. It starts throwing strange errors on different clients. There was a period where Kerio was releasing software updates at least once a month, which would force the reboot, but I think kept it pretty tidy. Over the last year, their updates haven't been very regular. When it gets to running for about 60 days or so, it does get a little funny and the reboot sorts it out. I don't know what's going on there and why their updates have slowed down.
A good thing with the Antivirus module is there are probably six or seven dozen updates every 24 hours to the antivirus signatures. Therefore, they do a pretty good job of keeping at the head of the game.
What do I think about the scalability of the solution?
It is a very low-end device. I am using their base model appliance, so it's a very small piece of hardware with fairly low-end specs. Given the broadband connectivity that we have in Australia, which is pretty poor to start with, that's not really an impediment to me. Moving data around across the land and subnets seems to work fine.
I have about three users most of the time and each of those users can have three devices. Then I have various servers and audio visual equipment. I'm probably up to about 20 or so IPs that could be used, but not everyone and everything is running at the same time. It seems to cope with the traffic I'm hitting it with.
Our users are mainly doing email, web browsing, a little bit of streaming, and a little bit of Zoom. There is not anything terribly intensive.
I probably utilize 70 percent of the features. I don't do things like VPN. I don't do anything with quotas, forcing people to log in, or bandwidth management. However, these are good features that would help some people.
I am not looking to increase usage at this stage. I know that if I did, it has those extra features that I could use. If I started pushing the performance, then I would need to upgrade to get some bigger hardware. I probably can't increase my usage too much at the moment because the hardware would max out.
To get one little unit and configure your whole network is good. It's also good too for a bigger business where you have a network and a small office somewhere. You could drop one of these in that office to run everything, as it's set and forget. You also have the remote administration of the appliance, which would be quite handy to a lot of businesses.
How are customer service and technical support?
I found the technical support pretty good. They are very responsive and come back with an answer on things pretty quickly.
Which solution did I use previously and why did I switch?
I have been using Kerio Control for quite a long time. I didn't use anything else previously.
How was the initial setup?
It has a wizard to sort of get it up and running very quickly. I think I did start with that, then went into the manual configuration for setting up VLANs and DHCP scopes. They were fairly straightforward to set up.
It's a product that you can get up and running pretty quickly. Then, if you want to get into advanced configuration, that's what takes a bit more time.
Out-of-the-box, I had something running in an hour or two, but that's probably because I've been using the product for quite a few years. I know what to look for. But as for the advanced configuration, that's days of work. It's ongoing with the administration and tuning the network. I spend maybe a couple of hours a month just making sure everything is configured and working correctly. The logs are pretty good too. It's good to keep an eye on the logs as it gives you an indication if anything's wrong or if things are going haywire.
You need to have a pretty good idea of how you want to structure unit work and what you want your network to do, especially when you want to set up things like authentication. You need to preplan your subnets and IP address ranges for different users so you can then map them to the user accounts. If you're going to a new organization and setting this up, then there is a bit of work in planning all that and what you want the device to do.
What about the implementation team?
For deployment and maintenance, it takes me few hours here and there.
What was our ROI?
I have definitely seen ROI. It has saved in client software acquisitions, such as, antivirus or any dedicated security software. In my configuration, I haven't needed any Windows infrastructure because this device does all the network management for me. So, it has saved me from buying software and some amount of hardware. It gives three or four people antivirus, which is probably about $500 AUS a year just in client security software that I've saved. Plus, there are servers I haven't had to buy, which gets pretty expensive, especially with Windows licenses.
Kerio Control saves us time when it comes to managing security. Otherwise, I would have to invest in software running on clients, which get frustrating.
What's my experience with pricing, setup cost, and licensing?
On the low-end device that I use, it has unlimited IP addresses. So, they have a subscription model where, on the higher models, you pay X dollars for 10 IP addresses. Then, if you want any more, you have to pay more on the model. On the low-end model, it has unlimited IP addresses, because if you have too many users, the thing will just slow you down and stop working. At some point, you need to say, "Okay, I've grown to a point where performance is impacted. I need to get some bigger hardware." If I get to that stage, I will possibly look at using one of the virtual appliances and putting it on some bigger hardware.
It gets expensive pretty quickly if you need to purchase license packs. In the previous model, I was buying packs of five. It was concurrent: If you had 10 address licenses, then you can have as many devices as you want, but if you hit 10 devices, you hit your license limit. People will get frustrated. They do appear to be expensive, but I don't have anything to really compare that against. I've not done any market evaluation for quite some time, because my model has unlimited addresses, so I haven't had to think about that.
Which other solutions did I evaluate?
The comprehensiveness of the security features this solution provides is the reason why I have stuck with them for so long. It has all the features that I need, and I haven't had to go and buy separate products. However, there are competing products that have a lot of these features in them. I did toy with the SonicWall product for a little while. SonicWall, who is a subsidiary of Dell EMC, offered an appliance, but it didn't do the internal network DNS nor was it good at authentication. I think the Kerio products are more rounded for running a small network out of a single appliance and not needing other infrastructure. SonicWall was frustrating because it didn't have a lot of the features that Kerio had.
SonicWall was my first foray into appliances. Up until that point I had been using the Kerio Control software edition. I liked the idea of appliances. If you're running something on a PC, you need to have a PC running, along with fans and hard drives spinning. Your appliances, even though they're lower spec hardware, are small and quiet. At the time, SonicWall was a fair bit cheaper, but that was how I discovered it was a false economy. It just didn't have the pool of features in it that Kerio had, so I would have needed to have a number of work arounds.
Looking at Cisco's documentation, they look a bit more complex to set up than Kerio Control.
What other advice do I have?
The overall ease of use depends on your skill set. I have a networking background, so I find it okay. As you get into more advanced features, it's probably a bit technical, but I managed to find my way around it through the documentation to get things working. It has some good features in there, like you can create a firewall rule and the console lets you test that rule, which is helpful when you're trying to build a firewall rule.
One of the features that I haven't used yet is Kerio Control's high-availability/failover protection. However, it is something I would be interested in setting up in the future. We have started using it yet because we are small scale with a very small number of users.
Provides the simplicity of having a small appliance that you can rely on to configure. If someone wants a network that can be structured to keep things segregated and safe from each other, then it's a cost-effective device, which is easy enough to set up and configure.
I haven't had any security issues. However, back then, I would have been relying on an antivirus, running on clients, hoping that it would catch things.
I would rate it as a seven out of 10, but then I don't have a lot of experience with other products to compare it against. Though, from what I see and read, it's as good as anything out there. Everything is good. However, I'm a little bit concerned that I'm not getting a lot of updates. Probably if I needed more performance, it would get expensive fairly quickly.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?