Kerio Control Review

Now we have a better overview of all our internet connections and LAN-to-LAN connections.


What is most valuable?

Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool.

  • Site-to-Site VPN
  • Easy configuration
  • Really easy and user friendly GUI
  • Stability
  • AD integration
  • Traffic shaping options
  • QoS management is great
  • VLAN options per interface
  • Proxy and Reverse proxy with SSL options
  • Two step authentication
  • The real-time built-in monitoring applications
  • Intrusion prevention system
  • DNS redirection
  • Easy monitoring and configuration of the routing table
  • Guest interface feature

How has it helped my organization?

We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our internet connections and LAN-to-LAN connections. We even have a better control of our site-to-site VPN tunnels.

What needs improvement?

The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you cannot configure per IP exceptions. Some diagnostic tools can be improved too, however they are good enough to the everyday usage. Last,lu the Ubuntu/Debian VPN client can be improved a lot.

It does not offer high availability option yet, however you can do that through VMware's fault-tolerance feature.

Guest Interface has a built-in web site for access to the internet (like a hotspot). In some cases, guest users cannot see this interface and then they cannot navigate/use the internet, however this only happens on rare occasions.

For how long have I used the solution?

I have used this for four years in several locations, and all of them are happy with it.

What was my experience with deployment of the solution?

We had no issues deploying it.

What do I think about the stability of the solution?

Kerio Control can be used with three internet connection modes:

  • Single internet connection
  • Fail-Over
  • Load-Balancig.

If you put the appliance in Fail-Over mode it will simply FAIL, and will bypass your routing rules. It will start balancing connections (even when you have not configure it) and the stability will be annoyingly poor. However, the user manual says that you have to put it on Load-Balancing mode if you want to use routing policies which is contradictory, but that's how it works. When you put the appliance in Load-Balancing mode it i will work great.

What do I think about the scalability of the solution?

Once again you have to double-check licenses, remembering the licences count the IP that is passing through the firewall to the internet, and site-to-site connections will not count.

How are customer service and technical support?

Here in Argentina they are terrible, as they will not answer emails and will not reurn the phone calls. Otherwise Kerio support is great.

Which solution did I use previously and why did I switch?

We had a mix of Linux IPtables and Cisco appliances. We switched because the business needs a quicker and more precise response from IT.. Now, with a clicks, we can see everything.

How was the initial setup?

It's not complex at all, however I have to modify the virtual appliance because it came with the E1000 virtual network adapter. I removed them and put VMXNet3 in instead. I also had to change the amount of default configured RAM. It's now working great.

What about the implementation team?

I implemented it myself as it's really easy to setup and use.

What's my experience with pricing, setup cost, and licensing?

To test it, you can setup a mini-lab inside of a VMware hypervisor. The major problem that you will find with this is the licensing, as it´s confusing and you have to remember that they licence the appliance per IP basis. The basic licence includes five users and 25 IPs for every device that pases through the firewall which counts as a used licence. If you have one user connected to the VPN and 24 devices using the internet (Tablets, Phones, VoIP phones, computers) then you are using 25 of the available IPs so no-one else would be allowed to use the VPN or navigate through the firewall until the VPN user disconnects, or one of the devices is not being used to connect to the internet. So you have to double-check how many IP address/users you will need before buy and deploy it. Luckily for us, Kerio offered a 30 day free trial for testing. Also, they sell the product with Sophos AV and a really good content filter.

What other advice do I have?

Connection Monitor

Debug Area

The Main Dashboard

Traffic Rules


Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email