Kerio Control Review

Now we have a better overview of all our internet connections and LAN-to-LAN connections.

Valuable Features

Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool.

  • Site-to-Site VPN
  • Easy configuration
  • Really easy and user friendly GUI
  • Stability
  • AD integration
  • Traffic shaping options
  • QoS management is great
  • VLAN options per interface
  • Proxy and Reverse proxy with SSL options
  • Two step authentication
  • The real-time built-in monitoring applications
  • Intrusion prevention system
  • DNS redirection
  • Easy monitoring and configuration of the routing table
  • Guest interface feature

Improvements to My Organization

We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our internet connections and LAN-to-LAN connections. We even have a better control of our site-to-site VPN tunnels.

Room for Improvement

The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you cannot configure per IP exceptions. Some diagnostic tools can be improved too, however they are good enough to the everyday usage. Last,lu the Ubuntu/Debian VPN client can be improved a lot.

It does not offer high availability option yet, however you can do that through VMware's fault-tolerance feature.

Guest Interface has a built-in web site for access to the internet (like a hotspot). In some cases, guest users cannot see this interface and then they cannot navigate/use the internet, however this only happens on rare occasions.

Use of Solution

I have used this for four years in several locations, and all of them are happy with it.

Deployment Issues

We had no issues deploying it.

Stability Issues

Kerio Control can be used with three internet connection modes:

  • Single internet connection
  • Fail-Over
  • Load-Balancig.

If you put the appliance in Fail-Over mode it will simply FAIL, and will bypass your routing rules. It will start balancing connections (even when you have not configure it) and the stability will be annoyingly poor. However, the user manual says that you have to put it on Load-Balancing mode if you want to use routing policies which is contradictory, but that's how it works. When you put the appliance in Load-Balancing mode it i will work great.

Scalability Issues

Once again you have to double-check licenses, remembering the licences count the IP that is passing through the firewall to the internet, and site-to-site connections will not count.

Customer Service and Technical Support

Here in Argentina they are terrible, as they will not answer emails and will not reurn the phone calls. Otherwise Kerio support is great.

Previous Solutions

We had a mix of Linux IPtables and Cisco appliances. We switched because the business needs a quicker and more precise response from IT.. Now, with a clicks, we can see everything.

Initial Setup

It's not complex at all, however I have to modify the virtual appliance because it came with the E1000 virtual network adapter. I removed them and put VMXNet3 in instead. I also had to change the amount of default configured RAM. It's now working great.

Implementation Team

I implemented it myself as it's really easy to setup and use.

Pricing, Setup Cost and Licensing

To test it, you can setup a mini-lab inside of a VMware hypervisor. The major problem that you will find with this is the licensing, as it´s confusing and you have to remember that they licence the appliance per IP basis. The basic licence includes five users and 25 IPs for every device that pases through the firewall which counts as a used licence. If you have one user connected to the VPN and 24 devices using the internet (Tablets, Phones, VoIP phones, computers) then you are using 25 of the available IPs so no-one else would be allowed to use the VPN or navigate through the firewall until the VPN user disconnects, or one of the devices is not being used to connect to the internet. So you have to double-check how many IP address/users you will need before buy and deploy it. Luckily for us, Kerio offered a 30 day free trial for testing. Also, they sell the product with Sophos AV and a really good content filter.

Other Advice

Connection Monitor

Debug Area

The Main Dashboard

Traffic Rules

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Sign Up with Email