Now we have a better overview of all our internet connections and LAN-to-LAN connections.
Navigation through options and configure them is just two mouse clicks away. Lots of information without need of an external tool.
Really easy and user friendly GUI
Traffic shaping options
QoS management is great
VLAN options per interface
Proxy and Reverse proxy with SSL options
Two step authentication
The real-time built-in monitoring applications
Intrusion prevention system
Easy monitoring and configuration of the routing table
Guest interface feature
Improvements to My Organization
We had several routers in our environment, including Linux firewalls and Cisco PIX for user and site-to-site VPN connections, all of them were replaced by Kerio Control. The improvement was instant as now we have a better overview of all our internet connections and LAN-to-LAN connections. We even have a better control of our site-to-site VPN tunnels.
Room for Improvement
The VPN configuration because if you need specific VPN parameters you have to configure them through the CLI of the appliance. These options are not available in the GUI. The intrusion prevention system is good, but it could be better and you cannot configure per IP exceptions. Some diagnostic tools can be improved too, however they are good enough to the everyday usage. Last,lu the Ubuntu/Debian VPN client can be improved a lot.
It does not offer high availability option yet, however you can do that through VMware's fault-tolerance feature.
Guest Interface has a built-in web site for access to the internet (like a hotspot). In some cases, guest users cannot see this interface and then they cannot navigate/use the internet, however this only happens on rare occasions.
Use of Solution
I have used this for four years in several locations, and all of them are happy with it.
We had no issues deploying it.
Kerio Control can be used with three internet connection modes:
Single internet connection
If you put the appliance in Fail-Over mode it will simply FAIL, and will bypass your routing rules. It will start balancing connections (even when you have not configure it) and the stability will be annoyingly poor. However, the user manual says that you have to put it on Load-Balancing mode if you want to use routing policies which is contradictory, but that's how it works. When you put the appliance in Load-Balancing mode it i will work great.
Once again you have to double-check licenses, remembering the licences count the IP that is passing through the firewall to the internet, and site-to-site connections will not count.
Customer Service and Technical Support
Here in Argentina they are terrible, as they will not answer emails and will not reurn the phone calls. Otherwise Kerio support is great.
We had a mix of Linux IPtables and Cisco appliances. We switched because the business needs a quicker and more precise response from IT.. Now, with a clicks, we can see everything.
It's not complex at all, however I have to modify the virtual appliance because it came with the E1000 virtual network adapter. I removed them and put VMXNet3 in instead. I also had to change the amount of default configured RAM. It's now working great.
I implemented it myself as it's really easy to setup and use.
Pricing, Setup Cost and Licensing
To test it, you can setup a mini-lab inside of a VMware hypervisor. The major problem that you will find with this is the licensing, as it´s confusing and you have to remember that they licence the appliance per IP basis. The basic licence includes five users and 25 IPs for every device that pases through the firewall which counts as a used licence. If you have one user connected to the VPN and 24 devices using the internet (Tablets, Phones, VoIP phones, computers) then you are using 25 of the available IPs so no-one else would be allowed to use the VPN or navigate through the firewall until the VPN user disconnects, or one of the devices is not being used to connect to the internet. So you have to double-check how many IP address/users you will need before buy and deploy it. Luckily for us, Kerio offered a 30 day free trial for testing. Also, they sell the product with Sophos AV and a really good content filter.
The Main Dashboard
Disclosure: I am a real user, and this review is based on my own experience and opinions.