Kerio Technologies Kerio Control v7.4
March 01, 2013
$265 for software appliance, plus five users, $26 per additional users.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Simple setup, documentation geared for novice administrators.
- Weaknesses: VPN implementation is currently proprietary, light on reporting.
- Verdict: Great for small businesses or novice administrators, administrators with more complex environments may want to wait
The term "unified threat management" can sound intimidating to administrators lacking in information security experience. Fortunately, basic UTM protection doesn't need to be overly complex, and Kerio Technologies' Kerio Control product is a great example of that.
The product we tested was provided as a VMware virtual appliance. Following the quick setup guide, it was a simple matter of importing the appliance into our ESX environment and starting the tool. Through the console, we set up our trusted and untrusted interfaces and chose an administration password. All further configuration was performed through the product's web interface. On first login, we were presented with a configuration assistant wizard, which guided us through installing our license and setting up a basic traffic policy.
Kerio Control provides a clear, snappy interface for administration. The administrator is provided with a clean, configurable dashboard on login, which offers a number of system status charts. All device features are listed in a hierarchal menu on the left-hand side, with configuration options presented on the right. All of the features we'd expect are present, including a basic firewall, intrusion prevention system, content filter, perimeter anti-virus scanner and VPN. It also can serve as a dynamic host configuration protocol (DHCP) and domain name system (DNS) server.
While intended to be used as the default gateway, the product also can be configured as a proxy server for content filtering purposes. The intrusion prevention system (IPS) is signature-based, with signatures updated automatically on a configurable schedule. Anti-virus services are provided by Sophos, with signatures again updated on a configurable schedule. The content filter supports rules based on IP address groups, URL groups and keywords. Lightweight directory access protocol (LDAP) integration is supported, which makes user-based content filtering extremely easy to implement.
The product's documentation is very good. Guides are provided for the initial appliance installation, initial configuration and ongoing administration. Presented as PDFs, they are well-organized and seemingly tailored for administrators without extensive UTM experience. One negative thing we noticed was their recommendation that administrators allow access to the administration front-end from the untrusted interface. While we acknowledge that it would make remote administration easier, it really does not follow best practices, so we recommend reading the documentation with a critical eye.
Product support is offered on a 24/5 basis, and is provided via phone or email. Kerio also maintains an online knowledge base and active user support forums.
Kerio Control starts at a cost of $265 for the software appliance with five user licenses. Additional user license are priced at $26 per user. Software maintenance is $9 per user per year. Support is free during an initial 90-day implementation period. After that, Kerio allows two free support calls per year and charges $80 per incident after that.