(OLDER) <- More Stuff -> (NEWER) (NEWEST)
Printer Friendly Version

Kerio Winroute Firewall vs. Hardware Routers

2006/12/26

This morning I had a call from a customer who already uses Kerio Mailserver. He had downloaded a demo of Kerio WinRoute Firewall and said he had a few questions. The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

"So how come you never told me about this? This is great software!"

Hmmm. Yes, it is great software. It's powerful, it's easy to use. I have customers using it and they like it a lot. So why don't I push it? Why aren't I talking it up?

Well, I guess I just haven't found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been "Naaw, we'll use a hardware router. That's a lot cheaper and easier".

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to WinRoute, and that cost alone would buy a pretty good router. Add the software cost of Winroute to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn't all that bad: a fifty user Kerio Winroute with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don't, and it's definitely a lot easier to find a PC and reinstall WinRoute than find your specific router - you won't find an Enterprise class router down at your local Staples. There's also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I've found customers tend to ignore those. Perhaps it's because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it's just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there's no good reason or excuse for that, but that's still what I see in the field.

Customers also tell me that the Winroute Administration Console is much easier to understand and use than the hardware appliance they used previously. There's also the matter of support: if you buy WinRoute Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It's an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I'm happy to help you set this up - I think you'll agree that it really can be better than a dedicated appliance.

Click here to add your comments

Wed Jan 17 02:19:20 2007: Subject: Spam Cube anonymous

Great article, I actually found that the Spam Cube is a hardware router that blocks spam, viruses, and phish using McAfee and Norton signatures, for only $150 - the part I like is that there is no bloated pc software that you have to install to make it work, its completed embedded, neat eh?

Tue Jan 23 22:47:02 2007: Subject: anonymous

Yes, I agree! KFW is the geat product in their category.

Tue Feb 5 17:55:56 2008: Subject: anonymous

I tried it and noticed one thing that I have been looking for but couldn't find in other routers, which is the ability to restrict users by their login and not by their IP. This is important in my company because employees can just go into the conference rooms or bring their personal laptop into the network to access things they are not supposed to.

Sat Mar 22 23:50:38 2008: Subject: unix / vpn anonymous

Kerio is great... and would be perfect if allowed to ping non windows servers and access intranet...
So.. until then ISA is still better...

Sun Mar 23 00:14:25 2008: Subject: TonyLawrence

Huh? No idea what you mean..

Wed Feb 25 03:10:55 2009: Subject: Godwin

Kerio Winroute has absolutely no competitors with the same number of features??
No hardware firewall too?
I'm looking for a list of firewalls to compare Winroute with....BUT with almost the same number of features.

Wed Feb 25 04:48:13 2009: Subject: TonyLawrence

Of course they do. Almost everything above the home firewall level has similar features.

I also sell a lot of Multitech routers - the RF850 is a full featured hardware appliance running a Linux OS. I used to sell the Fortigate line also - very impressive features, though I found their support policies far less so. Then of course there is Cisco - always feature packed and lots of support venues available, though in my opinion always at an unreasonable premium.

The article above is only meant to point out some of the advantages of PC based routers. You could make the same arguments in favor of a Linux based firewall.

At the end, it really comes down to availability and support. You can always find comparable features - pick what you need and then winnow down based on support and recoverability.

Control Spam and Viruses

Run your own mailserver

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Why no "Digg this!" etc.?

Take Control of Easy Backups in Leopard

Take Control of Fonts in Leopard

Take Control of Screen Sharing in Leopard

Take Control of Permissions in Leopard

Printer Friendly Version

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.

Printer Friendly Version

book graphic unix and linux troubleshooting guide

My Troubleshooting E-Book will show you how to solve tough problems on Linux and Unix systems!

I sell and support
Kerio Mail server

More:

- Kerio

- Kerio Info

- Kerio Pricing

- Networking

Unix/Linux Consultants

Skills Tests

Guest Post Here

My Favorites