Kerio Winroute Firewall vs. Hardware Routers

This morning I had a call from a customer who already uses Kerio Mailserver. He had downloaded a demo of Kerio WinRoute Firewall and said he had a few questions. The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

"So how come you never told me about this? This is great software!"

Hmmm. Yes, it is great software. It's powerful, it's easy to use. I have customers using it and they like it a lot. So why don't I push it? Why aren't I talking it up?

Well, I guess I just haven't found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been "Naaw, we'll use a hardware router. That's a lot cheaper and easier".

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to WinRoute, and that cost alone would buy a pretty good router. Add the software cost of Winroute to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn't all that bad: a fifty user Kerio Winroute with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don't, and it's definitely a lot easier to find a PC and reinstall WinRoute than find your specific router - you won't find an Enterprise class router down at your local Staples. There's also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I've found customers tend to ignore those. Perhaps it's because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it's just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there's no good reason or excuse for that, but that's still what I see in the field.

Customers also tell me that the Winroute Administration Console is much easier to understand and use than the hardware appliance they used previously. There's also the matter of support: if you buy WinRoute Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It's an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I'm happy to help you set this up - I think you'll agree that it really can be better than a dedicated appliance.

Comments /Kerio/winroute_firewall.html


Wed Jan 17 02:19:20 2007: Subject: Spam Cube   anonymous
Great article, I actually found that the Spam Cube is a hardware router that blocks spam, viruses, and phish using McAfee and Norton signatures, for only $150 - the part I like is that there is no bloated pc software that you have to install to make it work, its completed embedded, neat eh?



Tue Jan 23 22:47:02 2007: Subject:   anonymous
Yes, I agree! KFW is the geat product in their category.



Tue Feb 5 17:55:57 2008: Subject:   anonymous


I tried it and noticed one thing that I have been looking for but couldn't find in other routers, which is the ability to restrict users by their login and not by their IP. This is important in my company because employees can just go into the conference rooms or bring their personal laptop into the network to access things they are not supposed to.

Sat Mar 22 23:50:38 2008: Subject: unix / vpn   anonymous


Kerio is great... and would be perfect if allowed to ping non windows servers and access intranet...
So.. until then ISA is still better...

Sun Mar 23 00:14:26 2008: Subject:   TonyLawrence


Huh? No idea what you mean..

Add your comments

Why no "Digg this!" etc.?

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Control Spam and Viruses

Run your own mailserver

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here