Kerio Control Firewall vs. Hardware Routers

This morning I had a call from a customer who already uses Kerio Mailserver. He had downloaded a demo of Kerio Connect Firewall and said he had a few questions. The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

"So how come you never told me about this? This is great software!"

Hmmm. Yes, it is great software. It's powerful, it's easy to use. I have customers using it and they like it a lot. So why don't I push it? Why aren't I talking it up?

Well, I guess I just haven't found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been "Naaw, we'll use a hardware router. That's a lot cheaper and easier".

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to Connect, and that cost alone would buy a pretty good router. Add the software cost of Control to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn't all that bad: a fifty user Kerio Control with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don't, and it's definitely a lot easier to find a PC and reinstall Connect than find your specific router - you won't find an Enterprise class router down at your local Staples. There's also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I've found customers tend to ignore those. Perhaps it's because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it's just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there's no good reason or excuse for that, but that's still what I see in the field.

Customers also tell me that the Control Administration Console is much easier to understand and use than the hardware appliance they used previously. There's also the matter of support: if you buy Connect Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It's an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I'm happy to help you set this up - I think you'll agree that it really can be better than a dedicated appliance.

Note: Kerio Control is now available as Windows software, a Linux VMWare image and as a dedicated hardware appliance.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> -> Kerio Winroute Firewall vs. Hardware Routers


9 comments



Increase ad revenue 50-250% with Ezoic


More Articles by

Find me on Google+

© Anthony Lawrence







Wed Jan 17 02:19:20 2007: 2816   anonymous


Great article, I actually found that the Spam Cube is a hardware router that blocks spam, viruses, and phish using McAfee and Norton signatures, for only $150 - the part I like is that there is no bloated pc software that you have to install to make it work, its completed embedded, neat eh?



Tue Jan 23 22:47:02 2007: 2826   anonymous


Yes, I agree! KFW is the geat product in their category.



Tue Feb 5 17:55:56 2008: 3589   anonymous


I tried it and noticed one thing that I have been looking for but couldn't find in other routers, which is the ability to restrict users by their login and not by their IP. This is important in my company because employees can just go into the conference rooms or bring their personal laptop into the network to access things they are not supposed to.



Sat Mar 22 23:50:38 2008: 3873   anonymous


Kerio is great... and would be perfect if allowed to ping non windows servers and access intranet...
So.. until then ISA is still better...



Sun Mar 23 00:14:25 2008: 3874   TonyLawrence

gravatar
Huh? No idea what you mean..



Wed Feb 25 03:10:55 2009: 5502   Godwin

gravatar
Kerio Winroute has absolutely no competitors with the same number of features??
No hardware firewall too?
I'm looking for a list of firewalls to compare Winroute with....BUT with almost the same number of features.



Wed Feb 25 04:48:13 2009: 5503   TonyLawrence

gravatar
Of course they do. Almost everything above the home firewall level has similar features.

I also sell a lot of Multitech routers - the RF850 is a full featured hardware appliance running a Linux OS. I used to sell the Fortigate line also - very impressive features, though I found their support policies far less so. Then of course there is Cisco - always feature packed and lots of support venues available, though in my opinion always at an unreasonable premium.

The article above is only meant to point out some of the advantages of PC based routers. You could make the same arguments in favor of a Linux based firewall.

At the end, it really comes down to availability and support. You can always find comparable features - pick what you need and then winnow down based on support and recoverability.







Thu Apr 22 04:12:19 2010: 8456   anonymous

gravatar


more or less a firewall router is already a (small) computer with a software that act as firewall. My personal experience is good with software firewalls but better with hardware ones. They are less subject to crash/malfuncion since the os is limited and locked, they have less hardware problems (than a normal computer where many components could fail or just not work properly together). Of course talking about hardware firewall I'm NOT talking about Cisco's that made a business just being complicate to be used. Compared to that, a software firewall like Kerio's is way better. Compared to smaller Zyxel pro firewall I'm actually very glad to have them. (and by the way the router consumes less electricity.. let's go green!)



Thu Apr 22 10:03:10 2010: 8457   TonyLawrence

gravatar


Kerio now has a Linux based appliance version of this - a stripped down system that ONLY runs the firewall. Install it on a small cpu and you have a dedicated appliance. See
(link)

------------------------
Kerio Connect Mailserver

Kerio Samepage

Kerio Control Firewall

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





The real problem is that programmers have spent far too much time worrying about efficiency in the wrong places and at the wrong times; premature optimization is the root of all evil (or at least most of it) in programming. (Donald Knuth)

The psychological profiling [of a programmer] is mostly the ability to shift levels of abstraction, from low level to high level. To see something in the small and to see something in the large. (Donald Knuth)








This post tagged: