Kerio Control Firewall vs. Hardware Routers

This morning I had a call from a customer who already uses Kerio® Mailserver. He had downloaded a demo of Kerio Connect Firewall and said he had a few questions. The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

"So how come you never told me about this? This is great software!"

Hmmm. Yes, it is great software. It's powerful, it's easy to use. I have customers using it and they like it a lot. So why don't I push it? Why aren't I talking it up?

Well, I guess I just haven't found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been "Naaw, we'll use a hardware router. That's a lot cheaper and easier".

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to Connect, and that cost alone would buy a pretty good router. Add the software cost of Control to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn't all that bad: a fifty user Kerio Control with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don't, and it's definitely a lot easier to find a PC and reinstall Connect than find your specific router - you won't find an Enterprise class router down at your local Staples. There's also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I've found customers tend to ignore those. Perhaps it's because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it's just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there's no good reason or excuse for that, but that's still what I see in the field.

Customers also tell me that the Control Administration Console is much easier to understand and use than the hardware appliance they used previously. There's also the matter of support: if you buy Connect Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It's an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I'm happy to help you set this up - I think you'll agree that it really can be better than a dedicated appliance.

Note: Kerio Control is now available as Windows software, a Linux VMWare image and as a dedicated hardware appliance.

9 comments

More Articles by Anthony Lawrence - Find me on Google+

Click here to add your comments




Wed Jan 17 02:19:20 2007: 2816   anonymous


Great article, I actually found that the Spam Cube is a hardware router that blocks spam, viruses, and phish using McAfee and Norton signatures, for only $150 - the part I like is that there is no bloated pc software that you have to install to make it work, its completed embedded, neat eh?



Tue Jan 23 22:47:02 2007: 2826   anonymous


Yes, I agree! KFW is the geat product in their category.



Tue Feb 5 17:55:56 2008: 3589   anonymous


I tried it and noticed one thing that I have been looking for but couldn't find in other routers, which is the ability to restrict users by their login and not by their IP. This is important in my company because employees can just go into the conference rooms or bring their personal laptop into the network to access things they are not supposed to.



Sat Mar 22 23:50:38 2008: 3873   anonymous


Kerio is great... and would be perfect if allowed to ping non windows servers and access intranet...
So.. until then ISA is still better...



Sun Mar 23 00:14:25 2008: 3874   TonyLawrence


Huh? No idea what you mean..



Wed Feb 25 03:10:55 2009: 5502   Godwin


Kerio Winroute has absolutely no competitors with the same number of features??
No hardware firewall too?
I'm looking for a list of firewalls to compare Winroute with....BUT with almost the same number of features.



Wed Feb 25 04:48:13 2009: 5503   TonyLawrence


Of course they do. Almost everything above the home firewall level has similar features.

I also sell a lot of Multitech routers - the RF850 is a full featured hardware appliance running a Linux OS. I used to sell the Fortigate line also - very impressive features, though I found their support policies far less so. Then of course there is Cisco - always feature packed and lots of support venues available, though in my opinion always at an unreasonable premium.

The article above is only meant to point out some of the advantages of PC based routers. You could make the same arguments in favor of a Linux based firewall.

At the end, it really comes down to availability and support. You can always find comparable features - pick what you need and then winnow down based on support and recoverability.







Thu Apr 22 04:12:19 2010: 8456   anonymous




more or less a firewall router is already a (small) computer with a software that act as firewall. My personal experience is good with software firewalls but better with hardware ones. They are less subject to crash/malfuncion since the os is limited and locked, they have less hardware problems (than a normal computer where many components could fail or just not work properly together). Of course talking about hardware firewall I'm NOT talking about Cisco's that made a business just being complicate to be used. Compared to that, a software firewall like Kerio's is way better. Compared to smaller Zyxel pro firewall I'm actually very glad to have them. (and by the way the router consumes less electricity.. let's go green!)



Thu Apr 22 10:03:10 2010: 8457   TonyLawrence




Kerio now has a Linux based appliance version of this - a stripped down system that ONLY runs the firewall. Install it on a small cpu and you have a dedicated appliance. See http://aplawrence.com/Kerio/winroute-advances.html

Don't miss responses! Subscribe to Comments by RSS or by Email

Click here to add your comments

If you want a picture to show with your comment, go get a Gravatar

Jump to Comments

Many of the products and books I review are things I purchased for my own use. Some were given to me specifically for the purpose of reviewing them. I resell or can earn commissions from the sale of some of these items. Links within these pages may be affiliate links that pay me for referring you to them. That's mostly insignificant amounts of money; whenever it is not I have made my relationship plain. I also may own stock in companies mentioned here. If you have any question, please do feel free to contact me.

Specific links that take you to pages that allow you to purchase the item I reviewed are very likely to pay me a commission. Many of the books I review were given to me by the publishers specifically for the purpose of writing a review. These gifts and referral fees do not affect my opinions; I often give bad reviews anyway.

We use Google third-party advertising companies to serve ads when you visit our website. These companies may use information (not including your name, address, email address, or telephone number) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, click here.