Kerio Control 7 review

Kerio’s Control 7 software aims to offer a cost-effective alternative to security appliances, and it looks to have every base covered. You can use it to turn an old PC into a fully fledged gateway security appliance, but Kerio also provides virtual machines for VMware – it will run on 32- and 64-bit Windows systems as well.

The basic product offers an SPI firewall plus Kerio’s proprietary VPNs, and new features include IPS, MAC address filtering, P2P app controls, antivirus scanning from Sophos, and improved management tools. Antispam isn’t an option, but you can add Kerio’s URL filtering service for a modest sum.

Hardware requirements for a donor system are low, and we tested using an old PC with a 2.4GHz Celeron, 1GB of memory and a 40GB IDE hard disk. Installation took less than five minutes.

All versions of Control can be accessed via a web browser that provides detailed traffic and user statistics, plus basic management functions. For full access download the Kerio administrative console, which can be done directly from the web interface.

A wizard helps set up internet access, secure administrative access, and create basic firewall rules. Multiple internet links are supported and the software can apply QoS, bandwidth restrictions, failover and load balancing.

Firewall rules are easy to create, and Kerio supports transparent and non-transparent HTTP proxy operations. User authentication can be carried out locally or via Active Directory.

Antivirus scanning is applied to HTTP, FTP, SMTP and POP3 traffic, and infected messages can be tagged and attachments stripped out. HTTP content filtering uses rulesets to decide what may be accessed, and a web cache can be used to speed up client responses.

The optional Web Filter provides 22 main URL categories to block or allow. With the games and gambling categories blocked, we were unable to access any of these types of sites, including all social networking sites.

The new IPS feature shouldn’t be sniffed at, since this is handled by the well-respected Snort. You can update the signature database as often as every few minutes, and three threat severity levels are used to decide whether to allow, log or block dubious incoming traffic.

P2P file sharing can also be controlled. You can either block all traffic, stop only P2P traffic or limit available bandwidth. Kerio’s SSL VPNs are only supported in the Windows version.

Control 7 supports a wide range of platforms and is easier to use than Astaro’s Security Gateway. It beats most hardware appliances for value, but don’t forget to factor in Kerio’s annual subscription fees, and check out the A-Listed Netgear ProSecure UTM5 appliance since this doesn’t cost much more and also includes antispam measures.