Software developer Kerio is clearly having a bit of a spring clean. First it revamped and renamed its Kerio Connect email/collaboration server, and now it's the turn of another core product, the venerable WinRoute firewall.
Henceforth to be known as Kerio Control, WinRoute has been marketed for some time as a UTM (unified threat management) offering to provide small to medium sized networks with gateway protection against a variety of common threats.
To this end, previous releases have added a clutch of extra services beyond basic firewall security, including anti-virus scanning which, in the new version, is switched from McAfee to a Sophos engine.
In recent years web content filtering and secure remote access have also been added, with intrusion detection and prevention tools, based on open source Snort technology, rounding off the armoury in this latest version.
Scaling for users and traffic
One of the big advantages of a software-based security product like Kerio Control 7 is the ability to scale the host hardware to suit the number of users and amount of traffic. Alternatives based on custom hardware appliances are much harder to scale, and customers often have to buy something bigger or better to cope with changing demands.
Windows is the preferred operating system here, with support for any 32-bit or 64-bit implementation (desktop or server) from Windows 2000 onwards. The only real stipulations are a dedicated host for performance and security reasons, plus at least two network interfaces, to enable Kerio Control to act as an internet gateway. However, you're not just limited to two as there are built-in tools to manage and guarantee bandwidth when multiple NICs are installed.
A custom appliance implementation complete with a Linux host operating system is another option. Plus there's a virtual machine version, again Linux-based, available in either VMware VMX or Open Virtualization Format. We started with the VMware appliance, one advantage being that it took just a few minutes to get up and running under VMware Workstation. However, for completeness, we also tried a full Windows deployment, which similarly proved very easy and almost as quick to install.
Management is the same whether using the Windows or Linux implementation with two interfaces on offer - a dedicated Windows console and a web-based implementation - both of which can be run remotely. The two look much the same, but it's important not to do what we did and assume that the web console can do everything, as is the case with Kerio Connect.
The web interface can do a lot more in this release of Kerio Control, but you still have to use the Windows console for some tasks, such as licensing the product and gaining access to the very useful Traffic Rules Wizard for initial configuration. Likewise there are some things the web console can do which can't be managed from Windows. Hopefully Kerio will get this sorted soon, as it can be confusing.