As well as a new name, Kerio's venerable software-based firewall gets new intrusion detection and other tools to further justify its positioning as an integrated unified threat management solution. Easy to set up and manage, a switch from McAfee to Sophos for gateway anti-virus scanning is another key feature of the new version, with web content filtering via a categorised URL database an optional extra. It does what it claims, runs on Windows or as a self-contained Linux appliance, and ticks most of the small business UTM boxes.
Firewall/router plus gateway anti-virus and content filtering; software-based for flexible scaling; new intrusion detection tools; Sophos anti-virus engine; second anti-virus scanner can be configure.
Separate Windows and web management consoles with differing capabilities; limited SSL VPN capabilities.
From £175 for five users
Host server requirements:
1GHz processor or faster, minimum 1GB of RAM, 8GB of disk space for product, logs and data, two or more network interfaces recommended, Windows Server 2000, 2003, 2008, 2008R2 (32/64-bit) or Windows XP/Vista/7 (32/64-bit). Software appliance requirements:
500MHz processor or faster, 1GB RAM, 8GB disk space, at least one Ethernet adapter supported by Linux 2.6.30 kernel. VMware virtual appliance:
VMware Workstation 6.5 or later, VMware Server 1.0/2.0, VMware Player 2.5/3.0, ESX/ESXi 3.5/4.0. Kerio VPN client:
256MB memory, 5MB disk space, Windows 2000, 2003, 2008, 2008R2, XP, Vista, Windows 7 (32/64-bit), Debian 5.0/Ubuntu 8.04 (32-bit), Mac OSX 10.4 or higher.
Software developer Kerio is clearly having a bit of a spring clean. First it revamped and renamed its Kerio Connect email/collaboration server, and now it's the turn of another core product, the venerable WinRoute firewall.
Henceforth to be known as Kerio Control, WinRoute has been marketed for some time as a UTM (unified threat management) offering to provide small to medium sized networks with gateway protection against a variety of common threats.
To this end, previous releases have added a clutch of extra services beyond basic firewall security, including anti-virus scanning which, in the new version, is switched from McAfee to a Sophos engine.
In recent years web content filtering and secure remote access have also been added, with intrusion detection and prevention tools, based on open source Snort technology, rounding off the armoury in this latest version.
Scaling for users and traffic
One of the big advantages of a software-based security product like Kerio Control 7 is the ability to scale the host hardware to suit the number of users and amount of traffic. Alternatives based on custom hardware appliances are much harder to scale, and customers often have to buy something bigger or better to cope with changing demands.
Windows is the preferred operating system here, with support for any 32-bit or 64-bit implementation (desktop or server) from Windows 2000 onwards. The only real stipulations are a dedicated host for performance and security reasons, plus at least two network interfaces, to enable Kerio Control to act as an internet gateway. However, you're not just limited to two as there are built-in tools to manage and guarantee bandwidth when multiple NICs are installed.
A custom appliance implementation complete with a Linux host operating system is another option. Plus there's a virtual machine version, again Linux-based, available in either VMware VMX or Open Virtualization Format. We started with the VMware appliance, one advantage being that it took just a few minutes to get up and running under VMware Workstation. However, for completeness, we also tried a full Windows deployment, which similarly proved very easy and almost as quick to install.
Management is the same whether using the Windows or Linux implementation with two interfaces on offer - a dedicated Windows console and a web-based implementation - both of which can be run remotely. The two look much the same, but it's important not to do what we did and assume that the web console can do everything, as is the case with Kerio Connect.
The web interface can do a lot more in this release of Kerio Control, but you still have to use the Windows console for some tasks, such as licensing the product and gaining access to the very useful Traffic Rules Wizard for initial configuration. Likewise there are some things the web console can do which can't be managed from Windows. Hopefully Kerio will get this sorted soon, as it can be confusing.