GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from

Home » GFI User Forums » Kerio Control » Leaving Kerio Control
icon13.gif  Leaving Kerio Control [message #112256] Sun, 06 April 2014 19:22 Go to next message
credo is currently offline  credo
Messages: 13
Registered: January 2009
Location: Tallinn

After long battle and having migrated from Fortigate to Kerio Control in December 2013 I'm going back to Fortigate.
It's not the decision I'd like to do but nothing to do. Here are some of my thoughts about this product.
- since beginning my interest has been use Kerio Control as policy based firewall only. No users except admin acoount and that is all. I just don't have any other needs.
- I really do like it's configuration being easy and painless. Assign desired NIC to play any role and forget. All works like a charm.
- Creating policies is easy. But there are some drawbacks, that may end up stopping all traffic and messing up policies. For example as CheckPoint, there is no policy redundancy and conflict control mechanism.
- I admire smoothness of failover from one WAN to another and then back. Or third. No ping is gone lost.
- Since beginning I have wished and wanted to use it as Software appliance installed on my hardware. Server platform I have selected is pure Intel only. With additional Intel 4 ports NIC cards. Intel SSD drives and Intel RAID adapter. It almost works like a charm (except 2 intergrated LAN ports that are supported by Intel in Linux but not in Kerio Control).
- Utilisation is perfect. Even in my case where 99,5% of the traffic are small UDP packets (video and broadcast).
- And now reasons I'm quitting:
-- IP checksum offload issue. It is essential for us to use digital signatures that are running over OCSP queries. And Kerio is taking it down. Have testest on same hardware with Checkpoint - no issues. Smoothwall - no issues. With Kerio - not possible.
Help from support is basically not existing. Just considering fact that it's not working and I'm on my own with my hardware.
-- Session termination. Websites that are running on http are terminated suddenly, without any logic, randomly. Sometimes it needs to get 2-3-4 refresh until page loads. And it IS annoying. As we do have 24/7/365 business that runs on web based applications, it is VERY damaging to business.
-- DNS forwarding works and then just stops. I've already set up additional internal DNS so it's not that big issue. But locating this issue root source was painful. And brought downtime to services.
-- If i'm using network and adding to same NIC network then most likely they don't work together well. I can ping, trace but resources in newly added range are not accesing anywhere. The answer that I got from forum was "i am stuping to make additional networks like this, should have done /22 network since beginning". Sorry guys, but this answer is stupid.

I consider all costs I've made to get Kerio licenses, hardware, my own time and effort as lesson to future = Kerio makes worlds best mail servers. And they should stick to this (eventhough new mail interface looks like poor brother of Google).

Thank you and have a nice end of this week.

[Updated on: Sun, 06 April 2014 19:26]

Report message to a moderator

Re: Leaving Kerio Control [message #112679 is a reply to message #112256] Tue, 15 April 2014 21:45 Go to previous messageGo to next message
spock is currently offline  spock
Messages: 5
Registered: June 2007
Location: canada
Hi Credo,

Sorry to hear that about Kerio Connect.

I have similar problem about the ( Sometimes it needs to get 2-3-4 refresh until page loads.)

Sometime the web page is not showing complete need to refresh several time to get all contents.

Another things is annoying us, after a fresh reboot Kerio Connect ran very fast (Web browsing is fast ) but after sometime we experience some slowness during browsing.

But for the rest Kerio Connect is very good.

Kind Regards,

Re: Leaving Kerio Control [message #112732 is a reply to message #112256] Thu, 17 April 2014 06:41 Go to previous messageGo to next message
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
We are sorry to hear that you are leaving and thank you for your opinions with Kerio Control. Please accept our apologies that we could not be there for you before you made the decision.

Personally I started using Winroute (Kerio Control's previously name as most of you might know) in 2000, at the time I was involved in a few bank projects and managed 3 McAfee WebShield Solaris based firewalls (Formerly Gauntlet, before SecureComputer acquired the product, costed AU$20K each if I remember correctly) and my impression on WinRoute was far better than Webshield. I was also certified in Checkpoint Firewall at the time. Now I am working for Kerio and I am even more impressed with the product.

And like any products, there are always imperfection. That is the reason of the existance of these forums and the 24/7 Technical Support team to provide help.

If one day in the future you would like to consider using Kerio Control, or any other Kerio products again, please do let us know if there is anything we can do to help

You can contact Technical Support on the following URL:


PTSD. BP. OCD. ASPD. BPD. Certified.
Re: Leaving Kerio Control [message #112797 is a reply to message #112732] Mon, 21 April 2014 18:21 Go to previous message
benjalamelami is currently offline  benjalamelami
Messages: 72
Registered: October 2010
Location: Cali

I too had to take out the Kerio Control out of the DNS resolution and forwarding. Several requests where not solved and as a consequence, some emails where not sent and many users where not able to browse pages needed for their work.
Previous Topic: Your Freedom,
Next Topic: By-pass authentication
Goto Forum:

Current Time: Tue May 30 04:14:04 CEST 2023

Total time taken to generate the page: 0.05429 seconds