Kerio Control NG100 review

A compact unified threat-management appliance that’s ideal for small or remote offices

IT Pro Recommended
Price
£389
  • Robust set of features; Strong web filtering rules;
  • No SSL VPN support;

Kerio's Control NG100 is the smallest UTM appliance we've ever seen, but the manufacturer has managed to pack plenty into this palm-sized slab of steel. It runs the full version of Kerio's Control software, providing SPI firewalling, IPsec VPNs, IPS, deep-packet inspection and bandwidth management. In addition, you also get Kerio's own Web Filter service and Sophos' gateway antivirus.

It's good value, too: inside beats a dual-core 1.33GHz Atom CPU, with 4GB of DDR3L RAM, 32GB of mSATA storage and three Gigabit ports. The 389 price includes a one-year licence for all software and signature updates. After this period, the maintenance cost is 122 per year, which includes updates to the Control, Sophos AV and Web Filter services.

The NG100 is aimed at small firms and remote offices, but you don't have to count seats too carefully, as the licence is for unlimited users. The only limitation is the bandwidth of the hardware itself: Kerio claims a UTM throughput of 30Mbits/sec.

Installation was swift: the web console's activation wizard automatically sorted out internet access and created a base set of firewall rules. It assigned WAN duties to the first Gigabit port, and grouped the other two together as a LAN switch along with DHCP services. If you prefer, these ports can be configured separately, each with their own firewall rules and DHCP services, and given separate weightings for traffic prioritisation.

Setting up the firewall was easy: we had no problem choosing from the extensive list of predefined services, selecting sources and destinations and applying block or allow actions to the traffic. IPS is handled by the well-respected Snort, which can be enabled for all traffic with a single click and updated automatically every hour.

The web-filtering service recognises 150 categories of site, which you can blacklist or whitelist: it worked well for us, with none of our test URLs slipping through the net - save a few bingo sites. Kerio doesn't offer anti-spam services, but the Sophos AV scanner can be applied not only to HTTP and FTP traffic, but to SMTP and POP3 too, allowing the NG100 to provide some measure of mail protection.

The NG100 supports transparent and non-transparent HTTP proxy operations, and you can apply user authentication locally or via Active Directory. You can also use one of the LAN switch ports to host a separate guest network: in this mode, the NG100 automatically sets up DHCP services and configures a firewall rule to allow guest internet access. When users first connect, they're sent to a customisable welcome page, which is hard-coded to block access to the rest of the LAN. But add an AUP to the welcome page, and the web filter doesn't apply to guest traffic.

The NG100 doesn't support SSL VPNs, but Kerio's proprietary VPN server is easy to configure. All we had to do was enable the service, choose the default certificate, and activate the predefined firewall rule to allow inbound VPN access. Control VPN clients are available for Windows, OS X and Linux. Performance is impressive: we copied a 2.5GB test file over a VPN link to a LAN system at an average of 7MB/sec - although we did see appliance CPU utilisation hitting 98% during the operation.

There are plenty of monitoring tools, too. The web console provides graphs displaying hardware, WAN/LAN utilisation and active users, and keeps logs of every activity. Firms with multiple sites will love the free MyKerio web portal service, which provides full remote access to each appliance's web console. The NG100 is probably the smallest UTM appliance you can buy, but it's no lightweight. It offers features that would put more expensive appliances to shame.

This review was originally published in PC Pro issue 262.

Verdict

The NG100 is probably the smallest UTM appliance you can buy, but it’s no lightweight. It offers features that would put more expensive appliances to shame.

1.33GHz Intel Atom E3825 4GB DDR3L 32GB mSATA 3 x Gigabit Ethernet USB 2 USB 3 HDMI RJ-45 console External PSU Kerio Control and Web Filter Sophos AV 1yr standard warranty

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

What is cloud-to-cloud backup?
cloud backup

What is cloud-to-cloud backup?

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

26 Feb 2021