Kerio Control NG100 review

A compact unified threat-management appliance that’s ideal for small or remote offices

IT Pro Recommended
Price
£389
  • Robust set of features; Strong web filtering rules;
  • No SSL VPN support;

Kerio's Control NG100 is the smallest UTM appliance we've ever seen, but the manufacturer has managed to pack plenty into this palm-sized slab of steel. It runs the full version of Kerio's Control software, providing SPI firewalling, IPsec VPNs, IPS, deep-packet inspection and bandwidth management. In addition, you also get Kerio's own Web Filter service and Sophos' gateway antivirus.

It's good value, too: inside beats a dual-core 1.33GHz Atom CPU, with 4GB of DDR3L RAM, 32GB of mSATA storage and three Gigabit ports. The 389 price includes a one-year licence for all software and signature updates. After this period, the maintenance cost is 122 per year, which includes updates to the Control, Sophos AV and Web Filter services.

The NG100 is aimed at small firms and remote offices, but you don't have to count seats too carefully, as the licence is for unlimited users. The only limitation is the bandwidth of the hardware itself: Kerio claims a UTM throughput of 30Mbits/sec.

Installation was swift: the web console's activation wizard automatically sorted out internet access and created a base set of firewall rules. It assigned WAN duties to the first Gigabit port, and grouped the other two together as a LAN switch along with DHCP services. If you prefer, these ports can be configured separately, each with their own firewall rules and DHCP services, and given separate weightings for traffic prioritisation.

Setting up the firewall was easy: we had no problem choosing from the extensive list of predefined services, selecting sources and destinations and applying block or allow actions to the traffic. IPS is handled by the well-respected Snort, which can be enabled for all traffic with a single click and updated automatically every hour.

The web-filtering service recognises 150 categories of site, which you can blacklist or whitelist: it worked well for us, with none of our test URLs slipping through the net - save a few bingo sites. Kerio doesn't offer anti-spam services, but the Sophos AV scanner can be applied not only to HTTP and FTP traffic, but to SMTP and POP3 too, allowing the NG100 to provide some measure of mail protection.

The NG100 supports transparent and non-transparent HTTP proxy operations, and you can apply user authentication locally or via Active Directory. You can also use one of the LAN switch ports to host a separate guest network: in this mode, the NG100 automatically sets up DHCP services and configures a firewall rule to allow guest internet access. When users first connect, they're sent to a customisable welcome page, which is hard-coded to block access to the rest of the LAN. But add an AUP to the welcome page, and the web filter doesn't apply to guest traffic.

The NG100 doesn't support SSL VPNs, but Kerio's proprietary VPN server is easy to configure. All we had to do was enable the service, choose the default certificate, and activate the predefined firewall rule to allow inbound VPN access. Control VPN clients are available for Windows, OS X and Linux. Performance is impressive: we copied a 2.5GB test file over a VPN link to a LAN system at an average of 7MB/sec - although we did see appliance CPU utilisation hitting 98% during the operation.

There are plenty of monitoring tools, too. The web console provides graphs displaying hardware, WAN/LAN utilisation and active users, and keeps logs of every activity. Firms with multiple sites will love the free MyKerio web portal service, which provides full remote access to each appliance's web console. The NG100 is probably the smallest UTM appliance you can buy, but it's no lightweight. It offers features that would put more expensive appliances to shame.

This review was originally published in PC Pro issue 262.

Verdict

The NG100 is probably the smallest UTM appliance you can buy, but it’s no lightweight. It offers features that would put more expensive appliances to shame.

1.33GHz Intel Atom E3825 4GB DDR3L 32GB mSATA 3 x Gigabit Ethernet USB 2 USB 3 HDMI RJ-45 console External PSU Kerio Control and Web Filter Sophos AV 1yr standard warranty

Featured Resources

Humility in AI: Building trustworthy and ethical AI systems

How humble AI can help safeguard your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Leadership compass: Privileged Access Management

Securing privileged accounts in a high-risk environment

Download now

Why you need to include the cloud in your disaster recovery plan

Preserving data for business success

Download now

Recommended

What is AES encryption?
Advanced Encryption Standard (AES)

What is AES encryption?

30 Nov 2020
UK's Huawei 5G ban brought forward to September 2021
Security

UK's Huawei 5G ban brought forward to September 2021

30 Nov 2020
Hacker claims to be selling C-suite executives' Microsoft credentials
Security

Hacker claims to be selling C-suite executives' Microsoft credentials

30 Nov 2020
What are biometrics?
Security

What are biometrics?

27 Nov 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020