April 02, 2009, 12:14 PM — Kerio, a small software company specializing in e-mail servers and software firewalls, has been around for years and years. You probably don't know them, but your IT consultant or preferred reseller certainly should. Their new Kerio WinRoute Firewall 6.6 that just started shipping can do more than Windows ISA for less money, always a combination worth investigating.
Windows renamed ISA a few years ago to mean Internet Security and Acceleration, but some resellers find that hard to accept. Meet Thomas Meriam from F1 Experts in New Jersey. F1 Experts is a certified Microsoft Windows reseller, but all their hard work brought them to naught for a customer. That's when they called Kerio.
“We have a customer with five locations, and they needed to link them all into one network. We tried with Windows ISA and couldn't make it work because of all the bugs and problems,” said Meriam. “We tried Kerio and got the five sites up with no sweat, right away.”
Since three of four small businesses have more than one location, multi-site networks shouldn't need black magic to set up. But this point illustrates the constant battle between the bundled approach and the best in breed approach. Do you take what's in the bundle, in this case Windows Server with ISA, or do you buy the best tool for the job?
Technically, ISA isn't bundled, because it costs extra. Meriam said a stripped down version of ISA is bundled with Microsoft's Small Business Server, but “a useful version costs about $1000 for the standard version and $2500 for the enterprise version.” That's not what I call bundled.
Kerio WinRoute Firewall 6.6 costs $329 for ten users, or $395 if you include McAfee Anti-Virus. You also have to provide a PC running Windows to run the software and nothing else.
“We build our own server box for Kerio so we can replace it quickly if needed,” said Meriam. While the Kerio software runs on a Windows box, the Virtual Private Network clients run on Windows, Macintosh, and Linux systems. Compare that to Microsoft's ISA, that support all clients that say Windows, but no clients that say otherwise. And unlike some vendors that charge extra, Kerio includes VPN clients as part of the package.
Finally, getting a security product configured can include much cursing and hair pulling. Not Kerio, according to Meriam. “We have to spend a lot of time with ISA preparing the machine for things that Kerio does automatically. Kerio also includes extra filtering that ISA doesn't allow. In fact, there are whole sections of custom rules in Kerio, such as a quick way to stop users from downloading any executable files from Web sites.”
Kerio's WinRoute Firewall 6.6 certainly meets the “does more with less” mandatory buzzword now in vogue. It also supports non-Windows clients. If your IT provider doesn't know Kerio, tell them to get acquainted.