IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Kerio Control NG100 review

A compact unified threat-management appliance that’s ideal for small or remote offices

Price
£389
  • Robust set of features; Strong web filtering rules;
  • No SSL VPN support;

Kerio's Control NG100 is the smallest UTM appliance we've ever seen, but the manufacturer has managed to pack plenty into this palm-sized slab of steel. It runs the full version of Kerio's Control software, providing SPI firewalling, IPsec VPNs, IPS, deep-packet inspection and bandwidth management. In addition, you also get Kerio's own Web Filter service and Sophos' gateway antivirus.

It's good value, too: inside beats a dual-core 1.33GHz Atom CPU, with 4GB of DDR3L RAM, 32GB of mSATA storage and three Gigabit ports. The 389 price includes a one-year licence for all software and signature updates. After this period, the maintenance cost is 122 per year, which includes updates to the Control, Sophos AV and Web Filter services.

The NG100 is aimed at small firms and remote offices, but you don't have to count seats too carefully, as the licence is for unlimited users. The only limitation is the bandwidth of the hardware itself: Kerio claims a UTM throughput of 30Mbits/sec.

Installation was swift: the web console's activation wizard automatically sorted out internet access and created a base set of firewall rules. It assigned WAN duties to the first Gigabit port, and grouped the other two together as a LAN switch along with DHCP services. If you prefer, these ports can be configured separately, each with their own firewall rules and DHCP services, and given separate weightings for traffic prioritisation.

Setting up the firewall was easy: we had no problem choosing from the extensive list of predefined services, selecting sources and destinations and applying block or allow actions to the traffic. IPS is handled by the well-respected Snort, which can be enabled for all traffic with a single click and updated automatically every hour.

The web-filtering service recognises 150 categories of site, which you can blacklist or whitelist: it worked well for us, with none of our test URLs slipping through the net - save a few bingo sites. Kerio doesn't offer anti-spam services, but the Sophos AV scanner can be applied not only to HTTP and FTP traffic, but to SMTP and POP3 too, allowing the NG100 to provide some measure of mail protection.

The NG100 supports transparent and non-transparent HTTP proxy operations, and you can apply user authentication locally or via Active Directory. You can also use one of the LAN switch ports to host a separate guest network: in this mode, the NG100 automatically sets up DHCP services and configures a firewall rule to allow guest internet access. When users first connect, they're sent to a customisable welcome page, which is hard-coded to block access to the rest of the LAN. But add an AUP to the welcome page, and the web filter doesn't apply to guest traffic.

The NG100 doesn't support SSL VPNs, but Kerio's proprietary VPN server is easy to configure. All we had to do was enable the service, choose the default certificate, and activate the predefined firewall rule to allow inbound VPN access. Control VPN clients are available for Windows, OS X and Linux. Performance is impressive: we copied a 2.5GB test file over a VPN link to a LAN system at an average of 7MB/sec - although we did see appliance CPU utilisation hitting 98% during the operation.

There are plenty of monitoring tools, too. The web console provides graphs displaying hardware, WAN/LAN utilisation and active users, and keeps logs of every activity. Firms with multiple sites will love the free MyKerio web portal service, which provides full remote access to each appliance's web console. The NG100 is probably the smallest UTM appliance you can buy, but it's no lightweight. It offers features that would put more expensive appliances to shame.

This review was originally published in PC Pro issue 262.

Verdict

The NG100 is probably the smallest UTM appliance you can buy, but it’s no lightweight. It offers features that would put more expensive appliances to shame.

1.33GHz Intel Atom E3825
4GB DDR3L
32GB mSATA
3 x Gigabit Ethernet
USB 2
USB 3
HDMI
RJ-45 console
External PSU
Kerio Control and Web Filter
Sophos AV
1yr standard warranty

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022