IT Security

Kerio Control is an award-winning UTM firewall designed to protect businesses from a comprehensive range of invasive and crippling corporate network threats.


Comprehensive Network Protection

Intrusion Prevention System
  • Signature based packet analysis
  • IP blacklisting
  • Rule management
  • Password guessing protection
  • Content filter
ICSA Labs Certified
  • Industry accepted standard test criteria
  • Corporate level criteria – enforces default security policy immediately after installation
  • Secure access remote administration – all changes to security policy are logged
Application layer and network firewall
  • Create inbound and outbound traffic policies.
  • Protect servers without the need for a DMZ through application-friendly NAT traversal.
  • Perform stateful packet and protocol inspection and logging.
  • Manage complex networks with VLANs
Sophos antivirus protection
  • Filter viruses and worms from incoming and outgoing traffic.
  • Simplify deployment with integrated Sophos engine.
Kerio Control Web Filter
  • Block access to websites with harmful or inappropriate content
  • 141 different categories of web content
  • Apply categorization to traffic statistics
Dual VPN server
  • IPsec VPN and Kerio VPN
  • Ensure availability with VPN tunnel failover
  • Securely connect with 3rd party firewalls in branch offices
  • iOS and Android mobile device connectivity


User-Based Access Control

Protecting your corporate network from crippling network threats is vital, but it doesn’t guarantee employee productivity. Distractions lurk behind every YouTube link and banner ad. You need a simple and effective tool for minimizing those distractions. Kerio Control gives you precise power to allow, deny, and report usage statistics on specific traffic types for each user and user group.

Manage Users

Policy-based user access

  • Integrate with Active and Open Directory for simplified password management.
  • Monitor and restrict Internet access based on user login.
Monitor Traffic

Kerio Control Statistics and detailed traffic charts

  • View real-time charts of employee activity by traffic type, dscp value, and more.
  • View on-demand or automated email reports on individual or group Internet activity, down to the search engine keywords.
  • Quickly identify bandwidth bottlenecks and Internet abuse.
Restrict Connections

P2P Eliminator

  • Minimize liabilities and prevent data leakage and harmful downloads from peer-to-peer (P2P) networks.
  • Utilize multiple technologies including port blocking, payload analysis and behavior analysis to adapt to evolving P2P applications.
Block Applications and Web Content

Kerio Control Web Filter

  • Block access to websites with harmful or inappropriate content
  • 141 different categories of web content
  • Apply categorization to traffic statistics

Application protocol recognition

  • Block applications based on protocol, regardless of port


What is QoS (Quality of Service) and Traffic Shaping?

It’s all about priority. Kerio Control’s QoS tools allow you to easily prioritize and monitor network traffic to guarantee high speed for the most important traffic types. With easy-to-use traffic shaping tools, DSCP rules, and load balancing flexibility, Kerio Control provides you with the ability to throttle up speeds for essential communications like VoIP or video conferencing while limiting the bandwidth consumed by your company’s YouTube addicts. But it’s more than a bandwidth manager. With built-in failover redundancy, it’s a full service Internet connection management system with true Quality of Service.

Link-load balancing & connection failover
  • Expand network bandwidth by combining multiple Internet connections.
  • Increase upload and download speeds.
  • Improve the performance of high bandwidth services, such as VoIP or video conferencing.
  • Maintain connectivity for critical applications (email, SQL, web)
  • Automatically switch to a second Internet connection in event of an Internet connection outage.
Traffic shaping
  • Guarantee bandwidth for high-prioritiy traffic types.
  • Restrict bandwidth for low-priority traffic types.
  • Create rules by user/group, specific protocol, DSCP value, and more.

Monitor bandwidth usage with real-time charts.


Flexible Deployment and Administration

Deploy as software or hardware.

This UTM firewall puts the choice in your hands. Install it on any box as a bare-metal install using the ISO software appliance, or drop it into a virtualized environment one of the ready-to-run virtual appliances. Download and try any of these options free for 30 days. Or skip the software/virtual installation all together and go with either of Kerio Control’s fully loaded solid state hardware appliances.

Web-based firewall administration

Kerio Control’s fully functional web-based administration interface helps you easily configure your UTM firewall settings no matter which deployment option you choose. IP tools enable admins to easily check status of their network. With a fully customizable dashboard GUI, you can monitor system health, traffic charts and more, all from one screen. Quickly and securely access security settings, user management, traffic policies, bandwidth management rules and more, from virtually any desktop web browser – even from your iPad. Automatic backup configuration to ensures valuable configuration does not get lost.

Web Admin Dashboard
IPv4 and IPv6 support

The transition from IPv4 to IPv6 is inevitable. It won’t happen overnight, but native IPv6 adoption has grown over 500% since 2009 with no signs of slowing down. Organizations need to plan and test thoroughly, and be ready to adopt IPv6 when the ISPs are ready to deliver it. Kerio Control is ready when you are, providing simultaneous IPv4 UTM protection and stateful firewall support of IPv6 with HTTP protocol inspection and IPv6 Stateless Address Autoconfiguration (SLAAC) support.

SNMP protocol support

Kerio Control supports Simple Network Management Protocol so any of the firewall´s essential state information can be accessed over the standardized interface of SNMP protocol. There are plenty of free or commercial SNMP monitoring tools available that allow admins to manage switches, routers, modems and other network elements within a single application.


Kerio Control Box

Kerio Control UTM software in a performance optimized hardware appliance.

Kerio Control Box incorporates specially selected hardware components ideally suited to ensure the performance of Kerio Control software.




Users Included 5 users 5 users
Software Kerio Control with Sophos Anti-Virus and Kerio Control Web Filter
Chassis Desktop – fan-less design 1U Rack Mount Unit
Dimensions (in/mm) 9.8 x 7.6 x 1.6 in / 250 x 194 x 40 mm 16.8 x 10.7 x 1.7 in / 426 x 272 x 44 mm
Weight (lb/kg) 4,4 lb / 2.0 kg 15 lb / 6.8 kg
Ethernet 6 x 10/100/1000 RJ-45 8 x 10/100/1000 RJ-45
Other ports 2 x USB 2.0, 1 x RJ-45 console port 2 x USB 2.0, 1 x RJ-45 console port
Power input 40W 200W
Hard disc drive 32 GB SSD 32 GB SSD
Memory 4 GB 4 GB DDR3 1333 SDRAM
Processor Intel Atom Dual Core 1.8 Ghz Intel Core i3-2120 3.3 GHz
Warranty Standard 1-year warranty Standard 1-year warranty
IPS 90 Mbit/s  600 Mbit/s
Antivirus 50 Mbit/s 190 Mbit/s
UTM 40 Mbit/s 190 Mbit/s



Technical Specifications

Kerio Control 8.2

Firewall and Router

Simultaneous IPv4 and IPv6 support
802.1Q VLAN support
Connection tracking (SPI)
Connection Limit
Protocol Inspection
Traffic Rules Configuration Wizard
DHCP server
DNS forwarder
IDS/IPS (Snort based)
Kerio Certified IDS Signatures
IP Blacklists
Three severity levels

Historical analysis
Individual, Group, Entire Network Internet usage reports
User based reports
Bandwidth utilization
SNMP monitoring
Kerio Control Web Filter Reports
External Logging to Syslog
Email Alerts
Web site usage
Protocol usage
Browser based activity
User Authentication

Kerberos/Active Directory/Open Directory
NT Domain
Web login
Proxy Server authentication (for Terminal services)
NTLM authentication
Virtual Private Networking

Split tunnel support
Windows / Mac OS / Linux clients
VPN Client can run as service
User based authentication
IPsec support for VPN clients & tunnels
Multiple tunnels (site to site)
NAT and traffic rules

Pre-configured services
User based traffic rules
Time based rules
NAT Mapping
Group Based rules
Dynamic DNS
MAC filtering
Blacklist in IDS/IPS
Rule Exemption Capability
Content Filtering

Time interval restriction
P2P Eliminator
URL Categories
Custom denial page
Administrative alerts
Custom URLs
Forbidden Words
FTP Policy
Proxy server
URL White-listing
Sophos Antivirus Filtering
Load Balancing and QoS

Supports multiple Internet links
Policy based routing
Implicit failover
Bandwidth Management and QoS Configuration

Web-based administration
Administration Dashboard
Multiple IP addresses on a single network interface
Customizable routing table
Variable Level Administrative Rights
Update Checker Option
Configuration Export/Import
Active Directory Integration
Open Directory Integration
Local User Database
Domain Template for default user configuration
Auto Logout after Timeout
Configurable Time Ranges for groups
Multi-Language Support
Chinese (Simplified)

ICSA Labs Certified – Corporate Firewall
System Requirements

Software Appliance

CPU: 500 MHz
Memory: 1.5 GB RAM
Hard drive: 8 GB HDD space for OS, product, logs and statistics data
Network interface: 2 Ethernet (10/100/1000 Mbit)
HW: Kerio Control is based on Linux kernel version 3.2. Hardware supported by this kernel is required. For list of supported hardware see e.g.
VMware Virtual Appliance

VMware hypervisor
VMware Workstation 8.0 or 9.0
VMware Fusion 4.0 or 5.0
VMware Player 4.0 or 5.0
VMware ESX 4.1
VMware ESXi / vSphere Hypervisor 4.1, 5.0 or 5.1

CPU: 2 GHz
Memory: 1.5 GB RAM assigned to the virtual machine
Hard drive: 8 GB assigned HDD space for OS, product, logs and statistics data
Network interface: 2 assigned virtual network adapters
Hyper-V Virtual Appliance

Hyper-V hypervisor
Windows Server 2012 R2
Windows Server 2012
Windows Server 2008 R2

CPU: 2 GHz
Memory: 1.5 GB RAM assigned to the virtual machine
Hard drive: 8 GB assigned HDD space for OS, product, logs and statistics data
Network interface: 2 assigned virtual network adapters
Kerio VPN Client

Operating systems:
Windows 8.1 (all editions except RT)
Windows 8 (all editions except RT)
Windows 7 (all editions)
Windows XP (all editions)
Windows Vista (all editions)
Windows 2000 Professional
Windows Server 2012 R2 (all editions except Core)
Windows Server 2012 (all editions except Core)
Windows Server 2008 R2 (all editions except Core)
Windows Server 2008 (all editions except Core)
Windows Server 2003 R2 (all editions)
Windows Server 2003 (all editions)
Windows Server 2000 (all editions)
*Latest service pack and up to date security patches are required unless otherwise stated.

Operating systems:
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
*Latest updates are a requirement unless otherwise stated.

(32-bit editions and 64-bit editions with multiarch i386 libraries are supported)
Operating Systems:
Debian 7
Ubuntu 12.04 to 13.10
IPsec VPN client devices

Android 4
Apple iOS 6 and 7
Client Web Browsers

Basic User Login/Logout
All HTTP(S)-compliant web browsers including mobile browsers are supported.

Kerio Control Administration and Kerio Control Statistics
CPU: 1 GHz (2.4GHz dual-core for best performance)
Memory: 1 GB RAM (512 MB on Windows XP with Firefox or Google Chrome)
Microsoft Internet Explorer 7 to 11
Firefox 3.5 and newer
Safari 4, 6 and 7
Google Chrome 8 and newer

Kerio Control Administration, mobile devices
Apple iPad (iOS 5 and newer)
Android 4



1. What’s included with a new purchase?
Kerio products are licensed as a server license plus user licenses. The server license includes 5 users. Additional user licenses are sold in packs of 5 users. A new license purchase comes with a 1-year Software Maintenance contract, valid from the registration date, entitling the user to product updates for the first year. An annual Software Maintenance renewal is required to continue receiving product updates after the first year.

For sales in Russia, please be aware that product updates provided to a customer who has purchased a FSTEK-certified version of any Kerio product may not be FSTEK certified.

2. Optional features
Kerio Connect and Kerio Control are offered with integrated Sophos Anti-virus as an option. Kerio Control also includes the integrated Kerio Control Web Filter for enhanced web content filtering as an additional licensing option.

Exchange ActiveSync protocol is available as an optional paid service of Kerio Connect.

3. How are users counted?
For all intents and purposes, in all Kerio products, a user is a person. There are some slight variations in how a user is defined in each product as specified below.

Kerio Connect
A user is a mailbox. The number of user licenses needed is the total number of user mailboxes created in Kerio Connect across all domains. The number of aliases, mailing lists, domains, groups or resources is not limited and does not count toward the license.

Kerio Control
A user is an account with login access to Kerio Control and its services. An individual user can connect from as many as 5 devices represented by an IP address, including VPN clients, mobile devices, IP phones, desktop computers, etc.

If an individual user needs to connect from more than 5 devices, an additional user license will be required to support the additional devices.

To ensure all users are able to access the network securely and be adequately protected, it is required that a license be purchased for each user that will need to login to Kerio Control, including guests to the network.The admin account does not count as a user.

Kerio Control Web Filter
The number of users in the Kerio Control Web Filter must correspond to the number of users in the Kerio Control license.

Kerio Operator
A user is an account with login access to Kerio Operator and its services. The license key limits the number of users. The total number of extensions is also limited to at most three times the number of licensed users.

4. EDU/GOV Licensing
Customers from the education sector are entitled to special EDU pricing. Discounted GOV pricing is also available to non-profit or government organizations. Please contact sales for pricing information.



1. Why purchase Software Maintenance?
Access to the latest version of the product
Protection against the latest security threats
Take advantage of the newest technology available
No financial surprises when new versions are released

2. How Software Maintenance works?
Software Maintenance entitles the license holder to all product version updates free of charge throughout the duration of the Software Maintenance term.*
Initial software license purchase comes with 1 year of Software Maintenance valid from the registration date. 1 additional year of Software Maintenance may be purchased at the time of initial license purchase for a maximum of 2 years of Software Maintenance.
1 year of additional Software Maintenance may be purchased at any time, provided there is less than 1-year remaining on the current Software Maintenance term.
Up to 2 years of Software Maintenance may be purchased on the Software Maintenance renewal date.
Software Maintenance should be bought and registered before expiration.
When Software Maintenance is registered after the expiration date, the Software Maintenance period is extended by exactly 1 year from the expiration date.
Start date is the date when the product was originally registered via the Kerio web page or in the product’s administration interface.
* Note: For sales in Russia, please be aware that product updates provided to a customer who has purchased a FSTEK-certified version of any Kerio product may not be FSTEK certified.

3. What happens if my Software Maintenance expires?
It is still possible to use the product, but you will not be able to upgrade past the last version released when your Software Maintenance was still valid.
Integrated Sophos Antivirus in Kerio Connect and Kerio Control will stop working 60 days after SWM expiration.
Kerio Control Web Filter will stop working.
IPS/IDS engine in Kerio Control will not receive new rule updates.
Exchange ActiveSync in Kerio Connect will stop working.
Expired Software Maintenance can be brought up to date by purchasing missed years.
We strongly recommend renewing your Software Maintenance to be protected from all security threats, including the newest and most dangerous ones.

4. Software Maintenance Pricing
The cost of Software Maintenance for 1 year is approximately 33% of the current new license price.

5. User count increase and Software Maintenance
When you increase the number of users on your license, these additional users will be covered by Software Maintenance until the server product expiration date.

6. How do I register my Software Maintenance?
After purchasing Software Maintenance, you will be given a registration key(s). You must register the key(s) either from the product or at our website.

If you received a single registration key which is the same as your original registration key, enter that in the first screen of the registration process and continue all the way through.

If you received a series of keys (none of which is your original key) you should enter your original key in the first screen of the registration process and in the next screen add the newly purchased registration keys.

7. Can I change or move a registered license to another system?
In some cases, you may wish to upgrade hardware or change operating systems. The license may be registered to another system, and any updates to the registration (e.g. operating system) will be performed during registration. Before registering a license on a new system, you must remove the license from the previous server by either uninstalling the software or taking the system permanently offline.

8. Are there any limitations to the software with a trial license?
All software versions of Kerio products are available as a fully functional 30 day trial for unlimited users. This includes add-on services such as the Sophos Anti-Virus and the Kerio Web Filter. When the 30 day trial expires, a valid license must be installed via the Administration interface to resume functionality.

Reference Materials

Kerio Control - Datasheet
Kerio Control - Datasheet
Kerio Control.pdf
481.8 KiB





 Some of Kerio clients