Trying out Kerio 2.1.5

Hehe, while you “all” are talking of moving away from Sygate or Kerio, I have no intention.

Kerio seems easy. It is a rulebased firewall, so a user must know what must be allowed and very carefull of not allowing too much.
It is easy coming from Sygate knowledge, for a newbie maybe not as easy.
I will be back to Sygate, this is just an excursion to try Kerio. Sygate has excellent loggings I need. But no Kerio bashing from me.

I downloaded BlitzenZeus’s ruleset from
http://www.broadbandreports.com/forum/remark,8023708

You don’t need to add those rules manually, you can delete the default installation rules and then Load the BZ ruleset.

From experts a question. What is different in the BZ standard ruleset and the advanced one I loaded ? Which one should be used?

You need to basically allow unsafe Internet Explorer all the ports in Kerio since some sites use other TCP ports than 80.
If you want to use it. You can block it of course, a safe move if not an IE user.

In Sygate I can leave IE to ask basis, since as long as i am using it, SPF asks no more. But always when I have it not running, since IE was not configured to manual proxy for Avast webshield, I get asked.
So I actually feel safer with Sygate since I am not using IE browser !!!

Memory usage of KPF seems usually 6 MB whereas SPF is 7-10 MB, higher value if Application authentication is used.
Kerio icon is faster on systray than SPF, immediate. Nothing to say though about the actual service loading.

What is good with KPF and bad with SPF is that the latter defaults server right to all the applications. Of course they can and should be denied in SPF if not needed, but it is not very convenient.

With BZ rules KPF was stealth in Shields Up! test, whereas Sygate needs a little configuration like told in my html SPF guide link.

I will play a bit with Kerio before going back to SPF. Will report if any interesting features.
Do you know any free firewall that has as extensive logging abilities as Sygate? Would be interesting to try as well.

Jarmo

Threads like this one will just unbelievable help to all those which comes into these forums with always same questions: " Which firewall is the best to use with avast! ?"

There is no “best firewall” out there, each one has something good and something bad in itslef… but reviews like this one JarmoP started are unbelievable helpful and I’m sure people have a chance to build their picture about all those firewalls…

We should have this thread sticked to the top of this part of the forum, and build it with helpful reviews just like JarmoP did.

Thanks for your effort JarmoP ! It would be very nice if we hear some more reviews on other firewalls and their behaviour…

Regards !

Kerio 2.1.5 has a vulnerability. It lets some fragmented files through (or something). As I’m not much of an expert on Kerio, take a look here http://www.dslreports.com/forum/remark,11787449~mode=flat

Will VisualZone do this job with ZoneAlarm (free)?

Visual Zone: http://visualize.phenominet.com/

Using rules setup by someone else is not a smart thing to do.
Each system is different, each user is different.
When setting up a firewall there is only 2 rules to follow:

  1. Close ALL ports and only open those who are really needed.
  2. Someone with knowledge should setup the firewall.

If someone still wants Kerio as firewall (it’s not free anymore after this years end), I suggest to get a hardware firewall.
Best is a router with a decent build in firewall.

Using rules setup by someone else is not a smart thing to do. Each system is different, each user is different. When setting up a firewall there is only 2 rules to follow:
  1. Close ALL ports and only open those who are really needed.
  2. Someone with knowledge should setup the firewall.

As far as I can see BZ ruleset does not allow much. He is a Kerio guru and many use his basic rules. Just needed DHCP and DNS rules and few ICMP ones.

I of course had to made rules for my Thunderbird, Browsers, Yahoo messenger and Skype. These have added been so far and it was a breeze to setup.
With YM i allowed bothways connections, knowing that it needs also server access when someone contacts me. But Kerio would have prompted me when that would have happened anyways.

Do you know Eddy if they are going to remove free Kerio 2.1.5 from Broadbandreports site to be downloaded?
http://www.broadbandreports.com/forum/kerio

Kerio will not be free anymore and as it looks now, noone will be allowed to offer a old version of it.

Speedwise, judging from the test I usually use
http://www.adslguide.org.uk/tools/speedtest.asp
as well as from the general behaviour, I saw no speed reduction.
Neither I saw that in Sygate. Both firewalls are fast.

I have a 2 MB/512 kbits cable modem connection.

Interestingly with Firefox using Webshield with manual configuration, I had to allow webshield beside port TCP 80 also port 8080 TCP in that site, otherwise got a ‘no data’ popup.
I propably had allowed that with Sygate too.

Will VisualZone do this job with ZoneAlarm (free)?

Visual Zone: http://visualize.phenominet.com/

I have never used ZA free or Pro, but I think that program only can show blocked events? Sygate logs everything. All the connections. So if I have allowed too much I can see what to block as well as to see where my computer connects, beside the basic site. There is usually much that goes behind the surface when surfing :stuck_out_tongue:

For me ZA is a bit limited, I need to have advanced rules specific ports etc., even if in practice for most users ZA should be just fine.

Jarmo, did you try Outpost free? I think the hability of logging of the Pro version is very good.
Maybe the free one has these features too.

I might try that Tech. But they say it is old, the free one.
And I am a little bit afraid if I try too many firewalls, uninstalling them leaves remains in my computer. Want to go back to Sygate some day and see that it still works as it should :wink:

I really like Kerio so far, it has also logging abilities, though not as nice as SPF’s.

I have no idea but whenever I try Kerio 2.1.5, it can reckon no TCP connection, which makes it useless as a firewall. :-\

P.S. I found Spiritsong on this forum sent me a private message about the yahoo group on this app although I had known of the group, thank you, Spiritsong.

Outpost free is getting a little long in the tooth, but surely no older that what you are contemplating in Kerio 2.1.5?
The free version does still have extensive logging.
I would probably have stayed with the free version had I not got a lifetime upgrade deal for a single years payment on the Pro version.
Even with its age is was quite a good firewall and my only snag was stealth the local monitoring of the pop3 110 and 25 smtp ports by the avast Internet Mail provider, kept showing up as closed. This however, wasn’t a real problem because any access attempts were dropped, but you system was visible and could in theory lead to further probing even though the remaining ports were stealthed.

Well, Eddy, I am back to SPF. Kerio was fine, worked well.

Only thing I had problems with was if BZ rules, those few, if I allowed too much?
I could never figure out what to restrict, regarding DHCP and DNS?

So I have to say I am satisfied with Sygate, and sure understand why some people like ZA too. To be able to have an understanding about what they use.

But I really liked Kerio, only could not be sure if I allowed too much in BZ template. Never knew what really to substitute in there. The real Kerio firewall after that basics was a nice one for me. Just basics too much, hehe.

I am back to Kerio.

I restricted DNS to my ISP server IP’s.

Any expert to tell if this is good:
I disabled ‘Standard Loopback’ rule of BlitzenZeus and all works fine. I have webshield protection working :wink:
I thought I can disable it cause it is an allowance rule and all works, but not sure.

Should I use that ‘Unrestricted DHCP(Log)’ rule or specify my ISP’s DHCP server?
I already read somewhere that I should be able to restrict it to svchost.exe only.

I am running a cable modem connection.

Jarmo

DHCP is now restricted too to my ISP’s one. UDP out also to address 255.255.255.255.

With this very tight setup I have now, maybe Windows automatic updates don’t work. Will see next week when MS patches arrive :wink:

I found this handy log viewer that works at least with Kerio 2.1.5:
http://eskapism.se/software/?page=tinylogger

Edit: That log viewer needs to be started with “Run as …” to an admin user account. With limited account it must be stopped from Task Manager.