Hardware Routers vs. Kerio Winroute Firewall

    January 16, 2007

I had a call from a customer who already uses Kerio Mailserver. He had downloaded a demo of Kerio WinRoute Firewall and said he had a few questions.

The first was a small technical issue that he had actually already answered himself but just wanted confirmation that he had done the right thing. He had, so we moved on to his second question. That one was a little harder to answer..

“So how come you never told me about this? This is great software!”

Hmmm. Yes, it is great software. It’s powerful, it’s easy to use. I have customers using it and they like it a lot. So why don’t I push it? Why aren’t I talking it up?

Well, I guess I just haven’t found the right way to present this to people. In the past, I have mentioned this now and then, and the response almost always has been “Naaw, we’ll use a hardware router. That’s a lot cheaper and easier”.

Well, yeah, hardware routers can be cheaper and easier. You do need to dedicate a PC to WinRoute, and that cost alone would buy a pretty good router. Add the software cost of Winroute to that, and you are getting up into pretty expensive territory (relative to hardware routers of course).

But really it isn’t all that bad: a fifty user Kerio Winroute with all the bells and whistles runs about $2,400.00 initially and renewing yearly support and updates is only around $1,000.00. That includes McAfee antivirius scanning of SMTP, POP3, HTTP and FTP, remote VPN clients and content filtering. A hardware router with similar features is likely to be just as expensive, but again you can argue that a hardware appliance is easier.

But is it? While some of my clients have bought spare routers to cover hardware failure, most don’t, and it’s definitely a lot easier to find a PC and reinstall WinRoute than find your specific router – you won’t find an Enterprise class router down at your local Staples. There’s also the matter of upgrades: while hardware router manufacturers do release firmware upgrades, I’ve found customers tend to ignore those. Perhaps it’s because flashing a firmware upgrade can be more difficult than doing a software update on a PC, or maybe it’s just fear of the unfamiliar, but my experience shows that hardware appliances are more apt to be out of date. Understand that there’s no good reason or excuse for that, but that’s still what I see in the field.

Customers also tell me that the Winroute Administration Console is much easier to understand and use than the hardware appliance they used previously. There’s also the matter of support: if you buy WinRoute Firewall from me you are entitled to telephone and email support from both me and Kerio.

OK, really I should push this more than I do. It’s an excellent product. You can download a 30 day demo from Kerio (and I can get the demo extended if you need more time). I’m happy to help you set this up – I think you’ll agree that it really can be better than a dedicated appliance.

*Originally published at APLawrence.com

A.P. Lawrence provides SCO Unix and Linux consulting services http://www.pcunix.com