Kerio WinRoute Firewall sets new standards in versatility, security and user access control. Designed for corporate networks, it defends against external attacks and viruses and can restrict access to websites based on their content.

Stateful network firewall

The primary function of any perimeter firewall is to control outgoing and incoming network traffic based on the corporate security policy.

Kerio WinRoute Firewall offers detailed rule definition to perform stateful inspection of all Internet traffic and enforce the security policy. A network rules wizard assists in the rapid setup of the firewall.

Design
Kerio WinRoute Firewall is a robust network firewall operating at the TDI/NDIS layers of the OS. Its deep inspection technology applied on both incoming and outgoing communication helps provide the highest security possible to the entire local area network, and as well as the computer it is running on.

Traffic policy
Kerio WinRoute Firewall security is based on traffic rules which allow configuration of packet filters, NAT (network address translation), port mapping and access control easily from one comprehensible table.

The built-in configuration wizard radically simplifies the process of creating a set of necessary traffic rules. Setting-up the firewall and connecting the network to the Internet takes minutes.

Intrusion prevention system
A prerequisite of ICSA Labs security testing of corporate firewall products, Kerio WinRoute Firewall recognizes the most prevalent intrusion and hacker attacks. All security breaches are logged in the security log.

Anti-spoofing
Anti-spoofing is a component of Kerio WinRoute Firewall's packet filtering, providing further protection to the LAN against attacks where the intruder falsifies source IP addresses.

Firewall logging
A critical function of any security product is the ability to record events at all times in sufficient detail.

Kerio WinRoute Firewall offers a variety of different logs that encompass error reporting, debugging, user definition, status, web browsing, port probes and so on.

Logging can be set for any rule defined in the unified traffic rules table so the administrator has complete control over what communication passes through the firewall.

Protocol inspection
Protocol inspection helps certain applications with proprietary protocols (not originally designed with firewall negotiation in mind) to be used securely in local area networks. Many protocols can be scanned, filtered or modified, thus increasing firewall restrictiveness and reporting capabilities.

ICSA Labs Certification
Kerio WinRoute Firewall is certified against ICSA Labs' 4.0 criteria for Corporate Firewall Certification.

ICSA Labs is a respected independent authority setting quality standards for information security products. ICSA Labs firewall certification provides security and functional testing of firewall features and continuous testing for new vulnerabilities.

ICSA Labs Homepage

Kerio WinRoute Firewall Awards

	PC Magazine: October 6, 2008 Four and a half stars out of five and Editors' Choice
	SC Magazine: July, 2008 VPN Roundup Received four out of five stars
	CRN: July 23, 2007 Received five out of five stars
	Computerworld: April 2007 (Czech Republic) Kerio WinRoute Firewall 6.4 wins in the best Internet security category.
	Click! Magazine: September 2006 Received 4 out of 5 stars "Powerful solution at a fair price."
	SC Magazine: July 10, 2006 Awarded Highly Recommended
	CRN: November 1, 2004 CRN Test Center Recommended

Editor Rating	:
User Rating	:	Rating belum ada

VPN, VPN Client & SSL VPN

 Kerio's built-in SSL-based VPN server works in both client-to-server and server-to-server modes, allowing both branch offices and remote workers to securely connect to the corporate LAN. Clientless SSL VPN allows remote users to connect securely to the corporate network for file sharing from any computer with a browser and Internet connection.

For all business people traveling or working from home, connecting securely to the corporate network is simply an essential part of their life. With Kerio WinRoute Firewall, setting up a Virtual Private Network is almost effortless.

The Kerio VPN Server and Kerio VPN Client are an integral part of Kerio WinRoute Firewall secure remote access capabilities.

Using Kerio's VPN allows people to remotely connect to the IT resources such as file servers, database servers or even printers that are otherwise hidden behind a firewall and inaccessible to anyone outside the company offices.

Kerio VPN Server
Kerio WinRoute Firewall's built-in VPN Server allows companies to setup VPN networks in two different scenarios:

• server-to-server VPN
• client-to-server VPN

Client-to-server uses Kerio VPN Client for Windows.

Server-to-server VPN
Server-to-server mode is useful for companies that want to securely connect their branch offices and share common resources. This setup requires that a copy of Kerio WinRoute Firewall is running at each location to create a secure tunnel over the Internet and connect the sites.


 

Client-to-server VPN
Client-to-server mode will allow remote workers to securely connect to the corporate network with their notebooks and desktop PCs.
 

Kerio VPN Client
The Kerio VPN Client is a small and straightforward application that resides on a client PC. It runs on Windows 2000 and higher.


 

Clientless SSL VPN

Kerio WinRoute Firewall integrates a Clientless SSL VPN, that allows remote clients to access shared files on the local area network servers. Access to the files is possible using an ordinary web browser. No special client software is required.

Anti-virus gateway protection

Kerio WinRoute Firewall provides optional virus scanning of inbound and outbound email, web traffic, and FTP transfers. In addition to a version with integrated McAfee Anti-Virus, there are several other anti-virus options to choose from.

Kerio WinRoute Firewall provides optional gateway anti-virus control and checks the following inbound and outbound traffic:

• email (SMTP and POP3)
• web (HTTP)
• file transfers (FTP)

Having anti-virus installed at the perimeter of the local area network ensures that all Internet traffic is always scanned. For IT administrators, gateway antivirus scanning means the latest anti-virus definitions are updated to a single system which filters traffic, rather than relying on a large number of anti-viruses to be updated on individual desktops.

Dual Anti-virus control
With two different anti-virus engines running simultaneously, Kerio WinRoute Firewall provides double the protection against viruses. While one anti-virus vendor may be late with a virus signature, a chance that both will fail to catch a virus is significantly lower.

Kerio WinRoute Firewall offers a choice of using the built-in McAfee Anti-Virus, using one of supplied anti-virus plug-ins, or using a combination of McAfee Anti-Virus and one of the anti-virus plug-ins.


 

Kerio WinRoute Firewall
with McAfee Anti-Virus
With integrated McAfee, anti-virus settings are only firewall-related; setup is simple and straightforward, with no advanced configuration options required. Due to integration, there is no chance the server-side anti-virus and firewall components will ever conflict with each other.
 

Kerio WinRoute Firewall with antivirus plug-ins
Kerio Winroute Firewall supports the following top anti-virus products via plug-ins.

Antivirus	Vendor	Windows
AVG Server Edition	Grisoft
Clam Anti-Virus	ClamAV
NOD32	Eset Software
SAVI	Sophos
Symantec	Symantec
Avast! for Kerio	ALWIL Software
VisNetic AntiVirus	Deerfield

Virus protection for email
Kerio WinRoute Firewall scans all incoming and outgoing emails including all attachments. When the firewall detects a virus in an email message, the infected content is removed. If the virus is found in an attachment, the attachment is removed and a notification is added to the message.

Virus protection for the web
Kerio WinRoute Firewall scans content of all web traffic including HMTL pages for embedded viruses. Also, Internet downloads over HTTP and file tranfers over FTP protocol are scanned for viruses. Traffic from users connecting through KWF's built-in VPN server is also scanned.

Technology partnership with McAfee Security

Kerio Technologies Inc. partners with McAfee Security to deliver cross-platform virus protection including viruses for Windows, Linux and Mac OS X. Kerio WinRoute Firewall with integrated McAfee is updated with the latest virus definitions as often as every hour.

Surf protection

The integrated IBM Orange Web Filter option blocks users from accessing to up to 58 categories of web content, reducing legal liabilities for corporate and educational environments.

ISS Orange Web Filter^TM is optional component of Kerio Winroute Firewall for surf protection

Content filtering

Kerio WinRoute Firewall offers a variety of content security features such as MP3 music download blocking, filtering for potentially dangerous executable files or blocking of annoying pop-up windows. The P2P Eliminator automatically detects and blocks peer-to-peer networks such as Kazaa.

P2P Eliminator
Peer-to-peer networks (P2P) such as Kazaa, eDonkey or DC++ can overload Internet bandwidth, expose confidential data, allow malware to infiltrate the network, compromise security compliance, and impose legal liability for illegally sharing copyright material.

Kerio WinRoute Firewall applies a combination of port, payload and traffic behavior analysis to block P2P traffic that go through known and unknown P2P ports, well-known ports such as port 80 and encrypted data.

Administrator-defined restricted pages
Administrators can create a custom list of web pages that users are not allowed to view. See also (IBM) ISS Orange Web Filter for comprehensive surf protection.

HTTP filter with pop-up window blocker
HTTP filtering allow administrators to define filters for ActiveX and JavaScript content, ensuring that no potentially malicious code gets through the firewall.

With HTTP filtering, the firewall can block annoying pop-up and pop-under advertising windows for users surfing the Internet.

FTP filter and inspector
Similar to HTTP filter rules, FTP rules can also be applied to restrict access to FTP servers on the Internet. Access can be restricted to file transfers between the permitted FTP server and the client. Kerio WinRoute Firewall can inspect FTP traffic and permit or deny specific FTP commands.

User-specific access management

Each user in the network can be required to log in to Kerio WinRoute Firewall before connecting to the Internet. That allows for restrictive security and access policies to be applied based on the specific user, rather than the IP address. Transparent Active Directory support simplifies user account mapping to Windows domains, and an auto-add feature allows for creation of user-specific policies before users authenticate.

The fundamental step in maintaining a secure network environment is the creation of an Internet access policy. Kerio WinRoute Firewall allows administrators not only to create a general Internet traffic policy for the local area network, but also define and enforce Internet access restrictions for each individual user.

User management
With Kerio WinRoute Firewall, a "user" is defined in the following ways:

• individual user name with password
• user group
• IP address or computer name
• entire network

Individual users may be forced to log in to Kerio WinRoute Firewall before they are allowed to access the Internet.

Managing users through internal user database
User accounts can be stored either in an independent Kerio WinRoute Firewall's internal user database or in a remote Microsoft Active Directory server. Both databases can also run concurrently.

Managing users through Active Directory
Introduced in Windows 2000 Server, Active Directory allows administrators to centrally manage and share information on user accounts and network resources. Active Directory allows different services to access user information from a single location.

Support for Active Directory allows Kerio WinRoute Firewall to access this user database in real time and authenticate users without storing passwords locally. There's no need to worry about synchronizing passwords for each user at the firewall. Any changes made in Microsoft Active Directory are automatically reflected in Kerio WinRoute Firewall.

Transparent Active Directory
Kerio WinRoute Firewall gives administrators who manage multiple domain environments the power to configure one or more domains. Rather than having to manually import Active Directory user accounts into the WinRoute database, Transparent Active Directory simplifies the way user accounts are mapped to Windows domains, so those users are automatically known to the firewall.

Once a domain is properly configured, the user accounts in that domain are automatically visible to WinRoute, allowing administators to manage traffic policy and content filtering configurations for individual Active Directory user accounts in that domain transparently.

Access rights management
The administrator can assign different restrictive access rights to each user. For example, some users can only access internal webpages, while others can use only email. These rights are configurable according to a schedule so that they may be applied only during specified time intervals.

User traffic quota
Some users download a lot of files, listen to Internet radios, and share family movies with others. Excessive Internet browsing by one user often affects the usability of the Internet connection for the rest of the team.

To put a cap on heavy users, administrators may impose user traffic quotas. Administrators have a few options:

• quota for upload, download or both
• quota per day or per month
• or any combination of the above

When the quota is reached, Kerio WinRoute Firewall will send an email warning to the user and the administrator. Optionally, Kerio WinRoute Firewall can block the guilty user for the rest of the day or month.

Fast Internet sharing

Support for DSL, cable modems, ISDN, satellite, dial-up or wireless Internet allows administrators to deploy Kerio WinRoute Firewall in networks of all sizes and in all locations. Users can share one Internet connection with fail-over to a backup connection. Administrators can use the Bandwidth Limiter to optimize the data throughput for business critical applications.

Link-load balancing
Eliminate bottlenecks and increase capacity. Combine multiple Internet connections to create larger bandwidth.
Learn more...

 
Bandwidth Limiter
Use Bandwidth Limiter to optimize data throughput for business-critical applications such as VoIP or video conferencing.

Throttle users who download large files to ensure that other users are not affected. Limit upload and download speeds for users who exceed their configured daily or monthly quotas.

Connection fail-over
Maintain 100% connection uptime. Keep vital applications available with active/passive or active/active Internet failover.

With active/passive failover, automatically switch to a backup connection when the primary Internet connection is down. Use any network or modem adapter for a backup connection. Automatically re-enable the primary connection when restored.

For active/active failover use link-load balancing.

Supported Internet connections
Support for DSL, cable modems, ISDN, satellite, dial-up or wireless Internet allows users to deploy Kerio WinRoute Firewall in networks of all sizes and in all locations. All users can share one a single Internet connection.

NAT and Proxy server
Internet sharing is made possible by two different technologies: network address translation (NAT) router and proxy server.

The NAT Router gives transparent Internet access to all computers in local network and works great with almost any protocol. Using NAT, there's no need to modify settings on each computer.

The Proxy Server stands in for a client computer at the remote host. Due to its complexity only a handful of protocols are supported by proxy technology. In exchange, the proxy server provides advanced features such as authentication and user based access control.

DNS forwarder
The built-in DNS forwarder accelerates DNS queries generated every time a user wants to access a website. It forwards DNS queries to a chosen DNS server on the Internet and stores the recent results for a specified time. Subsequent repeated queries are therefore answered immediately.

DHCP server
The DHCP server in Kerio WinRoute Firewall assigns IP configuration parameters to each computer in the local area network, thus rapidly simplifying network administration.

HTTP proxy cache server
The Built-in transparent HTTP proxy server caches content for web browsing at blazing speeds. Kerio WinRoute Firewall can store web pages in the local cache file for a limited time to conserve bandwidth. Exclusions can be set for certain websites so they are not cached at all.

Dial on Demand
For networks with dial-up, VPN, ISDN, PPPoE or any other connection type using Windows' Remote Access Service (RAS), Kerio WinRoute Firewall can connect to the Internet every time a user places an Internet request.

Kerio WinRoute Firewall can dial-up Internet automatically every time there is outgoing network activity (demand dial), or on a special request from the Kerio WinRoute Firewall Administration Console or the Web Interface (manual dial). It can also automatically connect at a specified time (scheduled dial).

VoIP and UPnP support

Kerio WinRoute Firewall allows H.323 and SIP protocols to connect through it, eliminating the need to publicly expose the VoIP infrastructure to the Internet. Also, it integrates UPnP technology so that compliant applications such as MSN Messenger run instantly without requiring additional configuration at the firewall.

It has always been difficult to deploy IP telephony in firewall-protected networks since VoIP protocols were not designed to easily traverse the firewall.

Kerio WinRoute Firewalls supports various VoIP-based hardware or software such as Cisco IP Phone 7960, IP SoftPhone, CallManager, Gatekeeper, SIP Proxy Server, Interactive Voice Response, Cisco Unity Voice Mail, etc.

H.323 and SIP
Kerio's protocol inspection modules help the firewall correctly handle VoIP phone and video communication. Kerio WinRoute Firewall allows all VoIP devices using either H.323 or SIP protocol to be used in the protected network and therefore eliminates the need to publicly expose the VoIP infrastructure to the Internet.

Cisco SCCP
If a company wants to take advantage of VoIP devices in Cisco AVVID environment, Cisco's Skinny Client Control Protocol (SCCP) is used for establishing communication between an IP Phone and Cisco CallManager. The firewall of course needs to recognize it and understand the information passed within these signalling messages.

Kerio WinRoute Firewall automatically detects SCCP protocol and perfoms NAT for address translation between the IP phone and Cisco CallManager. Since Kerio WinRoute Firewall performs dynamic IP address translation, an administrator does not need to manually configure an IP address within NAT for each IP phone.
 

UPnP support
Universal Plug and Play (UPnP) in Windows enables applications to communicate without additional settings at the firewall. Kerio WinRoute Firewall integrates UPnP technology so that compliant applications such as MSN Messenger can run instantly without hassle.

Internet monitoring

Web-based reporting of Internet usage to help employers and administrators spot problems, manage employee productivity and prevent liabilities.

The problem that networks of all sizes potentially face is internet abuse. Employees may be using up Internet bandwidth for non-work related Internet activity which can be very costly to employers. Non-work related Internet activities can also affect employee productivity, and expose the network to security issues and liabilities from illegal Internet activity.

Stop Internet abuse
Managers can easily understand how bandwidth is being used, help maintain employee productivity and prevent company liabilities.

	Each report can be customized by user and desired time ranges.
	Information are presented in high detail but in a simple and practical format.

View:

Link-Load Balancing

Use multiple connections simultaneously. Maintain business-critical application performance and availability.

Eliminate Bottlenecks

High Internet traffic can create bottlenecks that interrupt vital business applications.

Increase Capacity

Kerio WinRoute Firewall’s link-load balancing distributes excess load to other Internet connections to maintain high application performance.

Maximize bandwidth usage

Increase download and upload speeds
   - Combine several Internet connections to create larger bandwidth.

Improve the quality of VoIP and video conferencing
   - Spread Internet traffic onto multiple connections.
   - Route special applications to a specified Internet connection.

Prevent business interruption from Internet outage
   - Maintain connection uptime with active/active failover.

 

Other bandwidth management tools
Control bandwidth usage with bandwidth limiter.
Maintain Internet uptime with active/passive connection failover.

Kerio WinRoute Firewall

Pentium IV or compatible
CPU 1 GHz
512 MB RAM
50 MB HDD free for installation
Additional disk space for logging and cache
Minimum of two network interfaces (including dial-up)

Windows 2000/XP/2003/Vista/2008
32-bit or 64-bit edition
 

Kerio StaR and Kerio Clientless VPN - web browsers

Internet Explorer 6 and 7
Firefox 1.5, 2 and 3
Safari

Pentium III

256 MB RAM

10 MB HDD

Windows 2000/XP/2003/Vista/2008

32-bit or 64-bit edition

Licensing

1. The base license comes with 10-users.
2. More users can be added by purchasing a user add-on license.
3. Base license includes subscription for the first year.
4. Subscription licenses must match base licenses.
5. Subscription covers second or any additional year.

User License Count

The number of users means the number of hosts (IP addresses) protected by the firewall. The Kerio WinRoute Firewall computer does not count as a user!

The number of user accounts to use with Kerio WinRoute Firewall's proxy server and access control features is not limited.

What is the subscription?

The Update subscription entitles you to:

• product updates and upgrades for a period of 12 months from the subscription date
• free email and telephone technical support
• anti-virus database definition updates (for McAfee version only)

Upgrade and Support Subscription

Ensure access to new features and support while controlling the future cost of your solution

Our subscription program allows customers to extend the right to upgrades and technical support beyond the initial year of purchase.

Why should I subscribe?

• You get software maintenance.
• You get telephone and email technical support.
  (Details at www.kerio.com/support.)
• No financial surprises when upgrades are released.

How does subscription work?

• A one-year subscription (twelve months) from date of registration is included with the initial product purchase.
• Subscriptions can be purchased for up to one full year in advance only.
• Upgrades are free of charge for valid subscriptions.
• No access to technical support or upgrades for expired subscriptions.
• Subscription can be brought up to date by purchasing missed years.

How much does subscription cost?

See our product price pages for the current pricing info.

How do I register my subscription?
After purchasing the subscription, you will be given a registration key. You must register this key either from the product or at our website. During registration, input the registration key(s) from the original purchase, and then add the newly purchased registration key(s).

If you register the new keys from a product, your new/updated digital certificate will be automatically downloaded. If you register from our website, you will need to download your new digital certificate (the licence.key file) and import it to the product.

What if I increase the number of users?
You can increase the number of users for both valid and expired subscriptions.

If your subscription is valid, new users will be covered by subscription for the remainder of your current subscription year.

If your subscription is expired, neither new users nor existing will have subscription.

Questions?

If you have any questions, please contact our sales department at sales@kerio.com or ACCURATEShop.com