How can we improve Kerio Control?

Cluster / FailOver Firewall prelude: sync config from master to slave Control

Kerio Control born for small and medium business company.
in this market there are company with only 5 or 20 users that need firewall failover solutions.
so the cluster or failover solution is not mandatary of big company, but it depend from any specific customer.

my suggestion at the moment could be to create sync of configuration from Master Kerio Control firewall to Slave Kerio Control Firewall. Maybe with ssh is possible to do this feature easy.

in this way two firewall have the same configuration but the Slave have a specific IP address don't used in master firewall (this to prevent ip conflict).

269 votes
Vote
Sign in
Signed in as (Sign out)
You have left! (?) (thinking…)
coretechcoretech shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

14 comments

Sign in
Signed in as (Sign out)
Submitting...
  • David VeselkaDavid Veselka commented  ·   ·  Flag as inappropriate

    This (or any kind of High Avalability / quick spare) is "must have" for real company use. Idea is from 2014, now it is middle of 2016, it is second most voted idea with more than 200 votes, please can you implement it ASAP ?

  • Glaucio JardimGlaucio Jardim commented  ·   ·  Flag as inappropriate

    Just add support for VRRP on ip addressing. With VRRP 2 firewalls can handle same ip (virtual ip) on ative/passive mode - probably this is the fastest solution. If HA/Clustering is not a priority, with VRRP we can manually updates rules on secondary firewall (maybe download from same page cfg..) and have HA with Kerio Control.

  • Heather PAdminHeather P (VP, Products, GFI) commented  ·   ·  Flag as inappropriate

    Hi Roberto, thanks for the feedback. There are a few other things above this in priority, but we do have failover on our list of things we'd like to do. Votes are definitely helpful to help us prioritize.

  • coretechcoretech commented  ·   ·  Flag as inappropriate

    Dear Heather, is it too time expansive to build a synch, so no a complete cluster solution?
    now you have mykerio and active/passive firewall configuration should be not very time expensive. If the vote can help to increase the level of priority we could invite our customer express their opinion

  • claudeclaude commented  ·   ·  Flag as inappropriate

    We use Kerio for a long time (winroute...) and we are very satisfied. But our needs in terms of high availability has increased, we have more than 30,000 customers who need to connect to our applications 24h/24 .
    Because this option will not be available quickly enough, our management has chosen to migrate to Checkpoint Firewall

  • Christophe GALLIENNEChristophe GALLIENNE commented  ·   ·  Flag as inappropriate

    Helllo, enough for you aslan but not enough for me (and those) who need a real slave/master ;)
    The most cost effecive will be a master on a software appliance.

  • AslanAslan commented  ·   ·  Flag as inappropriate

    UPD:
    Roman Jokl (Admin, Kerio) responded · November 11, 2015
    MyKerio service is now able to sync IP Address Groups, URL Groups and Time Ranges to all Controls version 9.0.0 beta1 and newer in organization. Should cover same scenarios as requested feature.

    http://feedback.kerio.com/forums/141042-kerio-control/suggestions/2679638-import-and-export-feature-for-urls-and-ips-groups
    It could be enough for me.

  • AslanAslan commented  ·   ·  Flag as inappropriate

    At least ability to sync traffic and content filter rules should be added. Don't you think so? We have a number of clients which have a number (2-5) of offices. Each office is protected by Kerio Control and if client decides to block some URL (i.e.) I have to repeate this operation 2-5 times.

  • c turkc turk commented  ·   ·  Flag as inappropriate

    Kerio has to make this. Kerio Control is no longer only for SMB market. It seems more and more SME are using Kerio Control. Let's be honest when Control can do clustering/fail-over it will win more market. Control is easy to use and can lot the same as the other brands.
    After this is active, zones would be also nice asset ;-)

  • ksimmonsksimmons commented  ·   ·  Flag as inappropriate

    this would be a great Idea and let the cluster address be the connecting point. Come on Kerio time to kick the big guys in the shins! I would readily pay for another full license to have this ability!!!!

  • claudeclaude commented  ·   ·  Flag as inappropriate

    This option is very important because Kerio Control has no redundancy solution. other Firewal (checkpoint, palo alto, ....) offers this feature.
    OS of kerio control is linux, maybe adding Carp and pfsync to have a fully redundant cluster of Kerio-Control ?

  • Tomislav BurazinTomislav Burazin commented  ·   ·  Flag as inappropriate

    This would be a great upgrade for control. Anyone that needs/wants 90%+ up-time has to have automatic failover in some form.
    Hopefully it won't cost an arm and a leg (i.e. double subscription)...

  • Tomislav BurazinTomislav Burazin commented  ·   ·  Flag as inappropriate

    This would be a great upgrade for control. Anyone that needs/wants 90%+ up-time has to have automatic failover n some form.
    Hopefully it won't cost an arm and a leg (i.e. double subscription)...

Feedback and Knowledge Base