Kerio Control

How can we improve Kerio Control?

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Show blocked

    Show connections Denied (Yellow) and Blocked (Red) on Active Connections page to assist in diagnosing correct setting of traffic rules.

    29 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Central management  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add geolocation filtering to traffic rules

    It has become more important to be able to lock down communication to or from certain geographical locations. Geo-location would allow you to cut off connections based on the location of the connection being established

    29 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Flag idea as inappropriate…  ·  Admin →
  3. More secure VPN (two-factor auth) - remember me on this device

    Thank you very much for two-factor auth in Kerio 8.5. But I do not understand the option "remember me on this device" when entering code. Why? The code should be mandatory at all times! This is a security hole. Imagine the situation: the stolen notebook with knowledge of user's name and password (or better the password is saved in kerio vpn client :) , children of employees "playing" with notebook.

    If you do not cancel this setting for all, please add it to the administration. Preferred may be a softer setting too - on the individual user. See the picture.

    27 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  4. Block user with time quota

    e.g. : each user can connect 3 hours a day.

    27 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  5. Better integration with other Kerio products (e.g., creating firewall rules)

    I would like to see better integration with other Kerio Products. This would also be useful when Control is used with 3rd party products as well.

    Some examples of the integration that would be possible are:
    Wizard or 1-click rule creation for Kerio Connect NAT rules
    eg: have a wizard for "Mail Server NAT rules" that has checkboxes to select:
    [ ] Inbound SMTP/SMTPS/SMTP Submission
    [ ] Inbound POP/POPS
    [ ] Inbound IMAP/IMAPS
    [ ] Inbound LDAP/LDAPS
    [ ] Inbound HTTP/HTTPS/CalDAV
    ____________ Mail Server IP Address
    It would then create a number of rules that would allow inbound traffic to…

    26 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Flag idea as inappropriate…  ·  Admin →
  6. IPsec AES256 support

    Please add support AES256-SH1 to IPsec tunnel authentication phases

    26 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
  7. GeoIP - Mail should come thorugh

    i really like the GeoIP filter. But we have the problem that we are receiving mails from all over the world, so i the end i need to disable the filter again. i would like to use it for everything except mails, so it would be fantastic if you could imporove this filter.

    24 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. filter logs

    Rather than a find section, i would prefer a filter section in logs such as http etc so i can narrow down searches more efficiently.

    23 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Restrict users to login using RADIUS server in Kerio Control

    It would be nice to have an ability to prevent specified users\user groups from loggin to control via RADIUS server, it might help administrators to restrict someone from using personal wireless device at work

    23 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Please add support for IKE2 on VPN. Security holes need to be opened up to support L2TP/IPSec

    Please add support for IKE2 on VPN. Security holes need to be opened up to support L2TP/IPSec

    22 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  VPN  ·  Flag idea as inappropriate…  ·  Admin →
    planned  ·  Heather Paunet responded

    We do plan to support IKEv2. Will post updates here as we make progress.

  11. Add VirtIO drivers

    We are using a hypervisor environment that is based on KVM (Flexiant) and Kerio Control is not recognizing the drivers to boot up and install properly. We need to configure emulated devices (which is not optimal) to complete the installation of Kerio Control.
    Adding these drivers or enabling an options to add these drivers to the Kerio Control ISO is really needed.

    22 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  HW  ·  Flag idea as inappropriate…  ·  Admin →
  12. 22 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Flag idea as inappropriate…  ·  Admin →
  13. SNORT : Don't just drop packets, block the entire IP from further attack attempts

    If, for instance, an attacker tries to hit you with one exploit, what the IPS/IDS in Kerio will do is simply drop the packet(s) for that one attack.

    Automated/targeted exploit scanners/attackers don't just attempt one attack. They attempt hundreds.

    This allows the automated or targeted attackers/scanners to attempt every exploit in their arsenal on your systems until they find one that works.

    Kerio Control needs to add the configurable ability to block the attacker's IP address for a set period of time. This will prevent that particular machine/attacker from attempting to use their whole arsenal of exploits against your network…

    21 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Port redirection for reverse proxy.

    Allow a port redirection to access web servers and other services that may not be running on port 80 or 443.

    So port 80 would be redirected to port 3456 on a computer behind the proxy.

    21 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  15. Add to whitelist from Logs > Filter

    It would be useful to be able to add denied traffic that is desired to be whitelisted directly from the logs, instead of copying and pasting.

    21 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  content filtering  ·  Flag idea as inappropriate…  ·  Admin →
  16. Disable guest interface welcome/login page

    The guest interface/welcome page is an obstacle with guests that make use of company proxies, and with devices that don't have browsers to authenticate first. Even when no password is required, they still need to access this page first before they'll get Internet access. Please, pretty please ... with sprinkles on top, can we have a way to disable that or give users Internet access instantly?

    21 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  authentication  ·  Flag idea as inappropriate…  ·  Admin →
  17. More than one condition in bandwidth rule

    It would be excellent if Kerio was giving me the possibility of controlling the bandwidth for more than one criterion simultaneously, for example, clients with the quota exceded that belong to a certain group.

    20 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Flag idea as inappropriate…  ·  Admin →
  18. Ability to monitor individual Hosts based on IP address rather than file them all under "Not Logged in".

    The way Monitoring is currently set up, we need to have every host tied to an user in order to accurately see the traffic per connection.

    IP addresses which are not linked to a user will be marked as "Not logged in".

    It's not always possible or desirable to tie every source IP to an user.

    I would like to request a simple feature which would split up all the "Not Logged in"-traffic into their individual IP hosts.

    19 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  authentication  ·  Flag idea as inappropriate…  ·  Admin →
  19. Add import list of IP addresses to IP-Group for trafic rules from txt file

    Add import list of IP addresses to IP-Group for trafic rules from txt file
    (for example in attach)

    19 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  content filtering  ·  Flag idea as inappropriate…  ·  Admin →
  20. The intrusion prevention should use more than one core

    I have a cable connexion with 200 Mb/s and with Intrusion Prevention On it is only able to use 25 Mb/s.

    19 votes
    Vote
    Sign in
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  HW  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Kerio Control

Feedback and Knowledge Base