Kerio Control

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Kerio Control
KerioControlsmall.jpg
Developer(s) Kerio Technologies
Stable release 8.3.3 / July 22, 2014 (2014-07-22)
Operating system Linux, VMware, Hyper-V
Type Unified threat management, Firewall
License Proprietary
Website kerio.com/control

Kerio Control (previously called Kerio WinRoute Firewall and before that WinRoute Pro) is a software gateway firewall developed by Kerio Technologies (earlier known as Tiny Software). Equipped with a VPN server, integrated Sophos anti-virus (optional), web filtering, bandwidth limiter, Internet monitor and user-specific Internet access management, the Kerio Control installs on Windows and Linux, providing network perimeter defense for small to medium organizations.

Kerio has recently announced that the Windows version will be discontinued as of the 8.0 version release. See http://www.kerio.com/blog/metamorphosis-kerio-control-74-will-be-last-version-windows

Release history[edit]

Version Release date Significant changes
3 to 4.x 1998 Winroute Pro version 3 and 4 supported under Windows 98 and Windows NT.
4.x February 1, 2002 Kerio company formed from ex-Tiny Software employees.[1]
5.0 February 21, 2003 First version with Kerio branding. Support for DOS-based Windows dropped.
5.1 August 25, 2003 Improved online user monitoring (Hosts/Users screen), Support for internet connection failover (Interfaces screen), SIP protocol inspector – transparent handling of SIP through NAT, Advanced logging options – log rotation and syslog support, Customizable DNS forwarding, Customizable redirect page for denying HTTP rules, Added detection of clients using P2P networks, Automatic checking for new versions, Ability to use DNS names instead of IP's in traffic policy, Support for NTLM for Mozilla-based browsers (Mozilla 1.4 or higher)
6.0 June 7, 2004 Integrated client/server and server-to-server VPN solution, Alerts and notifications, Antivirus protection for emails (POP3 and SMTP), Improved real-time user monitoring and traffic statistics, P2P Eliminator – universal P2P blocking, Support for VisNetic Antivirus Plug-in 4
6.1 June 23, 2005 Transparent user mapping in Active Directory domains, Support for multiple Active Directory domains, Kerio Clientless SSL-VPN(web-based secure access to network shares in LAN), Customizable routing configuration for VPN tunnels, Spanish localization
6.2 March 3, 2006 Bandwidth Limiter, Dual anti-virus, Product registration from the administration console, VPN Client supports for 64 bit Windows
6.3 March 29, 2007 Statistics and reporting (StaR), support for 64 bit systems, support for Windows Vista, and enhanced P2P Eliminator
6.4 September 17, 2007 Enhanced Internet monitoring, print-friendly reports, increased performance, and Dynamic DNS support
6.5 September 9, 2008 Internet link load balancing and 11 additional localizations
6.6 March 31, 2009 VPN client for Mac and Linux, run Windows VPN client as a service, and improved Network Neighborhood viewing
7.0 June 1, 2010 Product renamed to Kerio Control. Added Intrusion Prevention System, MAC Filter, Multiple IP addresses on an adapter.
7.1 November 30, 2010 Full Web Administration. Available as a Hardware Appliance.
7.4 October 30, 2012 Kerio Control Administration dashboard, HTTPS traffic filtering, VLAN, Hyper-V support.
7.4.1 December 4, 2012 Hyper-V 2012 support, IE 10 support.
7.4.2 March 12, 2013 WebFilter now filter HTTPS traffic over HTTP proxy.
8.0 March 12, 2013 Added IPsec VPN server, Added IPsec VPN tunnel support, dropped all Windows platforms for native Control server installation.
8.0.1 April 2, 2013 Fix release.
8.1 June 25, 2013 + New features: backup configuration to Samepage.io automatically, support for monitoring with SNMP, IP Tools - Ping, Traceroute, DNS Lookup, Whois, login guessing protection, support for regular expressions in URL, failover for VPN tunnel, Packet Dump management, support for the most common RAID controllers
8.1.1 July 23, 2013 + New features: added ability to save credentials for multiple VPN connections on OS X, added support for multiple organizations in Samepage.io backup, some bug fixes
8.2 November 12, 2013 + Content Filter feature replaces HTTP and FTP policy, + Added L2TP interface type,* PAE was enabled in Linux kernel, more than 4GB of RAM are now detected, * IPv6 support was added to HTTP protocol inspection,* Space occupied by HTTP cache is now reported in storage space management, * Enabled workaround for poor performance of particular TCP connections in VMWare vmxnet driver, * Backup DNS servers are now detected in Active Directory domain, * HTTP proxy server now supports method OPTIONS,* Kerio Control Administration: definitions can be edited directly from policy screens, * Kerio Control Administration: unsupported Ethernet port speed / duplex is now reported, * Kerio Control Administration: particular screen can be opened by URL bookmark, * Kerio VPN Client: Added support for OS X 10.9 Mavericks, dropped support for Mac OS X 10.7 Lion and older, - Fixed: Kerio Control Administration: Properties of user named "admin" from Active Directory are now editable, + Added support for Internet Explorer 11 and Safari 7 browsers
8.2.1 December 5, 2013 Content Filter: File name is now detected also in URL, Kerio VPN Client: Driver is not installed to /System/Library/Extensions on OS X 10.9 Mavericks, Fixed: Content rule URL condition "*" incorrectly matches non-HTTP connections, Stability issue in HTTP protocol inspector, HTTP cache TTL was not computed correctly, Kerio Control Administration: several stability issues
8.2.2 January 14, 2014 * Pre-windows 2000 account name is now used if user have secondary UPN suffix in Active Directory, Fixed: Stability issue in User database, forbidden words was always disabled after reboot, Kerio Control Administration: Several minor stability issues
8.2.2 patch 1 January 30, 2014 Fixed: possible deadlock in Content Filter
8.2.2 patch 2 April 10, 2014 Addressing Heartbleed OpenSSL problem
8.3 April 24, 2014 New features: Reverse Proxy feature; Traffic rules: added search text, test rules and hide/collapse rule features; MAC address can now be used for automatic user login; Added support for FTP in automatic configuration backup; New log Host introduced; Added possibility to create service groups; Manually assigned IP addresses within DHCP scope can now be blocked; Improved: Traffic rules: added last used column, added more colors; Traffic rules are now added by wizard; Active hosts now shows MAC address; MAC Filter now can automatically permit MAC addresses used in DHCP reservations and automatic user login; Bandwidth management rules can be now applied to VPN tunnel traffic before encryption; Dynamic DNS client now can detect public IP address; Automatic login now doesn't work for users disabled in directory service; DHCP reservation and automatic user login can be created from context menu on Active Hosts screen; Linux kernel upgraded to version 3.12; Fixed: DNS forwarder now forwards DKIM queries; OpenSSL vulnerability CVE-2014-0160
8.3.1 May 20, 2014 added feature: Logo and page title on web interface is now customizable

- Fixed: incorrect MAC address was assigned to host on DNAT connection, Statistics database could be corrupted by non-UTF8 characters, Packets from firewall are now correctly, logged in filter log in case of NAT, IPS false positives on SMTP connections, Kerio Control Administration: It is now possible to add VLAN in Google Chrome, Kerio Control Administration: Incorrect row was focussed after Reset on different screens

8.3.2 June 30, 2014 Added: HTTP connection is now not required inside VPN tunnel, supported operating systems and hypervisors updated to recent versions

- Fixed: packets were sometimes incorrectly dropped by MAC filter due to empty MAC address, OpenSSL vulnerability CVE-2014-0224, SQL injection vulnerability in Kerio Control Statistics

8.3.3 July 22, 2014 Fixed: fragmented packets were incorrectly routed, stability issue in HTTP proxy, Added: improved DNS timeout detection in Kerio Control Web Filter, additional WebDAV methods were allowed in HTTP proxy

See also[edit]

References[edit]

External links[edit]