Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » NG100 good upgrade from old Sonicwall?
  •  
HPSmatt

Messages: 11
Karma: 0
Send a private message to this user
Our current UTM solution (TZ100) is nearing end of support life so I've been looking at possible replacements.

As happy users of Kerio Connect the interface of Kerio Control looks like it might be simpler to work with - especially if having to give instructions to colleagues when away. Having a low power bit of dedicated hardware probably makes more sense than trying to find some old hardware to run it on natively or in a VM hence my looking at the NG100.

The main needs are dual WAN support, Firewall with IPS and occasional IPsec VPN access for 2 or 3 home workers along with the box being a DHCP server and NAT router.
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
How much you need throughput? With 9.1.x serie software, the NG100 performs really bad with UTM enabled - now they have made it slightly better with 9.2.x but still if you need over 30MB/s throughput i would look bigger boxes.
  •  
HPSmatt

Messages: 11
Karma: 0
Send a private message to this user
I was hoping for slightly better using IPS (probably can leave the mail server and client machines to deal with anti-virus) with it being much newer hardware as that figure seems similar to what I'm getting on the old TZ100 on an 80/20 Fibre connection.

It's only for a few users so I would struggle to justify the cost of the NG300.

The NG100 seems similar priced to the wired only version of the SonicWall SOHO which would be the nearest modern equivalent. I was just hoping for better ease of use and more affordable annual renewals.
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
I'm using the NG100 only for backup VPN-connections - everything else is disabled. The performance was so bad, that there was problem even to stream data that needed 25-30Mbit/s throughput. Also speedtests confirmed the bottleneck to be NG100.

Nice small box and adminGUI is really good - but for todays connections it is just too slow. I think the next step (NG300) is too expensive just to get the slightly better performance.
  •  
HPSmatt

Messages: 11
Karma: 0
Send a private message to this user
That's a real shame - I was definitely hoping for much better than that...

The step up to the NG300 is just too much so it looks like I have no real choice but to go back to the SOHO.

I can't see it very likely that I could buy or build a small low power dual WAN box to mount on the wall and buy a Control licence for less than that will cost us.

  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
In the upcoming 9.2 release we've drastically improved performance. In my basic tests with the beta on an NG100 I see upwards of 75 Mbps with all security features enabled.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
HPSmatt

Messages: 11
Karma: 0
Send a private message to this user
That does sound more promising - I was kind of assuming anything current should be more powerful than our old TZ100 hardware.

I've been investigating going the software only route this afternoon and came across this: http://www.mini-itx.com/build/JBC375-F533

It looks to have the features needed for dual WAN and performance but there is always the risk of hardware compatibility issues and support (should we need to use it) hence why we generally preferred the idea of the Kerio hardware.
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
I downloaded a beta and made a quick test using VPN connection.

Without NG100: 53 / 10
With NG100: 33 / 8
  •  
ksnyder (KERIO)

Messages: 526
Karma: 34
Send a private message to this user
I've implemented 9.2 Beta on an NG100 running in my home and saw more than 2x throughput improvement versus the previous version with all security features enabled (IPS, Anti-virus, Web Filter, Content Filter, and Application Awareness). In my case, I tested throughput using http://fast.com.

[Updated on: Wed, 23 November 2016 17:06]


Ken Snyder
Director, Sales Engineering | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
Made now test without VPN. Computer straight connected to router and then throught NG100 (no switch) running new beta software.

Speedtest.net
************
Without NG100 : 53 / 10
With NG100 : 36 / 09

fast.com
********
Without NG100 : 50Mbps
With NG100 : 27Mbps

Also made test downloads from the Funet's FTP site (debian mirror). Got same kind of results.

When looking speedtest the performance is slightly better than before beta. It used to be around 25Mbit/s before, and now it is 36 - yes big difference when looking percents, but still quite bad.
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
That's less than expected. Try adjusting your port speed as some internet routers do not support automatic detection of port speeds and this results in significant packet loss and performance degradation.
http://kb.kerio.com/product/kerio-control/interfaces/changin g-the-speed-and-duplex-settings-of-ethernet-interfaces-1936. html
Also, if you have an ADSL connection it's likely that there is fragmentation, which also results in performance degradation. Consider lowering the MTU of your WAN interface http://kb.kerio.com/product/kerio-control/interfaces/changin g-the-mtu-of-network-interfaces-1930.html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
ksnyder (KERIO)

Messages: 526
Karma: 34
Send a private message to this user
Also, make sure you don't have any bandwidth management rules active that might be impacting the speed test.

You can view the Status-->Active Hosts-->Connections screen while you perform the speed test to determine if there are detrimental traffic rules or bandwidth rules that are being applied during the test.

Ken Snyder
Director, Sales Engineering | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
Portspeed forced, and MTU tweaked. No help.

I try to investigate this more with better time.

What is the estimate i should be getting according to kerio? Over 50Mbps?

Kerios tech spec promises only 27 Mbit/s with UTM on (older firmware): https://www.kerio.com/content/kerio-control-tech-specs#tab4

[Updated on: Wed, 23 November 2016 20:11]

  •  
ksnyder (KERIO)

Messages: 526
Karma: 34
Send a private message to this user
My own personal tests at home (again using http://fast.com) yielded OVER 50Mbps consistently. I believe Brian observed something higher than that in his tests.

** Re-stating the (hopefully) obvious: My test was on an NG100 running Kerio Control v9.2.0 Beta. Earlier versions of Kerio Control will perform similarly to what is currently published on our website, as you point out. ***

[Updated on: Wed, 23 November 2016 20:21]


Ken Snyder
Director, Sales Engineering | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
jassu

Messages: 23
Karma: -1
Send a private message to this user
ksnyder (KERIO) wrote on Wed, 23 November 2016 20:17

** Re-stating the (hopefully) obvious: My test was on an NG100 running Kerio Control v9.2.0 Beta. Earlier versions of Kerio Control will perform similarly to what is currently published on our website, as you point out. ***


Yep, same here. Using the 9.2.0 Beta for tests, and the results i gave was with that version.
Previous Topic: Clients get MAC of internet interface instead of LAN interface
Next Topic: limit access rule by users of domain
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 11 14:47:52 CET 2016

Total time taken to generate the page: 0.01244 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.