Sign In

Welcome! Log into your account

Forgot your password?

Create an account

Sign Up

Welcome! Register for an account

A password will be e-mailed to you.

Password Recovery

Recover your password

A password will be e-mailed to you.

Available for:

Kerio Control 9.4.1 Build 7208 (Firewall)

Kerio Control 9.4.1 Build 7208 (Firewall)
Download FreeDownload Buy Now

Kerio Control (Kerio WinRoute Firewall) is an award-winning UTM firewall designed to protect businesses from a comprehensive range of invasive and crippling corporate network threats.

Kerio Control’s auto-updating security layer detects and prevents emerging threats automatically while providing network administrators with flexible user policy tools. The software also provides the complete bandwidth management and QoS control, detailed network monitoring, and IPsec VPN connectivity for desktops, mobile devices and multiple sites.

Designed for corporate networks, it defends against external attacks and viruses and can restrict access to websites based on their content.

Kerio Control provides superior network protection and intelligence that is stable, secure, and above all, simple to manage. That sets new standards in versatility, security and user access control.

Kerio Control is equipped with VPN server, optional embedded Sophos Anti-Virus, integrated customizable ISS Orange Web Filter, and user-specific Internet access management. Also provides a multi-layer architecture for protecting networks, servers and users.

Kerio has added a new IDS/IPS system. It plays an instrumental role in detecting and preventing application exploits and malicious traffic. Just like built-in Sophos gateway antivirus, the IDS/IPS gets frequent automatic updates to ensure that networks are continuously shielded from emerging threats.

Intrusion Prevention System

  • Signature based backet analysis
  • IP blacklisting
  • Rule management

ICSA Labs Certified Firewall

  • Industry accepted standard test criteria
  • Corporate level criteria – enforces default security policy immediately after installation
  • Secure access remote administration – all changes to security policy are logged

Application Layer and Network Firewall

  • Create inbound and outbound traffic policies.
  • Protect servers without the need for a DMZ through application-friendly NAT traversal.
  • Perform stateful packet and protocol inspection and logging.

Anti-virus Protection

  • Filter viruses and worms from incoming and outgoing traffic.
  • Simplify deployment with integrated Sophos engine.
  • Dual anti-virus ready for extra protection.

Web Filter

  • Block access to websites with harmful or inappropriate content
  • 53 different categories of web content
  • Apply categorization to traffic statistics

VPN Server

  • Unlimited site to site connections
  • Mac, Windows, and Linux VPN clients
  • Clientless SSL-VPN for Windows networks

Changes in Kerio Control 9.4.0 (May 9, 2022):


  • New Kernel
  • New 2FA token expiration configuration for VPN 2FA
  • New HTTP/S redirect function in reverse proxy


  • KerioControl update server rejects upgrade from the latest HW box series.
  • HA stats temporary files are not being cleared.
  • Expired build-in “Let’s Encrypt certificates” have been renewed.
  • Fixed XSS security vulnerability in WebAdmin.
  • Getting checksum alert after upgrade to 9.3.6p1.
  • Free radius server fails to start.
  • Weekly and monthly reports are not being sent automatically.
  • Google remote desktop is not blocked once configured in content filtering rules.
  • Incorrect low free disk alert when data encryption is on.
  • Login page customizations are not working on Logic/Guest/User alerts pages.
  • Alert column info is blank for user transfer quota.

Changes in Kerio Control (May 31, 2021):

  • M1 MAC VPN client support
  • Interface mapping of NG511 Fixed
  • macOS VPN client updated to fix a script that was preventing installation on Big Sur
  • Update Windows VPN Client to make it compatible with Windows 20H2
  • New configuration “”L2TPUpScriptWaitSeconds”” and “L2TPUpScriptConnectTryCount”” introduced to recover stuck LT2P connections
  • New configuration “”DisableUniqueIDs”” introduced to prevent IPSec VPN disconnects
  • New traffic patterns added to properly block Teamviewer connections
  • Introduce new configuration “”InternetLinkAutoGatewayInterfaceList”” to stop probing interfaces which doesn’t have a gateway
  • Fix HA interface name validation failure happens when one of HA machine has legacy interface names
  • OpenSSL library is upgraded from 1.0.2j to 1.1.1d
  • HSTS (Strict-Transport-Security) Header added
  • Upgrade and Factory-reset scripts are failing because of signature image issue
  • Links on the IP Blacklist screen were either wrong or timing out. Now all links corrected
  • Info message displayed after distrusting a certificate updated for VPN connections
  • Fix crash in HA Slave machine happens when slave account host activity
  • TLS triple handshake vulnerability fixed by updating /etc/sshd_config configuration file
  • HSTS causes 2FA fail on Kerio VPN
  • Using Active Directory authentication (only). It causes authentication with Active Directory to fail making AD user connections not possible.

Changes in Kerio Control 9.3.5 (August 27, 2020):


  • The custom logo does not appear on login or deny pages
  • Wrong Country code for Serbia
  • Active Connections – Destination Country missing table information
  • Active Connections – Source Country missing table information
  • Content filter rules not blocking Teamviewer
  • Page refresh/close display an error dialog on Google Chrome
  • Unable to complete PPPoE discovery (NBN connection)
  • VPN Driver does not install on Windows 10 Update 2004
  • Kerio Control Slave unit fails to dial PPPoE
  • Localization string “Alert-HA” not found in any language
  • Statistics report errors in HA-Slave control
  • Unable to differentiate email report if from Master or Slave
  • Fixes for NG110, NG310, NG510/511 compatibility issues

New in Kerio Control 9:

  • MyKerio. Multiple administrators can manage appliances within an organizations
  • Shared definitions in MyKerio. Allow you to create and manage IP address groups, URL groups and time ranges directly in MyKerio and share them across multiple Kerio Control appliances in a single organization.
  • 2-step verification in MyKerio. The 2-step verification in MyKerio improves the security by requiring an authenticated user to provide an additional form of identification.
  • Preventing denial of service attacks. The connection limits configuration that protects against denial of service (DoS) has been redesigned and now includes enhanced default settings.
  • Bandwidth management works on IPv6. Supports bandwidth management on IPv6 including custom rules and bandwidth reservation.
  • Zero-touch provisioning of Kerio Control Box. Deploy it using MyKerio. If Kerio Control Box is running and connected to the Internet, you can activate and configure the appliance remotely in MyKerio.
  • Automatic identification of network interfaces. During installation, Kerio Control identifies Internet interfaces and local interfaces automatically.

Homepage –

Kerio Control screenshot

System requirements:

Software Appliance

  • CPU: 2 GHz
  • Memory: 4 GB RAM
  • Hard drive: 12 GB HDD space for OS, product, logs and statistics data
  • Network interface: 2 Ethernet (10/100/1000 Mbit)
  • HW: KerioControl is based on Linux kernel version 3.16. Hardware supported by this kernel is required.
    For list of supported hardware see

VMware Virtual Appliance

  • VMware Workstation/Player 11+
  • VMware Fusion 7+
  • VMware ESXi / vSphere Hypervisor 5.5+
  • CPU: 2 GHz
  • Memory: 4 GB RAM assigned to the virtual machine
  • Hard drive: 12 GB assigned HDD space for OS, product, logs and statistics data
  • Network interface: 2 assigned virtual network adapters

Hyper-V Virtual Appliance

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2008 R2
  • CPU: 2 GHz
  • Memory: 4 GB RAM assigned to the virtual machine
  • Hard drive: 12 GB assigned HDD space for OS, product, logs and statistics data
  • Network interface: 2 assigned virtual network adapters