Jetico Personal Firewall

Discussion in 'other firewalls' started by Kerodo, Sep 2, 2004.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I am going to wait a couple of days to try it. Other concerns dominating the picture around here trump software testing .
     
  2. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    So far, the new version runs fine.
     
  3. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Let us know if there there are any changes under the hood, so to speak.
     
  4. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    None that I can see / feel. Steam was allways working for me, and I don't have the knowledge / time to test fragmented packets etc. So, at least to me there seemes not much improvement.
    Still having issues with apps masquerading as other aps when asking for network access, still no differentiation between accessing network components / real outbound access, still no "allow access for this session" button...

    So I guess this is just a quick-fix release. Hope there's more to come.
     
  5. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    I think the whole access to network thing is a real pain in the ass, so to speak. When it prompts you for some new app, the first thing it asks for is access to network, but you never know if that's all it wants, or if it's going to also ask again for an outbound connection. So the first time the question comes up, you don't know whether to just ok the network access or to allow it using one of the predefined settings. I wish they could do something to make that part a little simpler.

    Based on what I've heard so far, I think I'll wait for the next release...
     
  6. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Well, it is stable for me, so if you are running JPF atm, you could think about upgrading. If you're on another FW, there's nothing to get seriously excited about :blink:
     
  7. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    K-

    You did not need to say "so to speak". The painful condition of the lower body does not need to be qualified. I expected to see some new feature of note this time, like ip address ranges. Perhaps they are regrouping.
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Yep, maybe we're spoiled too. Most firewall releases aren't as frequent anyway. IP address ranges would be nice.

    I took my Kerio 2 rules and imported them into Kerio 4.2 beta 4 tonight and am having good results, believe it or not. I also had to uncheck the option that blocks traffic during boot up. It was blocking my legit dhcp traffic and giving me errors in event viewer. Otherwise, it's pretty ok.
     
  9. Arup

    Arup Guest

    Kerodo,

    The guy who sells Kerio here knows me well and wants me to sell Kerio 4 to my university. If your tests go well, I might seriously consider doing that. Right now they are all on Kerio 2.15+BZ Advanced.
     
  10. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Arup - The problem with Kerio 4 is that it has a very bad reputation for being buggy. Also it's resource usage is much higher than Kerio 2's. I kinda like Kerio 4 in spite of it's bugs and quirks. It seems to have good SPI as far as I can tell. Also no problem with fragmented packets. But on the down side, it's logging is very weird. Almost as if they slapped logging on as an afterthought instead of integrating it properly with the firewall to begin with. If you use rules in Kerio 4, you can't always get them to log the way you'd like to. If you try it you'll see what I mean.

    Kerio 4 can be run fairly simply too, without any rules. It will install and run out of the box much like ZA. I think that's what they're trying to achieve. Yet, if you want to, you can still import your Kerio 2 rules (with some adjustments), and use it like you would any rules based firewall.

    As far as support, I don't recommend them though. From what I've seen, they are not too responsive to messages posted in their forums. So if you do have trouble, you may be on your own. Of course, I'm not a paying customer, so that may make a difference.

    I do think it's a pretty good firewall, but you have to be willing to put up with some bugs and problems, which may or may not get fixed for a long time. I waited for a long time for logging to unopened ports, and when they finally got around to implementing it, it turns out to be a quirky, half-assed, patched on feature which only half works. Something like this should have been there properly from the beginning.

    I'm hoping, though, that when they release the final 4.2 it will be a pretty good product. We'll see I guess..

    Sorry folks, this doesn't have much to do with Jetico, I know. My apologies..
     
    Last edited: Mar 14, 2005
  11. Arup

    Arup Guest

    Going back to Jetico, tried the new one out, still the same annoying problems, too many pop ups, even if I give Thunderbird mail access, any mail with ads would make Jetico go haywire. Same is the case with UDP diagrams and SYSTEM, I make it a rule for SYSTEM and even then, it is pop up hell. Stateful Packet Inspection has to be disabled for TCP/UDP for ICS Gateway machine even with the new version.

    By the way, thanks for your advice on Kerio 4, I am truly aware of all the problems, one of the reasons the guy wants to give me an incredible deal.
     
  12. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    I don't know much about ICS but I would think that disabling SPI is not very desirable.. Have you contacted them about this? I suppose you have.. The popups are going to be annoying to many. It's one of the first things I noticed about JPF.

    PS - An incredible deal on something you don't want is no deal at all. ;)
     
  13. ghost16825

    ghost16825 Registered Member

    Joined:
    Feb 1, 2005
    Posts:
    84
    Man, are you insaneo_O?!!!
    Have you checked the responses from those who are supposedly like this firewall at http://forums.kerio.com ?
    ...and the problems listed are coming from those with a favorable view of the product.
     
  14. Arup

    Arup Guest

    I am totally aware of that, I am a regular at DSL forums and see all the problems associated with it, what happens is once in a while, some wise guy comes up and does an audit off all the software installed in univ, then he makes a big deal about a old software, in this case 2.15 being used and all the security risks the system is opened to.

    I for all purpose continue to use Kerio 2.15 and it will take a really good alternative which is as tested as Kerio 2.15 with a simple yet intuitive interface to stray me away, NetVeda showed lots of promise and so does Jetico, but both are too rough on edges.
     
  15. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    To be fair to Kerio 4, most other firewalls have their problems too. Outpost users see BSOD's fairly often it seems, and other firewalls have problems too. In fact, I can't think of one that doesn't have bugs or problems of some kind..

    I think Kerio 4 gets picked on because Kerio 2 users perhaps had high hopes for a new and updated Kerio at one time, but were disappointed.
     
  16. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Well, I asked Jetico what their upcoming plans were for JPF and got an answer in the mail early this morning. They don't say much, when or where, but it looks like they're still working on things. Here are their words:

    "I can't send you exact plans, but major enhancements include
    windows service implementation, hash checking improvement,
    rule editors facelift, pasword protection for configuration."

    Hopefully some of these things will appear soon...
     
  17. Arup

    Arup Guest

    Sounds real good, the password protection feature was suggested to them by many including myself, seems they are listening. Now the wait for the new version begins.

    Thanks for posting this K.
     
  18. dukebluedevil

    dukebluedevil Registered Member

    Joined:
    Sep 14, 2002
    Posts:
    177
    It seems to me like there now just trying to finish up and fix the remaining bugs that are left in version 1. I'm glad that they are actually taking there time to take care of any remaing loose ends before adding any new major enhancements to the firewall. The firewall will be better because of it down the road with less problems if they tackle them now instead of just sweeping them under the rug so that they can crawl out later and cause even more problems. :)

    I'm just guessing, but I would assume that there probably won't be any big improvements such as the ones mentioned added to the firewall untill the next brand new version (2?) comes out, which they will probably start charging for. It may even be awhile untill we see a new beta out with these improvements in it, so were probably just going to have to be patient now.
     
  19. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    This thread is mighty long. Might be time to move into a new one with the next release of JPF.
     
  20. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,982
    Yeah, I pity anyone who just starts reading it from the beginning now...

    I'm glad to see they're going to run JPF as a service. I requested that a long time ago, along with the hash update also.

    I'm thinking they will probably add/do these things soon, in 1.x versions, still freeware. But we'll see I guess..
     
    Last edited: Mar 21, 2005
  21. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    And a new version of Jetico is available.

     
  22. Arup

    Arup Guest

    WOW! You beat me to it SSK.
     
  23. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Have some exams coming up, so I was up early :D
     
  24. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Anone notice any differences in behavior, especially in user interaction?
     
  25. Arup

    Arup Guest

    The table looks way less uncluttered.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.