Jetico Personal Firewall

I am going to wait a couple of days to try it. Other concerns dominating the picture around here trump software testing .

 

So far, the new version runs fine.

 

Let us know if there there are any changes under the hood, so to speak.

 

None that I can see / feel. Steam was allways working for me, and I don't have the knowledge / time to test fragmented packets etc. So, at least to me there seemes not much improvement.
Still having issues with apps masquerading as other aps when asking for network access, still no differentiation between accessing network components / real outbound access, still no "allow access for this session" button...

So I guess this is just a quick-fix release. Hope there's more to come.

 

I think the whole access to network thing is a real pain in the ass, so to speak. When it prompts you for some new app, the first thing it asks for is access to network, but you never know if that's all it wants, or if it's going to also ask again for an outbound connection. So the first time the question comes up, you don't know whether to just ok the network access or to allow it using one of the predefined settings. I wish they could do something to make that part a little simpler.

Based on what I've heard so far, I think I'll wait for the next release...

 

Well, it is stable for me, so if you are running JPF atm, you could think about upgrading. If you're on another FW, there's nothing to get seriously excited about

 

K-

You did not need to say "so to speak". The painful condition of the lower body does not need to be qualified. I expected to see some new feature of note this time, like ip address ranges. Perhaps they are regrouping.

 

Yep, maybe we're spoiled too. Most firewall releases aren't as frequent anyway. IP address ranges would be nice.

I took my Kerio 2 rules and imported them into Kerio 4.2 beta 4 tonight and am having good results, believe it or not. I also had to uncheck the option that blocks traffic during boot up. It was blocking my legit dhcp traffic and giving me errors in event viewer. Otherwise, it's pretty ok.

 

Kerodo,

The guy who sells Kerio here knows me well and wants me to sell Kerio 4 to my university. If your tests go well, I might seriously consider doing that. Right now they are all on Kerio 2.15+BZ Advanced.

 

Arup - The problem with Kerio 4 is that it has a very bad reputation for being buggy. Also it's resource usage is much higher than Kerio 2's. I kinda like Kerio 4 in spite of it's bugs and quirks. It seems to have good SPI as far as I can tell. Also no problem with fragmented packets. But on the down side, it's logging is very weird. Almost as if they slapped logging on as an afterthought instead of integrating it properly with the firewall to begin with. If you use rules in Kerio 4, you can't always get them to log the way you'd like to. If you try it you'll see what I mean.

Kerio 4 can be run fairly simply too, without any rules. It will install and run out of the box much like ZA. I think that's what they're trying to achieve. Yet, if you want to, you can still import your Kerio 2 rules (with some adjustments), and use it like you would any rules based firewall.

As far as support, I don't recommend them though. From what I've seen, they are not too responsive to messages posted in their forums. So if you do have trouble, you may be on your own. Of course, I'm not a paying customer, so that may make a difference.

I do think it's a pretty good firewall, but you have to be willing to put up with some bugs and problems, which may or may not get fixed for a long time. I waited for a long time for logging to unopened ports, and when they finally got around to implementing it, it turns out to be a quirky, half-assed, patched on feature which only half works. Something like this should have been there properly from the beginning.

I'm hoping, though, that when they release the final 4.2 it will be a pretty good product. We'll see I guess..

Sorry folks, this doesn't have much to do with Jetico, I know. My apologies..

 

Going back to Jetico, tried the new one out, still the same annoying problems, too many pop ups, even if I give Thunderbird mail access, any mail with ads would make Jetico go haywire. Same is the case with UDP diagrams and SYSTEM, I make it a rule for SYSTEM and even then, it is pop up hell. Stateful Packet Inspection has to be disabled for TCP/UDP for ICS Gateway machine even with the new version.

By the way, thanks for your advice on Kerio 4, I am truly aware of all the problems, one of the reasons the guy wants to give me an incredible deal.

 

I don't know much about ICS but I would think that disabling SPI is not very desirable.. Have you contacted them about this? I suppose you have.. The popups are going to be annoying to many. It's one of the first things I noticed about JPF.

PS - An incredible deal on something you don't want is no deal at all.

 

Man, are you insane?!!!
Have you checked the responses from those who are supposedly like this firewall at http://forums.kerio.com ?
...and the problems listed are coming from those with a favorable view of the product.

 

I am totally aware of that, I am a regular at DSL forums and see all the problems associated with it, what happens is once in a while, some wise guy comes up and does an audit off all the software installed in univ, then he makes a big deal about a old software, in this case 2.15 being used and all the security risks the system is opened to.

I for all purpose continue to use Kerio 2.15 and it will take a really good alternative which is as tested as Kerio 2.15 with a simple yet intuitive interface to stray me away, NetVeda showed lots of promise and so does Jetico, but both are too rough on edges.

 

To be fair to Kerio 4, most other firewalls have their problems too. Outpost users see BSOD's fairly often it seems, and other firewalls have problems too. In fact, I can't think of one that doesn't have bugs or problems of some kind..

I think Kerio 4 gets picked on because Kerio 2 users perhaps had high hopes for a new and updated Kerio at one time, but were disappointed.

 

Well, I asked Jetico what their upcoming plans were for JPF and got an answer in the mail early this morning. They don't say much, when or where, but it looks like they're still working on things. Here are their words:

"I can't send you exact plans, but major enhancements include
windows service implementation, hash checking improvement,
rule editors facelift, pasword protection for configuration."

Hopefully some of these things will appear soon...

 

Sounds real good, the password protection feature was suggested to them by many including myself, seems they are listening. Now the wait for the new version begins.

Thanks for posting this K.

 

It seems to me like there now just trying to finish up and fix the remaining bugs that are left in version 1. I'm glad that they are actually taking there time to take care of any remaing loose ends before adding any new major enhancements to the firewall. The firewall will be better because of it down the road with less problems if they tackle them now instead of just sweeping them under the rug so that they can crawl out later and cause even more problems.

I'm just guessing, but I would assume that there probably won't be any big improvements such as the ones mentioned added to the firewall untill the next brand new version (2?) comes out, which they will probably start charging for. It may even be awhile untill we see a new beta out with these improvements in it, so were probably just going to have to be patient now.

 

This thread is mighty long. Might be time to move into a new one with the next release of JPF.

 

Yeah, I pity anyone who just starts reading it from the beginning now...

I'm glad to see they're going to run JPF as a service. I requested that a long time ago, along with the hash update also.

I'm thinking they will probably add/do these things soon, in 1.x versions, still freeware. But we'll see I guess..

 

And a new version of Jetico is available.

 

WOW! You beat me to it SSK.

 

Have some exams coming up, so I was up early

 

Anone notice any differences in behavior, especially in user interaction?

 

The table looks way less uncluttered.