Discussion in 'other firewalls' started by kalpik, Oct 22, 2005.
Take your pick!
Also state the reason why.
Even with bugs, I would take 4x over 2x, 2x is not compatible with some current software, also has BSOD issues and patchy XP compatibility, a truly nice firewall otherwise, best in terms of rule making but sorely in need of upgrade.
I like 2 for the interface, which can't be beat, however, I have to agree that 2 is getting quite old now and 4 is more up to date. 2 is certainly lighter, weighing in at 5mb ram. But all in all, since it's more current, 4 is probably my choice also. And 4.2.2 seems fairly bug free, if you can believe that.
Well even im running 4.2.2 right now and am pretty happy with it. Was just wondering if 2.1.5 is really better. But i guess i have my answer now!
I have just re installed the latest update. Tried to do it over 2.1.5 and it bomed out with error 2727 (something about a folder). So did a clean install. Maybe better idea since the old rule set had got a bit cluttered. I know I can import them.
Since I have had ver 4 in before it is running in its free form. The three modules are totalling 23K.
What I do notice though are the page faults which now about 400,000 and clocking up at a rate of 46/sec. What is the relevance of this and is it an issue?
I still don't understand what makes 2X better than 4X (other than resource load). One can create the same rules for either program. Is there something else?
Exactly why i created this thread! I dont really care about RAM usage (though 4.x is note really THAT heavy!).
I've just gone back to Kerio 2.x because it is simple but powerful and has low resources which leaves plenty of free memory for other things. I have never had any compatibility problems or BSOD's. Plus I use Antihook so I don't need Kerio 4.x component control.
Also, using chx-i along with kerio 2.x solves the much spoken about fragmented packet issue.
But as has been said, you can use the same rules in Kerio 4.x and disable the built in ones and the amount of resources it uses seems to be getting lower with each new release.
It (4.x) also seems much more stable and less buggy these days.
I use 2.1.5 simply because I only am looking for outbound protection as I have a router. It's also very light on resouces which is yet another reason it is my choice as well.
I don't know exactly what that means, but I think I remember reading somewhere in memory management sites that this is a problem of some kind. Not much help, sorry, but try Googling for it and you might find more info. It would seem to indicate a problem..
There is one thing I found annoying about the 4.x series, and that is it's logging. If you turn on logging of packets to closed ports, then everything appears to log ok, however, you will find that the logging does not obey your rules. For example, if you have a rule to log packets to say port 1026-1029, Kerio won't log according to your rule, it will just log those packets to closed ports going by it's rule to log them to closed ports. The logging to closed ports appears to be an internal rule that Kerio will obey before it looks at any of the other rules regarding logging. So if you do create rules to log things for whatever purpose, if the packets hit closed ports, then Kerio won't obey your logging rules.
That's one reason why 4 isn't as good as 2. Another reason is bugs in general. Although 4.2.1 seemed very good, 4.x in general has a bad reputation in this regard.
Also, 4 uses much more ram, 22mb or so as reported, compared to 2's 5mb. You may also not need the other "features" that 4 offers.
So there are some good reasons why some people still prefer Kerio 2.
Knowing all this though, I would still pick 4 I think, since it is more up to date, and doesn't have the frag packet problem, seems to have better SPI, and is still being worked on today (at least for a few more months).
Kerio 4.2 is same kind of firewall as Sygate. You don't really need to use packet rules if you don't want to. So it is much easier than Kerio 2.1.5 for a newbie.
There are added functions, like applications launching others, that are missing in 2.1.5.
I really like Kerio 4.2.2 that I installed yesterday, and find myself already familiar with all it's functions. In basic firewall options Sygate may have more configurability than Kerio. But Kerio's user interface is more nice.
Wish the log could be sorted. Also an IP backtrace would be nice.
I had a look on the Kerio forum and found this
They seem to think it ok. On Google found this.
and they say it is not good.
So really I am none the wiser. Looking at Process Explorer, all programs have page faults, but none of them to the degree of Kerio which is now over 1.8 million.
On a different topic, I noticed on this page
That there is a McAfee logo. Are they taking Kerio over?
McAfee and I think Kaspersky sell av/firewall packages bundled with Kerio so it's probably just something to do with that.
Well, Peter on the Kerio forum is one of the developers I think, so you can expect him to defend Kerio. He says this:
"Page fault means, that the process accesses memory page that is not
present in physical memory. OS than loads it from swap, increases the
counter you see in task manager and lets the process run. There is
nothing wrong about it."
However, if what he says is true, then that just means that Kerio is doing a lot of disk accessing, and if it gets real bad, it could cause "thrashing" and/or degrade performance. But I would say that if Kerio is having significantly more page faults than any other running process, then it's a sign of poor programming perhaps. 1.8 million seems high indeed, especially if none of the other processes are nearly this high.
So I guess you'd have to judge it by whether you see any performance issues. If not, then maybe it's acceptable. But you're right, that is very high.
Kerio shot themselves in the foot when 4X was released. Go back and look at archives from about two years ago and you will see they were ridiculed without mercy for releasing "beta" software.
4.2.2 shows that Kerio cares enough about their reputation to fix the bugs. But like the 1967 Corvair, a great final product won't repair a damaged reputation. This is probably what killed KPF4. I suspect, however, that it will rise from the ashes under a new name sometime next year.
Perhaps this is now moot:
http://news.zdnet.com/Kerio to scrap desktop firewall/2100-1009_22-5903250.html
I hope that this is not too dumb of a question.
How do I import or add or whatever... the BZ or Blitzenzeus rules for kerio 4.2.2 ? I know that a lot of the users of kerio 2 firewall like these rules. I read in this thread that the same rules can be used for the 4.2.2 version.
Where do I get them ?
It's not the number it's the rate, and how consistent this rate is. While idle there really shouldn't be a large number of page faults occuring. Memory block access near a previously accessed one or repeated access to a memory block should not cause page faults. So this could point to poor programming. It could be possible that the snort module that Kerio4x uses could be partly to blame, but this is unlikely. As you stated this could be a reason for some users reporting 'memory leaks' which were really just periods of disk thrashing because of a high rate of page faults. Of course if the program did not make allowances for not being able to access the memory in the time it wanted to use it, then you could have crashes as well.
BZ rules thread - http://www.broadbandreports.com/forum/remark,8023708
BZ's recommendations for using his ruleset with Kerio 4.x - http://www.broadbandreports.com/forum/remark,7823319~root=kerio~mode=flat
In Kerio 4 config screen, go to preferences>import select the bz ruleset you downloaded. The rules are added to the packet filter section in Kerio.
In case you haven't seen any of those threads before, they are quite old and the kerio 4 thread is pretty negative. It was a lot more bloated and buggier back then.
Thanks for the help but I must be missing something.
When I download the ruleset from the link provided, I get a zip file that I unzip using WinZip. It, of course, has a default location to unzip to - a temp file. Even if I unzip to My Documents, I still cannot find a file in the zip that is useable by Kerio 4.2.2 to import.
When browsing for the file to import, there is a dropdown to tell to look for kerio 4 config files or Kerio 2 config files. By default it is set to look for kerio 4 so you need to click on the arrow and select kerio 2.
Sorry I'm not using version 4.x anymore so I can't remember the exact procedure but hopefully that should point you in the right direction.
With my system they are clocking up at a rate of 46/sec. CPU usage is 2%, going to 11% every 5 or so seconds. After nearly 2 hours it is up to 300,000. The next nearest is Program Manager with 73,300.
Looking at the Kerio forum, this was not an issue in the early releases, about 4.1.
I got the standard BZ ruleset for Kerio 2 imported into 4.2.2, I think. I say "I think" because I do not know where to go to actually see the rules.
Assuming that I did get them in there. Should I turn off all or some of the "predefined" network security modules? These are under the the "predefined" tab under the network security selection. Also, there is the ability to enable or disable the "network security module" under the applications tab in the network security settings area. Both of these settings that I have asked about are simple checkboxes.
What about HIPS, NIPS, and Application blocking under the intrusions selection area ? Should those be unchecked? I am going to use the free version, I think maybe those go away after 30 days anyway...
In brief, I am trying to make 4.2.2 the best that it can be. I know that the 2.x version has had a devout following but I want to start with the newer firewall and import the BZ rules (which I have done, I think, how can I tell for sure?) and then set it up right. I like app. filtering as well, so 4.2.2 is good for me. I have been using Jetico and I am not up to the task. so, if you could help me get this going well, I would appreciate it.
I have tried Kerio version 4 but I still prefer ver. 2.1.5 it has always served me well and never let anything through that it shouldn't. I am sure that some day it just won't handle the newer malware but so far it works great. One of the all time great pieces of software.
Separate names with a comma.