Known issues & fix status update

Status update on a reported issue affecting GFI KerioControl v10.

Under investigation:

• v10 speed issues: download speed drops when traffic matches an imported bandwidth management rule. Root cause identified in the internal PipeManager module. Fix confirmed; pending release.

Track real-time status updates at: https://status.gfi.com/

We will notify you immediately when the fix is deployed and verified. Updates are made available through standard product update mechanisms.

GFI KerioControl 9.6.1 release

GFI KerioControl 9.6.1 is now available, bringing improved network integrations, hardware support, and bug fixes.

What's new:

• Improved GFI Exinda AI integration: The Exinda unit can now automatically configure IP groups based on traffic monitoring, making it easier to create traffic rules on the KerioControl firewall.
• 10Gbps NIC support: Added support for 10Gbps network interface cards. Firewall rule usage patterns can be viewed from the dashboard.
• AppManager registration reset: Added support to completely reset a device's AppManager registration directly from the GUI.

Fixes:

• WAN adapter group move fix: Fixed a bug where moving the WAN adapter from the "Internet" group to "Other Interfaces" could cause a temporary networking outage due to unexpected stickiness in the default routes.
• IPS false alert fix: Fixed a bug where IPS security alerts were raised when processing local DNS queries, which are harmless.

To view the complete release notes, visit our release notes page.

Note: This update applies to KerioControl v9.x only. If you are running v10.x, this does not apply to your installation

For product downloads and information about upgrading GFI KerioControl, visit the GFI Upgrade Center.

GFI KerioControl AI 9.6:9161 now available for early access

GFI KerioControl AI 9.6:9161 is now available for Early Access, introducing Shield Matrix whitelist capabilities and expanded hypervisor support.

What's new:

• Shield Matrix Whitelist: Define custom whitelists for Shield Matrix, addressing scenarios where legitimate traffic (such as Let's Encrypt certificate renewals) was incorrectly blocked.
• Native QEMU/Proxmox Support: Improved compatibility for deployments running in QEMU-based hypervisors including Proxmox.
• GFI AppManager AI Per-Service Connection Limits: Administrators can now define maximum concurrent connections per individual service via AppManager > Configuration > Security Settings > Connection Limits.
• IPsec Enhancements: Added support for ECC Diffie-Hellman Groups 19/20/21 (ECP256/ECP384/ECP521).
• GeoIP Updates: Updated GeoIP database support for improved accuracy and performance.
• Bug Fixes: Resolved issues with DHCP lease renewals, HA failover configuration on slave nodes with multiple WAN links, and intermittent high CPU spikes causing traffic disruption.

You can download this version here.

Note: This update applies to KerioControl v9.x only. If you are running v10.x, this does not apply to your installation

GFI KerioControl - UDP traffic stability issue

We are aware of an issue affecting UDP traffic stability in some KerioControl environments.

What we've identified:

This issue does not affect all GFI KerioControl customers. We have identified a bug that may cause occasional drops of UDP packets in certain KerioControl environments.

Current status:

Our KerioControl development team has made this a highest priority issue and is working around the clock to resolve it.

Latest Update: A fix has been identified, and we are currently in the testing phase to ensure the solution completely resolves the issue without introducing any unintended side effects.

Resolution:

✅ This issue has been resolved in GFI KerioControl 9.6, which is now available in beta.

Users experiencing UDP traffic stability issues can access the beta version here: Download KerioControl 9.6 Beta

Public Release ETA: First week of November 2025

Monitoring the issue:

You can track real-time status updates at: https://status.gfi.com/

The public release will be made available through the standard KerioControl update mechanism.

Let's Encrypt certificate renewal and Shield Matrix interaction

Users may experience SSL certificate renewal delays in KerioConnect when KerioControl's Shield Matrix blocks Let's Encrypt endpoints that have been flagged by global threat intelligence.

Workaround:

• Temporary Solution: Disable Shield Matrix in KerioControl during KerioConnect certificate renewal, then re-enable once renewal completes
• Affected Configurations: KerioConnect with KerioControl running Shield Matrix enabled

We're monitoring this behavior to determine whether this represents a change in Let's Encrypt's standard operations. Updates will be provided as the situation develops.

If you need assistance with this workaround, please contact our support team.

GFI KerioControl 9.5p3 now available

GFI KerioControl 9.5p3 is now available, delivering critical stability improvements and enhanced VPN monitoring capabilities for improved network security management.

Stability improvements:

• IPS Stability: Resolved critical system stability issues when modifying configurations with IPS enabled

Bug fixes:

• System Stability: Fixed a bug where IPS could cause system hangs during configuration changes
• VPN Statistics: Corrected OpenVPN client statistics display on the dashboard VPN information tile
• Activity Logging: Fixed OpenVPN client activity tracking to properly include entries in the dial log

Improvements:

• VPN Monitoring: Enhanced visibility of OpenVPN client connections with accurate dashboard statistics and comprehensive activity logging

This maintenance release focuses on system stability and VPN monitoring accuracy, ensuring reliable operation of critical security features.

To view the complete release notes, visit our release notes page.

GFI AppManager 1.57 now available

GFI AppManager 1.57 introduces passwordless authentication with comprehensive passkey support, revolutionizing secure access management across your organization.

New features:

• Passkey Registration: Support for modern passwordless authentication through passkey registration
• Passkey Authentication: Full support for passkey-based login, providing enhanced security and user convenience
• Multi-Passkey Management: Users can now register and manage multiple passkeys for flexible access across devices

Security enhancements:

• Password Expiry: Implemented automatic password expiry and logout policies for enhanced security compliance

This release marks a significant step forward in authentication technology, offering both improved security and user experience through passwordless authentication options.

To view the complete release notes, visit appmanager.gfi.com.

GFI AppManager 1.56 released

GFI AppManager 1.56 delivers the new Kerio Control Shield Matrix UI along with critical fixes and performance improvements for a smoother management experience.

New features:

• Kerio Control Shield Matrix UI: New visualization interface for better management and monitoring of Kerio Control deployments

Bug fixes:

• Auto-Logoff Notifications: Fixed inconsistencies in auto-logoff notification behavior and resolved blank screen issue after re-login
• Account Creation: Fixed new accounts not appearing immediately after creation; no manual refresh required

Performance improvements:

• Frontend Optimization: Optimized appliance information loading on frontend for improved performance

This release focuses on enhancing the user interface experience and resolving key usability issues reported by administrators.

To view the complete release notes, visit appmanager.gfi.com.

GFI KerioControl 9.5p2 now available

GFI KerioControl 9.5p2 is now available, delivering critical stability improvements and bug fixes for enhanced network security and performance.

Bug fixes:

• System Stability: Fixed rare system hang that occurred when internet connectivity is unstable and many DNS requests are flooding in from the LAN
• IPS Hardening: Added hotfix to prevent system crashes when IPS threat definition rules are broken
• GFI Agent Optimization: GFI agent is now sandboxed to stop excessive CPU usage on some systems
• DHCP Enhancement: DHCP lease renewal now requests the previous IP before discovering a new one
• 2FA Authentication: Fixed a bug where 2FA was incorrectly enforced on LAN connections
• OpenVPN Fix: Fixed a bug where OpenVPN authentication errors occurred when Reverse Proxy is disabled

This patch release focuses on improving system reliability and addressing key authentication and connectivity issues reported by users.

To view the complete release notes, visit our release notes page.

AppManager agent high CPU utilization issue

We have identified a bug in the GFI AppManager Agent that can cause high CPU utilization on KerioControl systems during frequent internet connection drops.

What's happening:

• Trigger: Unstable internet connections with frequent drops
• Impact: AppManager Agent may consume excessive CPU resources
• Severity: In severe cases, can cause KerioControl to become unresponsive or freeze

Immediate solution:

You can resolve this issue immediately by temporarily disabling the AppManager Agent:

1. Log into your KerioControl web interface
2. Go to Configuration → Remote Services → GFI AppManager AI
3. Turn off the AppManager Agent
4. Click Apply to save your changes

What continues working:

• All firewall protection and security features
• Internet access and network connectivity
• VPN connections
• Content filtering and traffic rules
• Local administration of your KerioControl system

Status: Our engineering team is developing a permanent fix that will be delivered automatically through the AppManager Agent's self-update feature. No manual intervention will be required once the fix is released.

GFI KerioControl AI version update reference guide to v10

This guide maps out GFI KerioControl AI version update pathway to ensure successful update to GFI KerioControl AI v10 regardless of your starting version.

How to use this guide

1. Find your current version in the update paths below
2. Follow the arrows from your version to v10
3. Complete each step in order - do not skip versions

Update paths by starting version

If you're running 9.3.6p1 or earlier:

9.3.6p1 → 9.4.2p2 → 9.4.3p4 → 9.4.5p2 → 9.5p1 → v10

Versions: 9.3.6p1 → 9.4.2p2 → 9.4.3p4 → 9.4.5p2 → 9.5p1 → v10
Kernel: #8 #10 #10 #10 #10 #12

⚠️ Critical: The 9.4.3p4 step is mandatory - it resizes partitions needed for later updates

If you're running 9.4.2p2:

9.4.2p2 → 9.4.3p4 → 9.4.5p2 → 9.5p1 → v10

Kernel: #10 #10 #10 #10 #12

If you're running 9.4.3p4:

9.4.3p4 → 9.4.5p2 → 9.5p1 → v10

Kernel: #10 #10 #10 #12

If you're running 9.4.5 (any patch level):

9.4.5/9.4.5p1/9.4.5p2 → 9.5p1 → v10

Kernel: #10 #10 #12

If you're running 9.5 or 9.5p1:

9.5/9.5p1 → v10

Why these specific versions?

• 9.4.3p4: Performs critical partition resizing required for all future updates
• 9.4.5p2: Most stable intermediate version
• 9.5p1: Fixes stability issues and prepares for v10 kernel update
• v10: Modern Debian Bookworm kernel with improved performance and security

Before you start

✓ Create a complete configuration backup
✓ Document your network settings
✓ Plan maintenance window for multiple updates
✓ Verify hardware compatibility with v10

• Cannot skip versions - each step prepares the system for the next
• Versions before 8.0 require fresh installation

This guide ensures successful updates to GFI KerioControl AI v10 regardless of your starting version.

Known bugs report

Our development team is actively working to resolve the following known issues. Stay tuned for updates!

GFI KerioControl AI

• KerioControl 9.5 and 9.5p1 - autologin users are prevented from browsing
• Connection issue with 3rd party (SMTP host) mail server with specific MTU configuration
• Some websites are loading slowly
• Transparent redirection needed for Websafety proxy

Note: We'll keep you posted as these issues are resolved. Resolved issues will be announced in this newsfeed and in their respective product release notes.

GFI KerioControl 9.5p1 is now available

We're pleased to announce the release of KerioControl 9.5p1, a critical maintenance update focused on stability and security improvements:

• Fixed security vulnerability in the ringfencing agent to enhance system protection
• Resolved performance issues and network instability caused by GFI Agent (AppManager) integration
• Fixed OpenVPN connection failures affecting KerioControl 9.5
• Resolved OpenVPN connectivity problems that occurred after certificate changes
• Fixed IPS engine instability bug that was causing crashes in KerioControl 9.5

This update is strongly recommended for all users running GFI KerioControl 9.5 to ensure optimal system stability and security. For complete release notes, please visit our release notes page.

Introducing the new GFI KerioControl hardware lineup

We're excited to unveil our next-generation GFI KerioControl appliances, featuring enhanced 2.5 Gbps connectivity and significantly improved performance across the entire range. These new models will be available from June through September 2025.

NG 120 desktop appliance

The entry-level NG 120 features 4x 2.5 Gbps RJ45 ports and supports up to 100 devices with 1.1 Gbps firewall performance. Perfect for small to medium businesses requiring reliable network security with modern connectivity standards.

Available: August 2025

NG 320 and NG 520 rackmount appliances

The NG 320 mid-range 1U appliance offers 8x 2.5 Gbps ports for up to 320 devices, while the high-performance NG 520 handles up to 1500 devices with impressive 2.3 Gbps firewall throughput. Both models deliver enterprise-grade reliability in a compact rackmount form factor.

NG 320 Available: September 2025 | NG 520 Available: June 2025

NG 521 maximum connectivity

For environments requiring maximum port density, the NG 521 combines 8x 2.5 Gbps and 8x 1 Gbps RJ45 ports in a single 1U appliance. Supporting up to 1500 devices with 2.3 Gbps performance, it provides ultimate connectivity flexibility for complex network topologies.

Available: June 2025

NG 700 enterprise appliance

The flagship NG 700 enterprise 1U appliance features 8x 2.5 Gbps RJ45 ports, 4x 1 Gbps SFP ports, and 4x 10 Gbps ports. Built for high-demand environments with optional dual PSU support for maximum uptime in mission-critical deployments.

Available: September 2025

Enhanced performance and seamless migration

All new models run on the enhanced GFI KerioControl v10 kernel, delivering up to 50% better IPS performance compared to previous generations. The appliances maintain full compatibility with existing KCL 100/300/500 licenses, ensuring seamless migration without additional licensing costs.

GFI will test KerioControl releases on current NG hardware (110/310/510/511) until June 2027. After this date, software updates continue but compatibility evaluation becomes the user's responsibility. With a valid license, GFI KerioControl on this hardware will continue to operate, and all security updates (IPS, antivirus, etc.) will still be provided.

For detailed specifications, pricing, and availability in your region, contact our authorized distributors at gfi.ai.

GFI KerioControl 9.5 is now available

We're excited to announce the release of GFI KerioControl 9.5 (Build 8755), a feature release that delivers performance enhancements and introduces two powerful new capabilities:

New Shield Matrix threat protection

Shield Matrix is an AI-powered threat intelligence system that provides zero-hour protection against emerging threats. Using a global network of honeypots and traps, it analyzes attack attempts in real-time with updates every 60 minutes and assigns confidence levels to block threats instantly. This premium feature is available as part of the KerioControl Security Add-On.

Shield Matrix Understanding Guide | Configuration Guide

OpenVPN support

KerioControl 9.5 adds OpenVPN as a third VPN protocol alongside Kerio VPN and IPSec. Available through the standard interface section, it offers cross-platform compatibility with simple profile-based setup, making it ideal for mobile workforce and BYOD environments.

OpenVPN Integration Guide

Enhanced performance

The updated Intrusion Prevention System delivers 20-40% better performance with improved stability and resource utilization, plus extensive bug fixes including AppManager connectivity, VPN connections, and RADIUS authentication improvements.

For complete release notes and implementation guides, please visit our release notes page.