Sidenote Regarding Sygate:
After taking it for a quick spin just now i can see they have got over some of the flaws from the past.
I still don't like the interface or the rule building techniques. I also find that the free version is lacking everything that would make it stand out above the other firewalls but the Pro version has some nice features.
I do like the activity prompts displaying packet contents and the full information instead of the normal source and destination only.
I feel however for a normal user this is a little too much information, but Sygate clearly agrees and has it hidden to begin with.
It passed the sustained attack, random attack and leak testing i did so that was impressive. I also like its DLL fingerprinting, very good.
I find that most of the stuff you can check in the advanced options is pretty much covered or coverable without the need for fancy names, i felt it was a little smoke and mirrors to make it look more than it is.
Resource usage was a little more than perhaps i would care to give a firewall after been used to the 1MB - 4MB RAM life of Outpost and Kerio. CPU usage was fine, after a few hours it had used no more than 10secs of CPU Time.
How does it compare to Kerio 4?
Well first off you pay for them both if you want the decent features. So no difference in that respect.
Sygate certainly has more, traditional features and some new ones but as i said above, most of it you can safely cover without the need for fancy names and check boxes.
Kerio's interface is much better than Sygate's, i did not care for its look at all and found getting around slightly more painful than perhaps i can live with after having the all rules on one page with Kerio 2.1.5. However i am all for a split between the packet filter and application rules, just got to make sure you make those menus easy to use and the rules easy to add.
Kerio's rule creation menus (especially those in version2) are also a lot easier to use and the building of advanced rules much simpler than Sygate.
In terms of overall remote security they both do just fine.
In terms of overall local security again i feel Kerio's sandboxing techniques are strong but i like the DLL fingerprinting and the way Sygate handles injection methods to bypass the firewall. It was not fooled (but neither is Kerio 4).
I feel that these kind of things are big issues now for pf's. I also like Sygates ability to stop all traffic when its service fails or is killed, handy to stop trojans and worms that kill known security processes.
So, which to pick? It's too close to call. But pay for the features in either one! I suppose if you stay on the free road Sygate would be the better choice as Kerios System Security module if off after 30days in free mode.