Cisco Catalyst SD-WAN Reviews

We replaced all our legacy routers with Cisco SD-WAN. The number one use case is more to do with network management, better policy integration, and keeping the policies consistent across all our locations. That was one of the major areas where we thought SD-WAN has reduced a lot of burdens so that the engineer can focus on actual issues. 

We were doing a lot of policy-based routing earlier for our hub and spoke topology. With SD-WAN, the hub and spoke, of course, stays. However, manageability, scalability, and ROI are the three major factors with which it has helped a lot. 

We could eliminate most of our expensive MPLS links, move them, do the local internet breakouts, and integrate with the NGFW firewalls. These were an added benefit to us. It was a tectonic shift. Right now, we are not spending as much on resources or engineers to keep the lights on.

The integration, scalability, and ROI that Cisco SD-WAN provided are the main features that helped the organization advance further.

The solution has helped us to lower expenses.

The initial setup is quite straightforward. 

It is very stable. 

We can scale the solution. 

SD-WAN itself is vendor locked in. At one point, Cisco should make it open so that if we have multiple mergers and acquisitions happening, it's easier to consolidate. Right now, if we are running Cisco, and the other organization in an acquisition scenario is deploying some other competitive vendor, the communication, the manageability of running two separate ESD instances, becomes a burden that falls back on us, especially the network administrators. It's better to consolidate and come up with better products, especially targeting AWS as their underlying transport.

Traditionally, what Cisco has done, is they have always considered internet gateways or links and the MPLS links as their transport technology. In some devices, they have also used ELTs. Now, since we have 5G in place, they could look at private 5G ELTs, and they could expand that line, again, particularly in the ESD space since AWS has recently released their own SD instance where they are allowing their customers to backhaul.

With SD-WAN being a very custom solution and a vendor-specific solution,  we would end up having multiple software-defined instances where one is running in Cisco, and one you are running with AWS, and then again tomorrow, another SaaS-based player or a similar player will come up with something else. 

For example, when two organizations merge with each other, there is likely a scenario where organization X is running (for example) Juniper, and the other organization is running Cisco. The administrators would end up having to separate ESD controllers. You do not have a single ESD controller that is open in nature, where you can manage Cisco and Juniper devices. That is a concern. So if the controllers were made open, with compatibility between the vendors, that would be a very good thing for the industry overall.

As a market leader, they are better positioned to go ahead and make that kind of change. If you look at the history of Cisco, before MPLS came into the game, it was Cisco, Juniper, and a few other vendors who came together and created a very good protocol. 

We need them to start focusing on the SD-WAN compatibility with other environments and not being so vendor locked with Cisco environments.

They should get better controllers that can especially talk with AWS and Azure. Right now, I have taken a subscription with AWS Project Gateway. I will have to place a Cisco CSR image if I want to make it a true SD-WAN solution. Instead of using a separate image, if they could make the Cisco's controller open or a transit gateway solution, that would be ideal. 

I've used the solution since 2018. We've used it for around four years. 

We found the solution to be quite stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

We haven't seen major issues. 

The product is pretty scalable. 

In terms of Cisco SD-WAN, we have close to 200, and that's a pretty big number. We have about 12 engineers around the clock using the solution. 

For the SD-WAN portion, we are getting good support. We have no major concerns about the level of attention we get.

Positive

I did do a POC with VMware, and it was not great. We struggled with configurations. I've also done a POC with Aryaka and have used Fortinet and Palo Alto, as well as Viptela. 

The difference between Cisco and other options is that you get a good number of engineers. Second, the amount of time required to troubleshoot the protocol level is lower. I'm using the word protocol on the operating system that gets loaded and comes with the software. They don't even have a proper support line, and the support will not be aware of the production issues. The other competitors are three years away compared to where Cisco is today.

The solution is very straightforward and simple.

We did engage with Cisco during the initial POC and rollout. Later, with adequate materials and training materials, engineers, and resource availability, we never ran into challenges. 

When I speak with my other colleagues in other organizations where they did use Fortinet, they did use other products, they ended up spending a lot of labor hours and only figuring out that near the end after they struggle with configuration.

I'd rate the setup a four out of five in terms of ease of implementation.

From a maintenance perspective, it's not that frequent. Every quarter, the manufacturer releases its own patches and updates, which we are following through its life cycle. That's very normal. 

We handled the implementation ourselves. We did not need to worry about getting help from outside vendors. 

We have seen a positive ROI and a reduction in costs.

The price varies. They have different products, including routers, some of which are now being removed or deprecated. The new platforms with the CSR 8,000 series have competitive pricing, and the kind of features they're providing justifies the cost - especially when you look at the number of features and support that comes with it.

I'd rate the pricing at a four out of five in terms of its competitiveness.

We are a customer of Cisco.

I'd rate the solution seven out of ten. 

The first part that we like is that we can reuse certain hardware, which is a valuable asset. You can use hardware SKUs that already exist in the network.

The second part that we like is the integration with the cloud and the measurement of the cloud's quality. These are the two values that this solution gives as compared to other implementations that we have seen.

Its license model needs to be improved. They always make the license model too complex. There are too many license models and too many options. They should have a flexible license model.

They can improve a lot of things in terms of scalability, templates, and automation, mainly automation for onboarding a number of sites.

If you want some new features, it can take quite a long time. If you want a feature and it is not yet developed, you need to have the support of the business units to have the feature developed. If the feature is not on their roadmap, it can take quite some time before you get the feature.

I have been using this solution for about a year.

Its stability is fine if you stay within certain releases. From the stability point of view of the releases, it is fine.

We don't have deployments that have more than 500 sites. That's our biggest deployment from one customer. I cannot say anything for huge deployments because we do not have a lot of metrics.

Their technical support is good. They know what they are talking about, and you can see that they are experienced in their product.

It is easy to set up for small deployments. If you go for larger deployments, you hit some limitations in the GUI, and it could be more complex. This is because not all features that we assumed to be available are available in the GUI. For example, you know there are some features in the traditional MPLS router, but these features are not available when you run the same hardware on Cisco SD-WAN. 

In small deployments, you don't see such an issue. In larger deployments, such as data center setups, you see some limitations popping up. Some features that we had in traditional routing are not available in Cisco SD-WAN. Bootstrapping is okay, but you are limited to the serial number. A limitation is that you need to link the serial number and the bootstrap process, which depends on the model. If you are used to working with a serial number, it is fine, but if you are not, it can be more difficult.

The license model is too complex with too many flavors and options. You might not be able to see it from an end user's point of view, but from a telco point of view, their license model is too complex. They should have a flexible license model. If you want to have good pricing, you need to buy it for a two-year, four-year, or five-year license immediately. Some other vendors have much more flexible license models.

I would rate Cisco SD-WAN a seven out of ten. 

I am working on different projects and catering to various types of clients in the private sector, specifically for medium-sized businesses.

With Cisco Catalyst SD-WAN, I appreciate the flexibility of its functions and the pricing. It offers various modules that can be changed and integrated with the core and other solutions. It also provides robust security features, including port security, analysis, mirroring, and multiple other security solutions.

The durability of the switches could be improved. In the past, Cisco devices had a longer lifespan. Now, they change frequently, making it difficult to obtain long-term support.

I have used Cisco Catalyst SD-WAN for three or four years.

The first and second level of technical support, which is local in Peru, is average. However, the principal third-level support is very good.

Positive

The initial setup was moderately easy, rating between seven and eight out of ten.

The deployment was carried out by a team of four or five technicians.

The pricing of Cisco Catalyst SD-WAN is rated between eight and nine out of ten, where ten is the most expensive.

I would recommend Cisco Catalyst SD-WAN as it is a good product. It is suitable for medium to enterprise levels. I would give the overall solution a nine.

Cisco SD-WAN is predominantly used for the zero-touch deployment, centralized dashboards, and live monitoring of tunnels and the links. It's also used for software image management. 

This solution is deployed on the cloud. 

One of the most valuable features is that they have multiple SD-WAN options: you have Meraki for simple management solutions, you have Viptela, and you have the option of having any type of WAN interfaces. Presently, you can also have a single combined solution for both WAN as well as for voice, so you can have a voice bundle as well. These are major unique points of this solution. 

This solution could be improved with a simpler implementation process and licensing model. 

As for additional features, maybe from a security perspective, it could have more features built into the SD-WAN itself. Rather than going and integrating Cisco with some other solutions, it could have one single SD-WAN solution with more advanced user security features. 

I have been working with this solution for 15-20 years. 

The stability and performance of Cisco SD-WAN are really good. It's a reliable solution. 

This solution is easy to scale. 

Cisco has multiple options: it has Meraki SD-WAN, which is a simplified version. It can be suitable for any retail or small- to medium-sized customers. For large customers, we have Viptela, which is for customers who need more control on their traffic. This solution is suitable for any type of customer. 

I have contacted technical support, but it wasn't specifically about SD-WAN. Cisco's tech support is wonderful—they have a good support team and they have a Customer Experience team as well, where they completely focus on the customer environment. There are dedicated resources available for large customers, and the Customer Experience team supports customers from the same cycle, as well as implementation, so in that way, it's really good. 

The implementation process is complex because there are multiple touchpoints and initial configurations that we need to do in order to get the setup up and running. For example, opening a lot of firewall ports. Overall, it has multiple components to manage—there are multiple controller components where we need to do the configurations to get it up and part of the architecture. 

Compared to a few other OEM solutions, it's a bit complicated because there are multiple controller elements. For example, vBond: I have to do some specific configuration to it and need to have a public IP for it to be part of the architecture. Then we have vManage and vSmart—three, four components are there which have to be managed, which is why we have to do specific configurations for those. All the control elements can talk to each other, which is why it's a bit time consuming. Even in the cloud, you have to make some changes to your existing setup so that it can be part of the SD-WAN architecture. 

We implement this solution for customers. We are a Global Gold partner of Cisco, so we consult, design, implement, and provide support to customers. 

We're an SSP as well, so we also offer maintenance services. We can provide standard maintenance services of supporting only the hardware, or if a customer asks for full managed services, we can deploy our engineers either on the customer side or remotely. We have a NOC facility, from which we can provide remote support. 

The pricing is fair, and it's on par with the market vendors. But based on the competition, Cisco could work on the pricing, go deep on discounts and provide more commercially viable solutions to customers. 

Some similar SD-WAN products from different vendors are Silver Peak, Steelhead Riverbed, Fortinet, VMware, and VeloCloud. Frankly, I've only been working with Cisco, but Silver Peak seems to be good too—I heard that they're doing well in the market. Otherwise, I know about these products and have seen how they work in webinars and trainings, but I haven't really worked on any products apart from Cisco. 

I rate Cisco SD-WAN a ten out of ten. 

To those considering implementation, my advice would be to understand your current infrastructure better. What exactly is being implemented, currently, and what use cases are you looking at? Having a thorough understanding of the existing infrastructure would really help to decide which option to go with: either the Meraki SD-WAN or Viptela. Have a thorough understanding of how your infrastructure currently is, connectivity, how the architecture is, which applications you use, and which use cases you're looking at. These things are helpful to know before choosing and implementing a Cisco solution. 

Public Cloud

We primarily work with branches of small businesses and enterprise-level organizations.

The solution works well in big environments. It's excellent for large enterprises with a high number of users.

The deployment is quite simple and straightforward.

The solution is stable.

Technical support has always been quite helpful. We are very happy with their level of service.

It's possible to scale the solution.

We've looked into the existing documentation and found it to be okay. It varies, however, they do offer documentation for their products.

Overall, I really like the whole technology.

For the most part, we don't really see any features that are lacking.

The actual configuration could use some work. The solution could add in some more automation elements to help with the process.

The solution needs to be more flexible around legacy devices.

The security should be improved on the solution. They need to make everything more secure.

Scalability could be easier to achieve if a company needs to expand.

The product could improve its pricing. They are very expensive.

I've been using the solution for six years at this point. It's been a while. We've been working with the solution over the last 12 months as well.

The solution is very, very reliable. It's quite stable. There are no bugs or glitches. It doesn't crash or freeze. It's been good overall.

The scalability is okay. We largely deal with medium and large enterprises in Mexico. There are typically government or educational organizations.

We have been very, very happy with Cisco's technical support. They are extremely helpful and responsive. 

The implementation is pretty straightforward. Now it is easy as they've updated the process a bit. We can use icon managers, for example, and engineer basic modes of deployment.

The deployment process takes about three or four months. However, it depends on the number of sites or services. They vary and some types of data are very different.

The maintenance requirements vary. It depends on the project's maintenance. When the implementation is a government or education client our engineers and Cisco engineers work together. There are more business enterprise requirements. Typically you need two or three people, more or less, and it depends on the project.

The pricing is quite high. Cisco is not cheap.

We evaluated the Fortinet solution. We've chosen Cisco over Fortinet as we felt Cisco offered just a bit more in terms of options. It became our solution of choice.

We're a service provider and a Cisco Partner. We use Cisco technology in implementing the services.

I'm not sure or which version of the solution we are using. It's likely the latest, however, I'm not sure of the version number.

The solution is deployed both on-premises and on cloud and with Meraki and with Stellar.

I would recommend the solution.

I'd rate the solution nine out of ten.

On-premises

As a company, we are a Cisco Premier Partner and we work as a system integrator and reseller. As for myself, I currently work simultaneously with Cisco and Fortinet for SD-WAN solutions.

Because we're only an integrator and not an ISP-level company, we haven't engaged with that many SD-WAN projects, and our typical line of work involves using Cisco products in bank solutions, such as for branch connectivity.

From my observations, Cisco has been rolling out new features every other day, so I would say their speed of innovation is one of the most valuable aspects for me.

I would also point to their superior features when it comes to general connectivity, configuration, and reporting.

One of the major areas that Cisco can improve on with their SD-WAN offering is their security features. When compared with Fortinet, who have what they call their 'security pillars' (e.g. firewall and security features built-in to their SD-WAN solutions), Cisco generally comes up short. With Cisco, if you need a security component, you have to pay more to get it done. So if they could add more security features that come part and parcel with their existing solutions, then I think Cisco could be very aggressive in the market.

Essentially, they have to incorporate different security features on top of their SD-WAN box. At the end of the day, I should be able to give one single box to the customer which includes SD-WAN and all the necessary features such as security.

When it comes to IoT edges, they could possibly incorporate their SD-WAN features into the LAN side together with Cisco's DNA networking, just as Aruba is doing with their ESP solution. If Cisco could come up with a similar solution to that, then I think they will have the upper hand in the market compared to their competitors' brands. They have to come to a point where they can better integrate WAN and LAN into one single platform.

Regarding the data center sites, when we're talking about software-defined networking, Cisco has the SD-WAN segment, software-defined access for the LAN segment, and application-centric infrastructure for their data center segment, and they have to combine all three segments into one platform. Just like how the other guys are doing it. Again, if they can accomplish this, then technically they have a fair share in the market.

Otherwise, Cisco could also integrate more features on the cloud side of things, like with SD-WAN in the cloud, or SD-WAN in AWS, some of which I believe they have implemented already.

Beyond that, I can't say too much about what I'd like to see when it comes to new features because almost every day I've seen Cisco add more features to their SD-WAN and SD-LAN portfolios. At the rate they're going, it could be only a few months before they add the security features I've mentioned. So from my perspective, I think they're doing okay.

Finally, in terms of stability, there could be some improvement. In my experience with our current project, there have been some instances where stability has been an issue. But I can't speak for everyone here; other partners who have completed more projects may disagree and this is only my own observations so far.

I have been using Cisco SD-WAN for two to three years. 

I can't say that Cisco SD-WAN is incredibly stable, especially since Cisco has acquired Viptela and they are now busy with trying to improve Viptela's features and tools. So in some situations, it has been my experience that Cisco's SD-WAN is solid but it does succumb to stability issues at times.

So far we have completed only one project with Cisco, while other one is still ongoing. With that experience, I can say some stability improvements are needed, but I don't know about the other partners who have completed ten or more projects, for example.

Scalability-wise, it's good, because when the customer's application load or data traffic increases, I can easily scale out the same product to match the increase.

Technical support is good. When it comes to Cisco's TAC (Technical Assistance Center) and solutions support as a country in the Asian market, they are doing good. 

Alongside Cisco, we also use Fortinet. If we have a firewall or edge/perimeter security or other security measures in place already, we can simply go with Cisco. This is because the interconnectivity, branch connectivity, configuration level, solidness, and other features of Cisco are already adequate and, in some cases, superior. So when it comes to the networking components alone, I prefer Cisco.

But if the customer is asking for networking plus the perimeter level security, then I have to look into products like Fortinet, because with their lower pricing and so on, Fortinet comes out on top. Fortinet is much cheaper than Cisco. And for configuration, Fortinet's interfaces are also very comfortable to use when it comes to complex configurations.

Cisco's pricing is not entirely satisfactory when you compare the SD-WAN solutions in Asian markets — like the South Asian market in Sri Lanka — because there are several competing brands including Fortinet and Citrix, who provide much the same product for a generally lower price. And when it comes to firewall vendors like Palo Alto and SonicWall, they're also selling here. It's the same with VMware, too; they have much the same features.

So when you do a comparative showdown among these giants, you can see that Cisco and their customers could benefit from adjustments in terms of pricing. Fortinet, for one, is much cheaper than Cisco currently.

My overall advice is that if you already have your network security established, then Cisco SD-WAN is a good, solid solution for the rest of the networking components. However, if you require more of an all-in-one SD-WAN solution that incorporates security from the beginning, you might want to look elsewhere.

I would rate Cisco SD-WAN a seven out of ten. 

We have numerous use cases where it can optimize cost savings, particularly in terms of connectivity. By avoiding the need to backhaul traffic through expensive central locations, organizations can achieve significant cost reductions, avoiding unnecessary capital expenditures.

The most valuable features, application awareness, and failover resilience, stand out as key considerations for users.

As the majority of our applications now reside in the cloud, there's a growing need for solutions that revolve around cloud-centric policies. Currently, the convergence between on-premise and cloud policies lacks centralization. The platform that seamlessly facilitates the translation of on-premise policies into cloud-compatible equivalents would enhance efficiency, ensuring that policies are consistent and stable, regardless of the hosting environment, allowing for smoother service delivery. An area for improvement lies in enhancing the integration with the security functions of the SD-WAN.

I have been working with it for a year now.

The stability of the system is quite robust. Initially, there might be some minor challenges, particularly in the first couple of months, regarding certificate issues.

The scalability is highly efficient. When operating on-premises, scaling up involves a comprehensive analysis of the architecture and the provisioning of service resources. The scalability is directly linked to the provisioning of these resources. In terms of licensing, there is a notable benefit as Cisco now offers free licensing.

The technical support experience has been consistently positive. If there are any delays, they are minimal, and the overall efficiency is commendable. Notably, the support structure allows for direct engagement with the assigned support personnel without the need for multiple escalations. Opening a case typically connects me directly with the responsible assistant, avoiding the frustration of having the case passed through various levels. I would rate it eight out of ten.

Positive

Having worked with both Fortinet and Cisco, a notable distinction lies in the user experience. Cisco offers a more sophisticated and customizable experience, particularly evident in meetings. However, Fortinet excels in simplicity, making it a preferred choice for those who prioritize ease of use. In terms of customization, Cisco stands out, providing a more granular approach, while Fortinet is considered more straightforward and suitable for users who prefer a less intricate setup. The choice between them depends on the specific needs and preferences, with Fortinet being a good option for a straightforward approach and Cisco offering more advanced customization possibilities.

The initial setup involves a learning curve that can be steep, especially for local professionals who have direct access to private campuses like OneTrack. However, once you become familiar with the process and navigate through the online procedures, you'll find that it becomes more straightforward and kicks off smoothly.

As a new contractor, the deployment process is expected to take around six months, approximately half of which will be dedicated to virtualization and fine-tuning.

While the initial deployment costs are undoubtedly high, the significant monthly savings are notable, particularly in terms of operational efficiency and online-centric functions. The achievement is at least a thirty percent reduction in overall costs.

The initial cost is quite significant, but the investment is worthwhile.

Overall, I would rate it eight out of ten.

Public Cloud

Amazon Web Services (AWS)

We use this solution for banks in the private sector. They use it to connect their headquarters to multiple branches with the SQL connection. They previously used different technologies, like MPLS, so we offered Cisco SD-WAN and did the project using this technology.

We are a system integrator and Cisco partner and usually sell products to customers. So we have different use cases, not only in Cisco SD-WAN but for other products. So the use case often differs from customer to customer.

The availability of services and combining different connections is most valuable.

Cisco should pay attention to the software as we recently found some bugs. There should also be better integration with other third-party software for the SD-WAN.

There are some features I'd like to see in the next release, and we have them for the Cisco account manager. First, we would like a single sign-on to be supported on the SD-WAN. Integration with third-party applications, like Active Directory, is not available and is also very important. They should also enhance traffic monitoring.

We have been using Cisco SD-WAN for about a year but are not using the latest version. It is deployed on-premises.

It is a stable solution, and I rate the stability a nine out of ten.

I rate the scalability a nine out of ten, and we have approximately 150 users from different departments. We may increase our usage depending on customer and business needs.

The technical support is very responsive and helpful, and I rate them a ten out of ten.

Positive

We've used different technologies from different vendors. Some customers preferred the SD-WAN from Cisco, and some preferred other vendors.

I rate the initial setup an eight out of ten, and it is straightforward. The deployment time depends on the use case and the number of branches and connections. It could take two or even three weeks because you may have the migration from a new to an old system. First, we had to prepare for the deployment, vulnerability design and migration plan. We then had to migrate branches one by one and check the services. The deployment was also completed in-house, and one person can complete it.

Regarding price, it should be better than S3 to be more competitive than other vendors. I rate the price a seven out of ten, with ten as very high and one as low. The licensing is annual.

I rate the solution a nine out of ten and recommend it to others.