Cisco Catalyst SD-WAN Reviews

As a company, we are a Cisco Premier Partner and we work as a system integrator and reseller. As for myself, I currently work simultaneously with Cisco and Fortinet for SD-WAN solutions.

Because we're only an integrator and not an ISP-level company, we haven't engaged with that many SD-WAN projects, and our typical line of work involves using Cisco products in bank solutions, such as for branch connectivity.

From my observations, Cisco has been rolling out new features every other day, so I would say their speed of innovation is one of the most valuable aspects for me.

I would also point to their superior features when it comes to general connectivity, configuration, and reporting.

One of the major areas that Cisco can improve on with their SD-WAN offering is their security features. When compared with Fortinet, who have what they call their 'security pillars' (e.g. firewall and security features built-in to their SD-WAN solutions), Cisco generally comes up short. With Cisco, if you need a security component, you have to pay more to get it done. So if they could add more security features that come part and parcel with their existing solutions, then I think Cisco could be very aggressive in the market.

Essentially, they have to incorporate different security features on top of their SD-WAN box. At the end of the day, I should be able to give one single box to the customer which includes SD-WAN and all the necessary features such as security.

When it comes to IoT edges, they could possibly incorporate their SD-WAN features into the LAN side together with Cisco's DNA networking, just as Aruba is doing with their ESP solution. If Cisco could come up with a similar solution to that, then I think they will have the upper hand in the market compared to their competitors' brands. They have to come to a point where they can better integrate WAN and LAN into one single platform.

Regarding the data center sites, when we're talking about software-defined networking, Cisco has the SD-WAN segment, software-defined access for the LAN segment, and application-centric infrastructure for their data center segment, and they have to combine all three segments into one platform. Just like how the other guys are doing it. Again, if they can accomplish this, then technically they have a fair share in the market.

Otherwise, Cisco could also integrate more features on the cloud side of things, like with SD-WAN in the cloud, or SD-WAN in AWS, some of which I believe they have implemented already.

Beyond that, I can't say too much about what I'd like to see when it comes to new features because almost every day I've seen Cisco add more features to their SD-WAN and SD-LAN portfolios. At the rate they're going, it could be only a few months before they add the security features I've mentioned. So from my perspective, I think they're doing okay.

Finally, in terms of stability, there could be some improvement. In my experience with our current project, there have been some instances where stability has been an issue. But I can't speak for everyone here; other partners who have completed more projects may disagree and this is only my own observations so far.

I have been using Cisco SD-WAN for two to three years. 

I can't say that Cisco SD-WAN is incredibly stable, especially since Cisco has acquired Viptela and they are now busy with trying to improve Viptela's features and tools. So in some situations, it has been my experience that Cisco's SD-WAN is solid but it does succumb to stability issues at times.

So far we have completed only one project with Cisco, while other one is still ongoing. With that experience, I can say some stability improvements are needed, but I don't know about the other partners who have completed ten or more projects, for example.

Scalability-wise, it's good, because when the customer's application load or data traffic increases, I can easily scale out the same product to match the increase.

Technical support is good. When it comes to Cisco's TAC (Technical Assistance Center) and solutions support as a country in the Asian market, they are doing good. 

Alongside Cisco, we also use Fortinet. If we have a firewall or edge/perimeter security or other security measures in place already, we can simply go with Cisco. This is because the interconnectivity, branch connectivity, configuration level, solidness, and other features of Cisco are already adequate and, in some cases, superior. So when it comes to the networking components alone, I prefer Cisco.

But if the customer is asking for networking plus the perimeter level security, then I have to look into products like Fortinet, because with their lower pricing and so on, Fortinet comes out on top. Fortinet is much cheaper than Cisco. And for configuration, Fortinet's interfaces are also very comfortable to use when it comes to complex configurations.

Cisco's pricing is not entirely satisfactory when you compare the SD-WAN solutions in Asian markets — like the South Asian market in Sri Lanka — because there are several competing brands including Fortinet and Citrix, who provide much the same product for a generally lower price. And when it comes to firewall vendors like Palo Alto and SonicWall, they're also selling here. It's the same with VMware, too; they have much the same features.

So when you do a comparative showdown among these giants, you can see that Cisco and their customers could benefit from adjustments in terms of pricing. Fortinet, for one, is much cheaper than Cisco currently.

My overall advice is that if you already have your network security established, then Cisco SD-WAN is a good, solid solution for the rest of the networking components. However, if you require more of an all-in-one SD-WAN solution that incorporates security from the beginning, you might want to look elsewhere.

I would rate Cisco SD-WAN a seven out of ten. 

This technology, in my experience, has a better adoption in companies where the concern for security in platform issues and data privacy is high. The reason for this is the data is protected with encryption systems, and that functionality is audited to meet certain standards.

This is in the context of SaaS because that is where I want to take customers. My option is the cloud with pay-per-use and better cost conditions. Also, companies with large IT departments and a high number of engineers have many reasons to use it.

This solution has allowed us to implement much more flexible payment models than the current ones. As such, we can better plan the budget that is needed for technology.

In addition to this, it has prompted us to see the cloud differently. We now look with more confidence since the orchestration is SaaS, which is why we do not see a compelling reason to avoid introducing more services in this format. We plan to stop investing in physical or virtual infrastructure, reducing our dependencies on data centers where we host services.

When we talk about SDN technologies, we are referring to user experience or customer experience. The complete solution is designed based on the services and the experience that we need our users to have with them.

This product offers the ability to utilize all of the access available in the market. Importantly, it does not affect the quality of the application. The best feature of this technology that is available to us is the ability to do better load-balancing. This is thanks to the deep inspection of the packets and of course, the forwarding of packets based on the application.

I would like to see features related to security compliance, including a view of compliance with standards. With this, I should be able to do an audit of my SD-WAN network.

In addition to having a network with an application-oriented intention, I would like to have a network that is oriented to security standards. I am only referring to the WAN network because with this, we can begin thinking about issues of virtualization. For example, access to SD-LAN where we can bring security policies with the user.

I have been working with Cisco Viptele for three years and more with the first version, Cisco IWAN.

Releases and updates/upgrades for the software in each component are not simple to configure.

The scalability is great when you have a mature template for configurations.

The Cisco Technical Assistance Center (TAC) service should be quicker to provide answers.

Positive

Prior to this, we used Cisco IWAN.

The initial setup is a little complex, especially for those with little experience in SaaS.

We used the Solution Support Partner Program (SSPP) from Cisco.

The ROI for this product in my organization is 18%.

This is not a cheap option but if you move from Capex to Opex, I expect you should have lower costs. I am talking specifically about Managed Services License Agreement (MSLA) model.

Fortinet is a solution that is a good option that is low-cost and much simpler. Meraki is another good choice for some customers.

In summary, this product is very strong when you need complex topologies to match the complexity of your services.

The product helps to aggregate network links. The tool increases security and makes it possible for you to have remote workers. 

The product needs to have more understanding staff in their support team. The tool needs to provide support in every stage of deployment. We did not get the expected support from their team. The product is also not easy to use. 

I have been using the product for two years. 

The product is stable. 

The product's initial setup is difficult and you need Cisco personal to assist you with it. 

The product's license is expensive. 

I would rate the solution a seven out of ten. If you have the money, then you should go for the product. The tool's performance is good. 

Some clients resist switching to new technology and they're also afraid of problems with compatibility and the layout of the NOC. The NOC must change because nowadays new things are happening, but I believe that the beauty of SD-WAN is the vEdge. So for the customers that are afraid of new technologies, we can install the vEdge without spending a lot of money. It's just a virtual machine over there. You can do it on Cisco CSR or even ISR.

So we deploy a new branch or similar branch with this technology and show them. Then they're not afraid of it. It's very easy. Now, vManage is coming. So we have the analytics team, we have all the GUI interfaces so you can create a policy and now deploy it anywhere or you can define it. I believe everything is very easy for the people who want to work with it. 

Technologies are not new. Just the name changes. VPN is the same as VRF, which is the same as Tenant, but the way they're playing with this technology is very different. The method of management is different. I believe that if I show clients what is happening with vManage— the interface, the analytics how you can integrate with them—they will be in love with that. Mostly what I have done is to define and elaborate for them the differences between two solutions, and point out the advantages like visibility and easy management. In the end, but they agree to move to SD-WAN

But I believe that most of the customers are still afraid of SD-WAN because they rely on old solutions. And the old solution was great and working for many years, so they are afraid of the new solution. With vEdge, we have a great way to attract them to make them feel comfortable upgrading everything into the Cisco SD-WAN.

The best feature is SD-WAN's automation capabilities. I believe many customers don't care whether we use VPN, or that use color or mGRE. When you're talking about management of, for example, a DMVPN solution or MDI solution, what is the option? So we have to go to a bug-by-bug report, like for example, NSRP to show these things. With vManage, we can see everything. We have a graph that we can click on and it helps us to remember better. 

Another good feature in the HCI is the integration of a health monitoring system. Other solutions like SDx are all the same. They have an integrated health monitoring system. So if you are deploying a data center, the options aren't really that great. But this integrated health system in HCI in vManage or even SD-WAN in the vManage is helping a lot. And also 

Customizing SD-WAN is very easy because you can define two colors. You can define two different operators. You can deploy a partial mesh, a full mesh, or hub-and-spoke totally differently. If you want to do this on a DMVPN solution, that's really hard. Also, things like Quality of Service in mGRE environment, in my opinion, are very hard because when you are dealing with mGRE, you have one tunnel at the hub and a different tunnel at the spoke. So what if I want to limit the traffic in my hub at the spoke? Because I have one tunnel, all the branches will be affected if I implement a limitation or restriction. So that's why we have advanced technology, like adaptive quality of service. With SD-WAN, the QoS is much easier because it is separate from the VPN.

The very beauty of SD-WAN is the separation of the plane. Right now, there are different planes. Compared to other solutions, the whole thing is totally changed. Rebound and vManage came into play as well as the new protocols like PnP. I started to convert most of the solutions from regular DMVPN into SD-WAN because we have the capability to define our VPN or define our color and customize by making a full or partial image. 

In the next release, Cisco should focus on simplifying the configuration of SD-WAN.  SD-WAN has a lot of room to grow. If you compare vEdge and something like Cisco CSR, you'll see the difference. Because vEdge is natively from Viptela, it is a little more complicated to set up an SD-WAN compared with an ISE device like CSR or ISR, or ISR 4000. You have now two different configuration spaces like iOS, and then some commands and styles are Viptela. So this is the thing that Cisco should work on. 

I've spent a lot of time on it. I started with version 17 when SD-WAN first came out. I continued using the product after Cisco acquired Viptela because I really love Cisco. I followed everything Cisco-related since I was 18 or 19. I got my CCNP in 2003 and my first CCA in 2011. So I spend all my time on Cisco systems. Right now, I have more than 32 certificates. I recently passed the CISSP. I also have more than 20 certificates that have expired, like Cisco Sales Expert, Cisco ASA, VPN, and several old things.

SD-WAN is 100 percent stable. If you use the suggested operating system, all the Cisco solutions are stable. According to the Gartner Magic Quadrant rating, I believe Cisco was No. 1 three years ago. Now it is No. 2 or 3, so I believe that they could improve more.
And many customers have used DMVPN or VPN solutions for many years, so those solutions are also extremely stable.

it is very easy to deploy the whole solution. I have a customer with VoIP and data. For most of the data, the hub and spoke are enough, but for IP telephony or collaboration like chatting or video conference, they need to have a connection between spokes —between branches together — but not for data. With SD-WAN it's very easy. 

I think vEdge is much easier to work with when you compare it to Cisco CSR. Most of the people I know prefer to use ZTP or Zero Touch Provisioning, but it depends on the type of customer. With some customers, ZTP maybe is not the best solution. They should know what's going on. And if you try to configure SD-WAN on a solution like ISR 4000 or CSR, and you compare the same thing on vEdge, you will see that the vEdge is very straightforward. I believe in CSR and ISR 4000. There are some glitches. It's possible that you will get a little bit confused, but you have followed the instruction. You have to do it very carefully. Then you make the connection vManage and everything is done.

I would rate Cisco SD-WAN seven out of 10. 

We have numerous use cases where it can optimize cost savings, particularly in terms of connectivity. By avoiding the need to backhaul traffic through expensive central locations, organizations can achieve significant cost reductions, avoiding unnecessary capital expenditures.

The most valuable features, application awareness, and failover resilience, stand out as key considerations for users.

As the majority of our applications now reside in the cloud, there's a growing need for solutions that revolve around cloud-centric policies. Currently, the convergence between on-premise and cloud policies lacks centralization. The platform that seamlessly facilitates the translation of on-premise policies into cloud-compatible equivalents would enhance efficiency, ensuring that policies are consistent and stable, regardless of the hosting environment, allowing for smoother service delivery. An area for improvement lies in enhancing the integration with the security functions of the SD-WAN.

I have been working with it for a year now.

The stability of the system is quite robust. Initially, there might be some minor challenges, particularly in the first couple of months, regarding certificate issues.

The scalability is highly efficient. When operating on-premises, scaling up involves a comprehensive analysis of the architecture and the provisioning of service resources. The scalability is directly linked to the provisioning of these resources. In terms of licensing, there is a notable benefit as Cisco now offers free licensing.

The technical support experience has been consistently positive. If there are any delays, they are minimal, and the overall efficiency is commendable. Notably, the support structure allows for direct engagement with the assigned support personnel without the need for multiple escalations. Opening a case typically connects me directly with the responsible assistant, avoiding the frustration of having the case passed through various levels. I would rate it eight out of ten.

Positive

Having worked with both Fortinet and Cisco, a notable distinction lies in the user experience. Cisco offers a more sophisticated and customizable experience, particularly evident in meetings. However, Fortinet excels in simplicity, making it a preferred choice for those who prioritize ease of use. In terms of customization, Cisco stands out, providing a more granular approach, while Fortinet is considered more straightforward and suitable for users who prefer a less intricate setup. The choice between them depends on the specific needs and preferences, with Fortinet being a good option for a straightforward approach and Cisco offering more advanced customization possibilities.

The initial setup involves a learning curve that can be steep, especially for local professionals who have direct access to private campuses like OneTrack. However, once you become familiar with the process and navigate through the online procedures, you'll find that it becomes more straightforward and kicks off smoothly.

As a new contractor, the deployment process is expected to take around six months, approximately half of which will be dedicated to virtualization and fine-tuning.

While the initial deployment costs are undoubtedly high, the significant monthly savings are notable, particularly in terms of operational efficiency and online-centric functions. The achievement is at least a thirty percent reduction in overall costs.

The initial cost is quite significant, but the investment is worthwhile.

Overall, I would rate it eight out of ten.

The integration to the LAN could be improved. It should be an end-to-end solution, not only on the WAN side but also on the LAN and wifi, so a full end-to-end solution.

The integration of Layer 3 and application routing is great.

The technical support is a bit slow. Regarding additional features, it would be good to have a fully integrated solution with the Meraki solution, leading to a seamless Cisco solution.

We have been using this solution for about six years. It is deployed on-premises, and we are using our own management.

The stability is good.

I think the scalability fits the customer requirements. The number of staff required for maintenance depends on the complexity of the network and the number of sites. A single part does not cover it, so we have about 20 staff running our network services.

I rate the technical support a seven out of ten. They are good but not very innovative, and the feature requests take too long to implement.

We use different solutions like Viptela, VeloCloud and Versa.

The initial setup was complex, and it was completed in-house.

I am unsure about licensing costs.

I rate this solution an eight out of ten.

We primarily use the solution for connectivity.

The connectivity is great.

The dashboard is excellent.

It's a scalable solution.

The product is stable. 

Technical support is very good. 

The solution is a bit complicated. They could work on simplifying the product. For example, doing configurations could be easier. 

The initial setup is tedious.

It was a bit expensive. They can improve their licensing model.

We'd like to see more monitoring features. 

They can improve in terms of their GUI. 

They can improve in terms of hardware.

I've been using the solution for five years. 

The solution is stable. There are no bugs or glitches. it doesn't crash or freeze. It's reliable.

The product is scalable. 

We have been satisfied with the technical support. They are great. There is always room for improvement, however, they're always resolving the issues

Positive

We also have experience with Meraki. The differences are licensing and pricing, however, the features are pretty much comparable.

The solution is difficult to set up. It's tedious. We'd like it to be easier. You really need to know a lot of stuff before initially trying to configure everything.

I'd rate the process a three out of five in terms of ease of use. 

It took us about two weeks to set up.

It's one of the more expensive solutions out there. I would rate it two out of five in terms of affordability. All you need to pay is the licensing fee. There are no extra costs. 

I'd rate the solution a six out of ten.

We are network providers. SD-WAN is one of the main options we offer to our customers.

Clients primarily use the solution for three main reasons. The first is for cost savings when accessing the internet. The second is access to the cloud. The third is to allow customers a kind of autonomy with management over the network.

Cisco is an industry leader, so customers have a high level of trust with the brand more-so than with some newcomers that might have some more revolutionary solutions, but no name recognition.

The solution appeals to big companies that are keen on selecting a major vendor rather than an emerging one as there's an assumption of reliability.

Cisco's technical solution in itself is very reliable. From a purely technical point of view, this is one of the best options.

Overall, the solution is very advanced in network configuration and offers excellent automated routine features.

The client portal needs to be improved in order to make the solution much better.

The service care area of the solution needs improvement. That is to say, the ability to have a simplified management system is a key success factor. 

If you could have the ability to raise an SD-WAN capability just by activating a kind of license, it would great. We have too much hardware deployment needed right now. 

In the future, if the solution could make it so that there is nothing to deploy beyond a license and some firmware, it would be great.

I've been using the solution for six months.

The solution is stable. This is the reason why we ultimately chose it as a product. Cisco's experience regarding the complex configuration of networks is perhaps the more mature in the market. 

They have made some improvements to the solution, and I think these advancements make it one of the most stable in the industry. It's not great for large configurations, so it may not be as stable in those cases. However, Cisco remains the most stable on the market.

The solution is scalable, however, it may be less so than Cisco Viptela. SortNet also has a portal that is not completely mature, and quite complex. This is why we developed a customer portal, dedicated to our customers, although some portals are still Viptela or SortNet. This custom portal has the ability to simplify the considerations of SD-WAN features for all of our sign-in customers.

We have approximately nine or ten big customers that are still in the proof of concept phase. Of those, three or four are large scale projects. Those have hundreds or even thousands of users on the network.

I haven't been in touch with technical support. I personally have a strong relationship with pre-sales people, but not technical support itself.

I've worked with a variety of other solutions in the past. They have their own approaches to the industry.

Sophos, for example, approaches their solution from a security perspective. The main premise of the product is its ability to secure the network itself. Others have close relationships with VMware solutions that provide for an easy way to bind the applicable network with the network walls.

In the near future, most will need to provide for UCTE, which will become a must-have for any solution.

Fortinet does not have a UCTE itself, but it has a low segment and basic equipment that is really interesting because it is so cheap. Plus, it's not so difficult to add it in to complete another appliance. This is one thing that we sometimes use to expand security requirements while still being able to have specific SD-WAN equipment.

For Cisco or any other solution, SD-WAN's initial setup is complex. The vendor needs to explain and define the customers clearly. It's not as simple as it sounds. It's better for large clients to do a modest deployment rather than a large one as it's not so easy to deploy. This will be clear after running through a POC.

It's much better for a company to do the deployment with the help of a consultant or integrator, as they understand the solution quite extensively. I'd recommend if a company is seeking out an integrator, that they choose a portal DNA integrator.

Typically, we work to offer our customer autonomy, however, we do offer maintenance packages. Typically, we'll sell co-management packages to clients whereby they choose the priority of the application on the network and we will manage all of what is programmed on the customer's behalf.

The solution works very well for mid-size and enterprise-level organizations.

I would advise others considering implementing the solution to set aside time to strategize and create a proof of concept before diving right in. This will help a company reveal where the solution is relevant and where it is not.

Then, it's important to look at the cost and layout of all of the finances so that the board will have all of the information in front of them. It will help them decide if it makes sense to pursue implementation. The finances and P&Ls must be clear for them. 

Finally, it's important to find a good consultant to assist in the entire process. 

I'd rate the solution eight out of ten.