Prisma Access by Palo Alto Networks Reviews

We have about 2,000 users, and everybody started working from home when COVID hit, so they needed to use Prisma Access to do their work securely. They told us that this was the best thing we'd ever used. Employees said Prisma was a lot better than Juniper and the previous mode access solution we had. 

We implemented it so that it's always on. A user doesn't need to do anything. It connects. Whether you're home or at the office, it cranks up, and you don't have to do anything.

The always-on feature is fantastic for the users. They don't have to think about it. When they go to a coffee shop to do work, there's no need to remember to toggle the VPN on. We'll protect them. URL filtering is the same at home as it is in the office. We can apply policies for URLs wherever our employees work. We see all their traffic and log everything they do as if they were in the office. 

When COVID hit, we suddenly had 2,000 users that all needed to use a VPN solution. We had to abandon our previous VPN solution because Pulse couldn't accommodate such a large volume of users at one time. We stood up this cloud environment and switched everybody over to the Palo Alto Prisma Access, GlobalConnect, and GlobalProtect.

The user experience was so much better. Our executives were impressed. We got many compliments. Our senior team tends to worry about security, but they didn't need to fret over our VPN. 

It's a full firewall, so I can apply firewall policies just as well for web-based apps as I can for offline apps. I definitely think that reduces the risk because I can write any policy I want.

Palo Alto has several other advanced threat protection features. In addition to the normal application and threat protection, it has DNS security, IPS, IDS, etc. I run their traffic through all of the impressions. It's not just URL filtering and decryption. Prisma Access offers a full firewall feature, and I take advantage of it.

Prisma Access is a Palo Alto firewall in the Cloud that works just like an on-prem firewall. I can manage it from the same platform I use to manage all my other firewalls. I write a policy in one place, and it goes into effect everywhere. It's extremely simple.

The security updates are definitely in there as well. I set it up to dynamically download and store the updates as soon as they're available. When Palo comes out with an extremely hot threat, I'm automatically blocking and protecting against it—not just on our internal corporate network, but for all remote VPN users.

That is an extremely important feature to have. You pay for those subscriptions, so why would you not take advantage of the people writing protections for you? Why aren't you installing them automatically? 

I actually worked for a company that did not automatically install things. They thought we might break something. All the places where I had worked in the past automatically installed updates, and we never broke anything. It just worked. Palo Alto is really good about doing it right and protecting the customer.

Palo Alto Prisma 10 came out over a year ago. Palo Alto added this identity management feature. The legacy way Palo Alto selected which user is sitting on an IP address it passes through has been clunky.

Prisma Access still cannot use that feature, and it's been out for a year. Until they upgrade the Prisma Access backbone to 10.1, that integration will not be there. It's a powerful feature, and it's much more than collecting user IDs. Hopefully, they will add it this month.

I have been using Palo Alto firewalls for about 10 years now.

In the past two years, we've had no issues with the reliability of their cloud environment.

It scales up to thousands of users with no problem. We plan to go from 2,000 to 20,000 users. I don't need to do anything to scale up except buy more licenses. 

I rate Palo Alto support a nine out of ten. The presales and support teams are fantastic. They have a technologically proficient person to help you through issues. They can bring someone else in if they don't. We changed support groups. Initially, we were a mid-tier group, but they switched us to the large enterprise team.

Positive

We used a Pulse VPN solution, and I also worked with Cisco AnyConnect in the past. In fact, that's probably what we're going to kick out the door in favor of GlobalProtect.

Pulse VPN used on-prem boxes. Our devices had reached the end of their usable lives, and I couldn't support them. It was going to cost a lot to buy new boxes. For that same amount of money, I could move everything to a virtual cloud environment. I don't need to maintain the hardware anymore. Instead of one box here in the United States, one in Europe, and one in China, I have 100 boxes worldwide.

Setting up Prisma Access is somewhat complex. You must configure many little pieces ahead of time to build the entire portal and LAN. It's slightly painful to ensure everything is working correctly. Do you wrap the comprehensive policy around everything you're trying to do? Configuration is not straightforward.

The solution doesn't need care and feeding once it's set up. It is just like another firewall. Adding rules isn't any different from setting restrictions on a local on-prem firewall.

I set up Prisma Access by myself with the help of Palo Alto's tech support and presales staff.

Prisma Access is worth what we pay for it, but it's hard to quantify. All of our senior staff would say it's worth the cost because it gives us peace of mind. They don't need to worry about security while they're on the road. We can protect all our remote users as well as our in-office users.

Palo Alto is the Cadillac solution, so their products are pretty expensive. That's just the way it is. Their solution surpasses anything else. Cisco AnyConnect, Zscaler, and all of the other products don't compare. Palo Alto is the market leader with the most features. It saves you work, and you don't have to worry about it.

The only license is GlobalProtect. That's the only part that you need to buy. The other features are all included. 

I was already set on Palo Alto. We were doing a PoC with Palo Alto when COVID hit, and the codes did it for me. We had to get something stood up. Our hands were tied with Pulse because we couldn't support 2,000 users rushing in the door. The box would just tip over to that.

I rate Prisma Access a nine out of ten. There are definitely things they need to fix. Most people are familiar with VPN technologies. You ensure that it's connected and running the antivirus, etc. All those vendors do pretty much the same thing in that regard.

You can force Cisco into always-on mode as well. It's just different. Palo Alto is integrated into one Palo Alto management platform. There's no need to switch between various consoles to manage remote access. Everything logs to the same place as well. It's a single pane of glass for my corporate and my remote user logs.

We use the solution for client-based VPN remote access.

The solution's most valuable features were the model's reduced complexity on the client side and its capability to provide security.

The tools' scalability is subject to some limitations when done on-premise due to the need for additional licenses. However, in other scenarios, increasing scalability involves expanding infrastructure to accommodate more third-party VPN access. It is scalable as long as you pay the money. Also, it needs to improve security. 

I have been using the product for seven years.

I rate the tool's stability an eight out of ten. 

Prisma Access by Palo Alto Networks' deployment was straightforward. It was a big project and we were required to migrate the whole infrastructure. It took around six months to complete. It was a network migration project where we transitioned to the solution. The migration involved changing our network supplier from one provider to another. The IT team handled the technical aspects of the project. 

We prepared the infrastructure, including the servers and firewalls. We focused on the repair of the firewalls, ensuring connectivity, and replacing the main infrastructure. After these preparations, we proceeded to deploy the clients, conducting a pilot for the clients as part of the overall process.

The product is worth the money.

The solution is expensive. 

I rate the overall product an eight out of ten. It reduces the attacks by providing an additional layer of security that inspects all traffic going to the internet. In terms of handling traffic spikes or network demands, the product performs well, but occasional tuning and adjustments may be required, such as changing the connection node. 

It enhances security protection beyond endpoint and computer security, which is effective when accessing the internet, and it also ensures secure VPN access to your company.

We use this solution for container security. We use it in an environment with 200 developers.

We use its latest version and the version prior to the latest one.

It helps with container security. Month by month, developer accounts in the company are increasing. Prisma Access supported and helped us very effectively in securing their workstations and working environment.

Prisma Access is good for securing access and privileges. Our developers have a security background, and they have knowledge of cybersecurity. It gives us assurance that they would not be able to do anything as an insider cyber attacker. They would not be able to use their environment to jump to other servers because such functions are prevented by this solution.

Prisma Access can protect all app traffic, but we classify the apps inside the company and choose the critical and the medium-risk level apps. This protection is important security-wise. On the IT side, it is important. It is also important on the business side, but they are only concerned about the price. We tried to connect with Palo Alto to get a discount on the first and second years to make the company get the maximum benefit and see the benefit of this solution. After that, they can remove the discounts, and it will be the decision of the company whether to continue with this solution or not.

Prisma Access secures not just web-based apps but non-web apps as well. However, about 70% of our applications are web-based applications. If they do not get the discounts, we will only use them for critical web-based applications. Based on my experience, Prisma Access is good not only for web-based but also for non-web applications. It is effective.

Prisma Access provides traffic analysis. We are also using Cortex XDR. It is Palo Alto's XDR solution that also supports us for traffic analysis. By using both of them in one environment, we have an end-to-end, more holistic, and zero-trust approach.

Prisma Access provides millions of security updates per day. We are also from the cybersecurity side, so we understand that it is a new product. It has only been around for two or three years. In every new product, such updates are welcomed, but we hope that in the next few years, there will be fewer such updates and more targeted updates.

Prisma Access enables us to deliver better applications on the security side but not the business and IT side. We are now more confident that our applications are secure.

Its front end is user-friendly. It is easy to use for us. We are familiar with other Palo Alto products. Its interface is similar to other products of Palo Alto, so it is familiar and easy to use for us.

My experience with Prisma Access has been perfect. It is good considering the fact that our networks are mainly based on Palo Alto products. We are using Palo Alto's next-generation firewalls and Cortex XDR, so it is good to have Prisma Access in the infrastructure to get a fast network environment.

Its integration with non-Palo Alto products can be improved. Currently, it is easy to integrate it with other Palo Alto products such as Cortex XDR. It integrates well with other Palo Alto products. A major part of our network is based on Palo Alto products, but for those companies that use multi-vendor products in their infrastructure, Palo Alto should optimize the integration of Prisma Access with the network devices from other vendors.

They should also increase their support team. There is scope to optimize their support.

We have been using this solution for about eight months.

Stability depends on the company that has developed a solution. As a vendor, we see Palo Alto as a stable company. Their stock value has increased year by year. Based on our communication with the headquarters of Palo Alto, we see that they are investing more and more in their cybersecurity solutions in terms of financials, features, and talent. Therefore, it is one of the stable solutions.

It is scalable for now. It has only been eight months since we have applied this solution in our environment.

On the client side, there are about 200 users. Overall, there are 500 users on the client side and our side. Most of them are developers and network security and IT security people. In our SOC center, they are monitoring this solution too.

It is being used on a daily basis. We have integrated this solution with the SIEM solution, and when an incident or a request comes, we focus on this. On a daily basis, we have some alerts and incidents coming.

Their technical support is good, but in some cases, when we asked them some questions, they took several days or hours to discuss that internally and come up with the answers from their side. However, it is acceptable because we know that it is a new product.

We did not have any solution for providing a secure environment on the developer's side. It is our first year, and it has been surprising and effective for us. 

The deployment of the key features of the product took about three months, but that was because of the delays from our side and the client's side. 

It was a standard deployment. We took sample applications and tested it on them as a PoC. We became familiar with the security function of the product, and we realized its benefits. We then applied it part by part to other web applications and non-web applications.

It is deployed on the cloud. We use Google and other clouds.

For the initial setup, we got support from the Palo Alto support team, so it was good. We are satisfied with them.

In our cyber team, we have around 40 experts. As a project team, they also engage. We use their support too.

For its deployment and maintenance, we have about 12 people who are actively engaged, but overall, there are 30 people engaged with this project.

In terms of pricing, considering that it is a two or three years old solution, they should apply big discounts for the next two or three years. This approach will be better for them to capture the market.

There are no additional costs. After purchasing and acquiring this solution, we also got support. 

We evaluated Cato Networks, Check Point, and Prisma Access. We went for Prisma Access because of its features and its integration with other cybersecurity solutions. Its integration is easy, and it takes less time to integrate it with other cybersecurity solutions. 

There are also open-source applications. They are also good, but they need more tuning and more time to get to the level of solutions like Prisma Access. A benefit of these open-source solutions is that you can tune them according to your environment. They are also free, so there is a cost-benefit.

It is one of the top solutions in the market. I hope that they will continue to tune and optimize their product based on the feedback that they get from the users. This way, it will keep its place among the top ten solutions in the global market.

Overall, I would rate Prisma Access an eight out of ten. It is good, but they should improve their support and its integration with non-Palo Alto solutions.

During the COVID times, the firewalls that were the on-prem gateways couldn't handle SSL decryption and VPNs. After everyone started working from home, the company faced the issue of not having enough firewalls for gateway and SSL decryption services. That's why we started using Prisma Access.

I used version 2.2 while working last with it two or three months ago. In terms of deployment, it was a Prisma Access hybrid solution with Panorama where we had firewalls and Prisma Access. It was not cloud-native Prisma Access with only cloud-based aspects.

We started using Prisma Access after everyone started working from home during COVID. Its auto-scaling feature was helpful for our organization. Prisma Access could scale depending on how many users were working from home. When we had additional users, unlike on-prem firewalls, we didn't have to worry about CPU and other things. It was also cheaper than on-prem firewalls because to handle a large number of users working from home, in the case of on-prem firewalls, we would've had to buy big firewalls. 

With Prisma Access, there is auto-scaling. When there are fewer mobile users, there are fewer Prisma Access gateways, and when there are more mobile users, more mobile gateways are created automatically. For example, if you have a company with 10,000 people, you should be able to handle the VPN traffic of 10,000 people and SSL decryption of that traffic. So, you need to buy a big on-prem solution. After COVID, even when people start working from the office, you would need the biggest firewall to be prepared for the future. 

Nowadays, most companies have started allowing employees to work from home. Most people don't want to return to the office. In many companies, many people are still working from home. Even in such a scenario, companies are expected to have a solution that provides flexibility for the workforce to work from home. 

We were able to use Prisma Access as a VPN solution. We used it as a proxy, and all the traffic was going through it. We wanted the same capability as an on-prem VPN. It was nice to be able to VPN all the traffic that we wanted. We were able to secure what we wanted to secure.

Prisma Access has the same capabilities as an on-prem Palo Alto Firewall in terms of signatures and application IDs. You could do everything with Prisma Access to secure web apps and non-web apps. It is a cloud-native firewall. It seems they use containers in the background but with the same Palo Alto software that is on the firewalls.

It provides traffic analysis, threat prevention, URL filtering, and segmentation.

It supports auto-scaling for mobile users. It auto-scales depending on the mobile user traffic. For example, if 1,000 people are working from home today, and tomorrow, the number increases to 2,000, it is not going to be an issue. Prisma Access is automatically going to scale based on the users. This is really important because with on-prem firewalls, if you enable SSL decryption and VPN and many people join, logging becomes a big issue.

Prisma Access updates its signatures in the background, which is important because when you have on-prem firewalls, sometimes, the users forget to update signatures. With Prisma Access, this is not the issue because it automatically updates signatures.

Prisma Access provides the ability to make custom signatures, which is really important because if you want to block something, you can do it yourself. You don't have to call the vendor and ask for a custom signature to be made. When we compared it with Zscaler, Zscaler is not a bad solution, but it is quite simple. You can't add custom signatures for applications. With Palo Alto, irrespective of whether it is an on-prem firewall or Prisma Access, you can make many customizations, such as custom signatures. For example, you might want to write custom signatures for the Log4J attack. This is something you can't do with Zscaler.

It can be improved if some customers want to use Prisma Access only for web traffic. Currently, it is a bit limited. Zscaler works better for web traffic. Zscaler's agent application on your computer can configure the proxy settings automatically, whereas Palo Alto's GlobalProtect agent is only a VPN solution. You can't use it also as a secure gateway agent to force the computer to have the settings to send the data to Prisma Access. They suggest using other techniques to force the computer to use Prisma Access for a secure web gateway solution. So, Zscaler is more like a secure web gateway, and Prisma Access is more like a full VPN solution. I see the limitations of both vendors. Palo Alto needs to improve the GlobalProtect agent to work as a secure web gateway agent, not only as a VPN agent because some companies would want only a secure gateway. They wouldn't want a full VPN. So, Palo Alto has to make the VPN agent work as a secure web gateway agent for those customers who want only the secure web gateway solution. Other vendors' agents, including ForcePoint which I don't like at all, can do that. 

One feature that I find missing in Prisma Access, as well as Palo Alto firewalls, is that they can't insert the 644 header. I want to be able to see the IP address of the users basically. My understanding is that almost no firewall can do this. It is not only Palo Alto, but it would be good to have this feature. The only vendor that I know can insert it is FortiGate, but with them, many other things don't work.

I have been using this solution for almost three years. I have worked with this solution in two companies. One of the companies was a partner with Palo Alto for their Next-Generation firewall and Prisma Access solutions. I also used it for a few months in another organization. I am now in another company, and I'm not using Prisma Access in this company.

It has good stability because it is a Palo Alto firewall. Palo Alto has made firewalls for many years now. It is based on the same software. So, if Palo Alto firewalls are stable, Prisma Access is stable. It is not something so new as everyone is talking about. It is based on the Palo Alto firewalls which are the leader in the market. 

They had some issues before, but at that time, Prisma Access was only using Google Cloud. They had some latency issues, but now, Prisma Access is also using AWS. They can use Google Cloud or AWS in the background to provision your environment. The latency issues are now gone because AWS has better coverage than Google Cloud. Palo Alto understood that Google Cloud is not enough. So, they used AWS and Google Cloud as the providers for the Prisma Access solution.

It is a cloud solution. It auto-scales. It is using AWS and Google Cloud. They have a lot of coverage. It can be used anywhere AWS and Google Cloud have PoPs.

We had 1,000 to 2,000 people using it on a daily basis. 

When you are working from your home, you can go to Prisma Access or on-prem gateways depending on the configuration. Prisma Access can work together with Palo Alto on-prem gateways. For example, if there's an on-prem firewall in Germany, German users do not have to go to Prisma Access. They can go to the German VPN Palo Alto Gateway, but if you have users in other countries where there are no firewalls, they will go to Prisma Access. So, you have this capability.

Their support is at a medium level. If you pay for premium support, they provide good support. Their normal support is not very good, but that's not only for Prisma Access, that is how Palo Alto works. 

I'm working a lot with F5's BIG-IP. They have one of the best support teams. Even if you don't have payment support, their support is quite good. It is better than Palo Alto's normal support. In general, most vendors have issues with support. The worst vendor that I have worked with is Forcepoint. Their support is extremely bad even for paying users.

Neutral

We have different technologies. We still have web application firewalls that we use in the company. Palo Alto Prisma Access is basically for coordinated firewalls, where you have your firewalls in the cloud. Everything you can do with on-prem firewalls can be done with Prisma Access, but this isn't the only solution you need. You would still need web application firewalls along with Prisma Access. The use case of Prisma Access is to secure your corporate employees. Its use case is not to secure your servers from inbound internet traffic. It is like a secure web gateway proxy to secure your corporate users.

It is easy, and I can't complain. It is a straightforward process. It takes about one hour. It is not so complex. It is a cloud solution. So, you just specify how many gateways you want, and with a few clicks, it gets deployed.

You don't need prior knowledge of the setup, but you should be a good network engineer and have the basic knowledge. It can't be done by someone who doesn't understand security networking. You need to have a good understanding of how much bandwidth you need because Prisma Access is taxed on bandwidth. So, you have to know how much bandwidth you need. You have to do static analysis before deploying Prisma Access to know how much bandwidth your users are using on average and how big the connection is going to be. You can increase the bandwidth later, but it is better to provision from the start based on the bandwidth requirements. The bandwidth analysis takes more time than the provisioning itself.

Palo Alto helped us with the initial deployment. In terms of maintenance, being a cloud solution, it requires next to no maintenance. If your company becomes bigger, you may have to push out more bandwidth from Prisma Access.

It is a little expensive. Because it is one of the best in the market, it is a little bit more expensive than other vendors. 

It is a little bit more expensive than Zscaler, but for a big company, this difference is not so big. Forcepoint has the cheapest support and the cheapest price. Forcepoint has a Cloud Security Gateway solution, but we ran away from them. If you want to go for the cheapest solution, go for Forcepoint and then complain as much as you want.

When comparing Prisma Access with Zscaler, you can't do much customization with Zscaler. That's why we selected Prisma Access. I like Prisma Access more than Zscaler because Zscaler doesn't have many capabilities. It doesn't let you do much customization, and you just have to depend on what the provider gives you as signatures.

For me, Zscaler is more for web traffic. Zscaler is comparable to Prisma Access when it comes to web filtering, like a secure web gateway proxy. If you want to filter out all your traffic, not only the web traffic, then you should definitely go for Prisma Access. Zscaler can be used as a firewall. They say it is similar to Prisma Access to filter out applications, not only web applications, but with Zscaler, you can't make custom signatures. They don't give you a lot of customization. You just enable the features and hope that they're enough. You can't do customizations that most big companies want. So, as a web filtering solution, it is comparable to Prisma Access, but if you want to filter out all the traffic and not only web traffic, then it is not so comparable to Prisma Access.

Zscaler also doesn't have application-level capabilities. Zscaler can't work with SIP traffic where you have to dynamically open FTP ports. For that, the solution should listen to the control plane traffic to know which port to open. Zscaler doesn't support that. So, it is quite limited for anything other than web traffic. However, Prisma Access is more limited when you use it as a secure web gateway solution.

Forcepoint also has a Cloud Security Gateway solution, but we ran away from them. Their cloud solution sometimes couldn't decrypt the web traffic. They had a bug when you want to decrypt one site from a category. For example, you want to decrypt Facebook, but you don't want to decrypt the social media category. In the Forcepoint GUI, you can specify that. In the GUI, it works, but in reality, it doesn't. There is a bug where the site will be decrypted or not decrypted only depending on the main category. You can't in reality change a site's decryption settings. Forcepoint didn't tell us they have this bug. They took two months to admit that and even got angry with me.

It is basically a Palo Alto firewall in the cloud. So, you can make custom applications and custom threat signatures. In terms of debugging, it is not as good as on-prem firewalls. With on-prem firewalls, you can do a lot more debugging, but you don't get a coordinated solution.

It is easy to use if you have experience with on-prem Palo Alto firewalls. Most customers who have Palo Alto on-prem firewalls have Panorama. Prisma Access integrates with Panorama just like on-prem firewalls. So, for customers who already have Palo Alto experience, it is quite easy. Palo Alto has another product for new customers, which is the Cloud Native Prisma Access, where you don't have on-prem firewalls. I have seen some videos about its web interface, and it seems very simple even for new customers. They can use Prisma Access without on-prem firewalls. They can use the cloud console, not Panorama. It seems even easier. So, newer customers would probably go with that technology and SD-WAN-based deployment, where almost all security is going to be in Prisma Access.

Prisma Access has two zones: an internal test zone and an external zone, which is basically the internet. It allows you to use segmentation. For example, if you're a customer of Prisma Access and you have many departments, you can create different tenants. So, different departments have different Prisma Access instances, but because we were a single company, we didn't use the tenant function. However, it provides the ability to split your organization's tenants so that different tenants get different policies. 

Prisma Access’ Autonomous Digital Experience Management (ADEM) is a good feature that you can't have with on-prem firewalls. I have not been using Prisma Access for a couple of months, but I'm still watching the Palo Alto channels. I saw that, with ADEM, they have an agent application that could be installed on the end-user devices. It provides visibility and helps identify any connectivity issues to an application over the VPN. The user gets to know if the issue is with Prisma Access or their ISP so that they don't call the IT department for simple things. For example, if you have a packet loss with Salesforce, you would know where the issue is happening. Is it with the Salesforce cloud application? Is it in Prisma Access between you and the Salesforce application? Is it with your internet service provider? That's the idea of Prisma Access ADEM.

Overall, I would rate it an eight out of ten. 

We propose solutions to customers. They face challenges in their existing setups like long troubleshooting durations, fault tolerances, security concerns, and management concerns. They had traditional setups, like Cisco routers, in their locations.

It took a long time to troubleshoot and resolve issues. The cost was a factor because they were using MPLS connections. MPLS is costly compared to the internet leased lines. Considering all these factors, we decided to go with Prisma's cloud solution.

It's a hybrid solution. We have a few sites on cloud and a few branch locations where the solution is deployed on-premises. The cloud provider is Azure.

We have more than 2,000 branches around the world. The solution is deployed across Europe and Asia. Between 7,000 and 9,000 ION boxes have been deployed. 

Before using this solution, the prime complaints were about voice applications, like RingCentral and GoTo. We reported these issues to the Palo Alto TAC teams, and they came up with more stable versions. Whatever we discuss with the Palo Alto engineering team, they come up with the solution very quickly. We had updates on a regular basis, and the client is very happy now because we have solved 95% of those problems. Everything is stable from a security point of view. 

Prisma SaaS helps us identify cloud applications that we were unaware of employees using. The solution helps us identify a lot of cloud apps, but we identified four to five applications that were the most useful.

The solution protects what our clients want it to protect. They haven't reported any threats or data attackers in their systems. We haven't received any complaints from clients about data security.

The time to value is quicker with Prisma SaaS.

This GUI is a good feature. The stacked policies, event policies, and routing policies are easy to understand for someone with general knowledge.

Securing new SaaS applications is really easy. There weren't any security risks. Prisma also has great reporting and alarming functions.

The data security is good. We don't have any complaints from clients. They're very satisfied with the solution.

It's very easy to write down the policies based on Cloud App-ID. The app detection and analytics are great features.

The Cloud App-ID technology has helped us identify and control shadow IT apps. It's a very important and exclusive feature that's available with Palo Alto.

The solution helps us keep pace with SaaS growth in the organization. It's very important to us. Prisma SaaS is integrated and easy to deploy.

The frequency of updates could be reduced. The updates are necessary, but they occur too frequently. The updates require devices to be rebooted, so there's downtime in the production environment. It's difficult to ask for downtime in a critical production environment every time there is an update.

The software versions should be stable for longer durations. For example, six months or a year.

I used this solution in a technical support role for about seven months.

It's stable. About three months ago, we had some issues with stability, but it's been stable since then. The throughput is very high. At the data center location, it's performing really well.

The scalability is one of the best features. It's an elastic solution. We can stretch whatever we need to for our requirements.

I would rate this solution as eight out of ten.

We previously used a different solution. The main reason why we switched to Prisma SaaS was because of its scalability.

Setup was very easy. It's just plug and play. Deployment took between two and three hours. There wasn't a lot of physical technical intervention.

To deploy Prisma SaaS, we had to turn it on in our Palo Alto Prisma Axis.

Deploying Prisma takes a tenth of the time that it takes to deploy traditional CASB solutions in the market.

The complexity of the solution depends on how it's designed. Anyone who has a basic knowledge of networking can understand Prisma and administer it. It was quite difficult to manage, and it has a lot of components involved. Their onboarding process took a long time.

It has drastically reduced the total cost of ownership. Our costs have been reduced by 40%.

I would rate this solution as eight out of ten. 

My advice for those who are looking for a SaaS solution is to use Prisma. It's one of the best solutions in the industry at the moment. It's simpler and really easy to deploy. Palo Alto has its own support team. It's a very trustworthy solution.

To a colleague or another company who says, "We don't want to use Palo Alto Next Generation Firewall or Prisma Access as an enforcement solution, we just want a CASB product to secure our cloud adoption," I would say you're losing the best features of this product.

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

I use Prisma Access by Palo Alto Networks in our company for remote access, especially to help new users connect to corporate resources from over a distance, in other countries, or while they are not in the office.

I have seen some benefits from using the solution in our company since it offers mobility. My company has users around the world who connect to the resources remotely without any issues because of Prisma Access by Palo Alto Networks.

The most valuable features of the solution stem from the fact that it offers stability and scalability while being a very secure product.

Certain complications are related to the VPN part of the product, which can lead to a very deep and technical discussion. From an improvement perspective, I want the product to be integrated with SASE products.

Palo Alto Networks GlobalProtect or VPN in general with a cloud-based service would be a great improvement.

The product should be made more capable of offering more integration with the recent technologies introduced in the market. The product's integration capabilities with the already existing products in the market are good.

The product's current price is an area of shortcoming where improvements are required.

I have been using Prisma Access by Palo Alto Networks for four years. As it is a security product, our company keeps it updated to the latest version.

It is a 100 percent stable solution. Stability-wise, I rate the solution a ten out of ten.

It is a very scalable solution.

Around 800 people in my organization use Prisma Access by Palo Alto Networks. The solution can be scaled up to fit around 3,000 users at a time.

Prisma Access by Palo Alto Networks is used extensively twenty-four hours a day and seven days a week in my organization since we operate in different time zones.

The support offered by Palo Alto Networks is amazing. Whenever my company opens a ticket with the support team of Palo Alto Networks, we get amazing support. The support team of Palo Alto Networks is fast, customer-friendly, and knowledgeable.

I have experience with Cisco and Fortinet. I have experience with Cisco AnyConnect Secure Mobility Client. The last time we used Cisco AnyConnect Secure Mobility Client in our company was three years ago, after which it was phased out from the set of standard solutions we use. Based on my experience with Fortinet and FortiClient, I can say that the support is not at the same level as the one offered by Palo Alto Networks. Fortinet's technical support team is not as strong as the technical team of Palo Alto Networks. Only the prices of Fortinet and FortiClient were good compared to Palo Alto Networks.

The product's initial setup phase was very straightforward.

The deployment process involves identifying the user profiling and figuring out what exactly its users need, meaning there are some prerequisites involved in the deployment's preparation phase, and it is the most important process critical for the product's success.

The solution is deployed on an on-premises model.

The solution can be deployed in two days.

The deployment can be carried out with the help of our company's in-house team.

Prisma Access by Palo Alto Networks is an expensive solution, especially when compared to other solutions like Cisco. There are no additional charges apart from the standard licensing costs attached to the solution.

Those who plan to use the solution should ensure very good user profiling is carried out, after which they should link the product with the corporate security policy. Prisma Access by Palo Alto Networks is a very flexible solution, and you need to know exactly what you want out of the solution, which should align with the policies in your company as it is an area that differs from one corporate entity to another.

Considering the cost of the solution, I rate the overall tool a nine out of ten.

I'm a cloud security architect, but I joined this project because one of my teammates left. My manager asked me to join because I have prior experience with Cisco Systems and Dell security. 

Our client has 40 sites, and they used other products called Peruit and PescUmbrella. My colleague was helping them remove the products from their laptops and replace them with Cortex XDR and Prisma Access. 

Prisma Access is a better product than our client's previous solution, and it helps organizations work differently. It saves time, but I'm not sure about money. I had never considered that aspect because I'm not involved in the financial side. The solution helps us to operate efficiently. Everything we want to do is in there, including DNS, web, and URL security.

Endpoint Protection is something I use on my corporate laptop, and it's doing a wonderful job. I don't experience latency. Prisma has a massive number of secure gateways compared to any other product. All these gateways reduce latency and provide better bandwidth because they use cloud platforms. The scalability and efficiency are excellent so far. 

Prisma integrates well with Cortex XDR and Cortex Data Lake. My company has been also using Prisma Access in-house for nearly a year, and it integrates seamlessly. 

Another aspect I like about Prisma is its usability and control. You can do many functions from a single dashboard. It has more features than Zscaler. The look and feel are better. Prisma is a one-stop shop that does many tasks, like logging and monitoring. 

Having a cloud-based platform is essential because we're pushing all our customers to the cloud. Most of our customers will be using Prisma in the future. Prisma Access provides traffic analysis, threat prevention, URL filtering, and web filtering, which are critical features that our customers request. You don't need a separate administrator for each task. One admin with a little training can handle all of them on Prisma Access. The rest depends on how much you can play with the product.

The documentation is generally good, but they could provide a more detailed description of all the configuration steps. I have to search for information or call support. Palo Alto could add more knowledge base articles about configuration with screenshots and walkthroughs. That would be helpful. When configuring a product, you want to see examples of how it is done. 

I am using Prisma Access for two projects. I haven't been using it for more than six months. 

I haven't worked with Prisma for long, but my impression of the stability so far is good. 

Prisma Access is most suitable for large enterprises because it also includes posture management. It's comparable to Microsoft ESPM. Microsoft makes many of the tools I use as a cloud architect, so I see everything from that perspective.

I don't think smaller companies will have any issues with Prisma. My company has five offices in India and users in 55 countries. Prisma is excellent in terms of scalability, usability, readiness, and user experience. It also runs on older operating systems and new ones too. The laptop I initially got from the company was pretty old. It's a gen-three. I got a newer laptop, and it works on either. 

I rate Prisma Access support a nine out of ten. Their support is helpful. They have a large team of product managers, so they're always available to talk. The response times are excellent. 

I'm impressed. Their technical teams are knowledgeable about the product, and they have global support. You can get support around the clock no matter which time zone you are in. One of my clients is in the US, and the other is in India. Both can access support without a problem.

Positive

I worked with Cisco Fire and AnyConnect, which combines security and VPN. AnyConnect is a popular Cisco product clients use remotely to connect their machines to their offices. That was the first product. Cisco acquired Sourcefire and rebranded it to Fire, which is again a client-based solution.

The deployment is straightforward, and it's done via Prisma's console. I didn't find it to be tricky or have any difficulty finding what I needed. Everything is clearly labeled and intuitive. The more you play with that, the more comfortable you get.

It only takes a minute or two if you have everything configured and you simply need to push the config file. That also depends on how much configuration you push at once. A small configuration takes less than 30 seconds. A larger configuration like we've done in the past few days might take a minute or more. 

I rate Prisma Acess a nine out of ten. It's better than any other product in the market.