Prisma Access by Palo Alto Networks Reviews

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

It's reliable.

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

Positive

We used a traditional VPN solution, but nothing like Prisma Access.

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.

One of the main advantages we have found of Prisma Access is that it has gateways across multiple continents. Due to that, many users can connect from different parts of the world will be able to access everything very fast. Also, internet access through VPN has become much simpler in getting the traffic to our on-prem data center.

The main example is my particular client that has employees working from different parts of the world - Malaysia, Singapore, India, Europe, and even the Middle East. The use of multiple continental gateways has helped us a lot. The users who are working in different parts of India can connect to different gateways. There are four gateways, including in India itself, the Middle East, and Europe as well.

The WildFire Analysis is one of the good features we observed. Due to the fact that the traffic from the user to the internet is not passing under our on-prem, there is generally less control over it. With the help of WildFire Analysis, we are able to make sure the users are not downloading or accessing any malicious sites or any malware or anything.

The use of Microsoft Teams from a VPN used to give some issues earlier, however, with the Prisma Cloud, that has improved quite a lot. Even if you're tunneling the traffic of MS Teams through this Prisma terminal, there has been no issues yet. The VPN access it allows for is great.

The stability of the solution is very good.

The scalability of the solution is excellent.

Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well.

We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR.

The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server.

Technical support could be a lot better.

We have deployed the Prisma solution and environment almost six months ago and we have been using it for the last six months.

The solution is very stable. It doesn't have bugs and glitches. It doesn't crash or freeze.

So far, we haven't observed any such issues. We have been closely monitoring for the last six months but there have been no issues with latency or anything. The only thing we are worried about is that what if something goes from the cloud if the cloud set up as an issue. So far, we haven't encountered such an issue yet, however, the client is always worried about that point as all these things are happening externally to our own firm. That said, so far it hasn't given any trouble.

Scalability-wise it's a very good solution as we will be able to increase the number of users or decrease the number of users or even the bandwidth. Scalability-wise it's a perfect solution.

This solution is used by little over 8,000 users in our intranet and the user roles span from high-level management up to the contacts and their employees who are supporting the calls and the suppliers for the telecom. It is being used by a lot of different variety of users, management, IT, admin, business users, call center users, everyone.

When we decode, we decode it for 10,000 users. So far, we haven't increased it yet. In the future, if our number of user accounts increases or if the Work from Home situation due to COVID continues, then maybe our client will think about increasing it.

Technical support for this solution is via one of our third-party vendors. One problem is that the third-party vendor is not able to resolve all the issues. They will have to go to Palo Alto technical support via their exclusive support. One problem is ASP. Palo Alto is taking a lot of time for coming online and supporting that could be for a minor issue or a major issue. The time taken by Palo Alto Support to get online and support us has been a pain area. We're not really that satisfied.

Before Prisma, we were using the Palo Alto on-prem solution, Global Protect Solution. We had Palo Alto firewalls in our on-prem which we were using for VPN and before that, we used a few VPN solutions.

The initial setup was a mix of difficult and straightforward. We did the deployment in phases for users across different continents. By the time we finished the deployment, which took nearly six months, it was in our case a stable solution and simple to use as well. However, it took a while as we were working on different continents and moving from one to the other in a particular order.

The team was a combination. The team was a combination of one of the vendors in Malaysia and my team, who's from a client end. So there was a total of seven members in the team.

Our implementation strategy was as follows: we already had one Palo Alto Global Protect Retail Solution, so it was not big trouble for us to migrate it to a cloud. We started implementing, planning the redundancy for such two different sites. We established the IP set terminals with our two different sites, which will terminate from the cloud to Palo Alto VPN Box on our on-prem. Then, we gradually migrated the users from on-prem to the cloud.

In terms of maintenance, first of all, we have to keep on monitoring it. If there is something wrong with the cloud, we will have to get the alert and act accordingly. Maintenance-wise so far we have increased the bandwidth for internet links. At that time we had set up redundancy and there was no trouble with that. Apart from that, so far, no other maintenance has been done.

We had a vendor assist us a bit during the implementation.

I can't speak to the licensing costs. We had a two-year license, which we are still on.

We're just customers and end-users.

We are using a SaaS version of the solution.

I will definitely recommend implementing this product as it has a very good scalable solution. Considering this work from home scenario in COVID, it is one of the best solutions one can implement. However, my advice would be to make sure you have enough internet bandwidth while implementing and also make sure there is site-level redundancy at your end. If you are a client then you won't implement it. Make sure there are two separate IP set terminals published from the client to your end. That way, if something goes wrong, your internet goes down or something, the VPN will be accessible.

One good lesson I have learned is that earlier in my thought process related to VPN was very narrow. I never thought that you can put it across multiple continental gateways and allow users to access it so fast. 

I'd rate the solution nine out of ten.

We are using Prisma SaaS for products. We use many content-based platforms and we were using this product to perform policy detection. If someone is sharing something publicly, externally, from our domain, which is risky. This product allows you to write policies, and those policies will detect content, which captures them in the policy category or in the criteria. You then can add remediation action for protection.

We deploy the solution using their infrastructure and we connected that solution with our applications.

Prisma SaaS has helped the way our organization has functioned. Before the used the solution, we needed to write API calls for every platform to receive data out of it. It's a tedious task because we have 20 products and you need to write 20 application API calls. Once you receive the API calls, you need to massage and manipulate the data, search, and filter it. We need to write the full-fledged application. However, this product does it all, it gives you everything.

Instead of writing applications, we only need to go into one place, one URL, and we are able to do whatever we need to. In terms of hours, it saved us a lot of time and hours to do similar tasks previously, which we used to do using API calls to the product.

This is a one-stop solution. They have multiple features for every product, you don't need to purchase different products for each platform. When you purchase one Prisma SaaS you can connect to 10 different things. You can write different policies, attach different policies, search, and export the data out. There are many capabilities of this solution.

The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection.

If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos.

The reports and setting the policies could improve, they are important. Their UI is a little bit confusing when you create the policy section. There are times when it looks like you are in one section, but you're technically in another section and you're saving something else. The need to make it more clear in the UI for policy creation and setup.

I have been using Prisma SaaS for approximately one year.

The stability of the solution is a little bit slow when you do searching. However, I have never seen an error on the application for over one year. It is stable.

The scalability of Prisma SaaS is very good.

We plan to increase the usage of this solution. We are working with the compliance team and we are trying to find more policies and more products where we can use Prisma SaaS. We have recently renewed the solution for three more years.

If we open a private ticket, they're pretty fast. They get back to us in a timely manner and we work with them actively.

I would rate the technical support a seven out of ten.

We have two solutions that we use. We also use CloudLock for a specific product. These products are usually application-based, and if you compare BetterCloud and CloudLock, CloudLock is good for Google. Similarly, BetterCloud is good for Dropbox because their EPA's are more integrated. Prisma SaaS is good for receiving data from OneDrive, Office365, and a lot of other products. We have multiple products depending on the use case.

The initial setup is straightforward. It's a SaaS product, we only need to log in and integrate our apps using our administrative rights.

The full deployment takes a couple of weeks. The deployment is easy, but the scanning takes time. If you connect a product and that product is having a terabyte of data, the scanning will take time. However, deployment connecting to the products, it's fairly easy.

We implement the solution in a sandbox environment and a production environment. The sandbox environment is connected to our sandbox applications, and production is connected to production applications. Whenever we are trying to launch a new policy, we used to try a new sandbox first. If it goes well, we send it to a production environment. We upload a sample of corrupted files to see if the policies are acting as they are supposed to.

We used an integrator and we worked with them directly.

We use approximately 40 hours a week for the maintenance of the solution to get everything done.

The pricing can be difficult because it came to us with another agreement, but it can be negotiated. I highly recommend people to compare this product's performance and pricing against BetterCloud, because I feel BetterCloud is better than Prisma SaaS if they're starting from scratch.

The auditing does not protect all application traffic. It's more content-based. For example, if I uploaded a file and that file has sensitive information, Prisma will detect it. It will tell me where that file has been uploaded, how it's shared, whose current external parties were accessed. Anything which is bound to my user base, I will receive the report, but not the audit log. It won't tell me when users log into the platform, or if they log out. However,  it will tell me if they upload anything and take any action on that content.

We can connect the solution to AWS F3, which you can be considered not web-based because it has both products. From the F3 bucket, you can access it through different mechanisms. We are using it for some products which are not purely web-based.

We use SaaS products. That means infrastructure is not in our control and if you upload something into those platforms, such as Dropbox, any content that is put into the data system, we need to make sure that our data is protected and not shared outside. This product and its processes allow us to monitor it. We can create a policy, and limit the action. A person does not need to wait and then take action. For example, if someone uploaded something critical, a Saas policy gets triggered, and it automatically brings that operation down. If someone shares a file publicly, the policy triggers and detects the file and removes the public sharing. This is how we are protecting our data within our platform using this product.

I have learned from using this solution we should have more policies created as per compliance and security to utilize the features of this product better. If you have this product and if you're not writing a policy, then this product is useless. Right now we have basic policies, four and five, which I feel we have the potential to increase to 15 or 20.

I rate Prisma SaaS by Palo Alto Networks a seven out of ten.

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

We use the solution for VPN connection for remote work.

The most important feature of the solution is that it works transparently, and you don't need to enter a new password after restarting the PC. Prisma Access by Palo Alto Networks is a seamless solution. People don't need to know how the infrastructure is working. It just seamlessly works for them.

The most valuable features of the solution are encryption, compliance, and stability.

The solution’s stability could be improved.

I have been using Prisma Access by Palo Alto Networks for one month.

I rate the solution a nine out of ten for stability.

Prisma Access by Palo Alto Networks is a scalable solution.

I rate the solution a nine out of ten for scalability.

The solution's initial setup is pretty straightforward. The solution is easy to implement.

The solution's deployment took two weeks. Compared to other products, the solution has a pretty fast deployment.

We have seen a positive return on investment with the solution because remote work is very important for us.

I would recommend Prisma Access by Palo Alto Networks to other users.

Overall, I rate the solution a nine out of ten.

My customers are military and federal government agencies. They're really interested in Secure Access Service Edge technology for their endpoints. Palo Alto Prisma is one of the solutions we use to make the SASE solution work for endpoints. For our customers, we normally do SD-WAN, Zero Trust, SWG, and SWaaS. Nobody has really asked for ADEM yet.

Prisma Access lets us compete in the cloud space.

Prisma isn't hard for the average system admin to use, and our customers are interested in Prisma's SD-WAN and Zero Trust capabilities. Government customers are particularly interested in the CASB capability. Prisma protects all app traffic, so our customers can access all of our apps, which is essential. That's one of the main reasons my business and customers use this technology, especially in the COVID-19 environment.

My military customers have users who need secure access to their information from all over the world. If they're using Microsoft Office products or some other app that isn't web-based, they can still access them through the web whether they're using their corporate devices or working on their personal devices using corporate information. Prisma will still protect that from phishing or other attacks.

Having all of these capabilities on a single cloud-delivered platform was extremely important to us. We also liked how well Prisma integrates with other solutions. Other solutions offer the same functionalities Prisma does when it comes to Zero Trust, CASB, and SD-WAN within the Microsoft Cloud. Prisma helps us protect our customers when a user isn't going to the Microsoft Cloud. 

Prisma also helps with traffic analysis, and that is controlled through the Manager. We can see what websites individuals within organizations are going to. For example, we can do cybersecurity analysis, such as phishing and so forth, to determine the cybersecurity risk of a particular site. While Prisma is doing that, we're also sending those Prisma files to our security operations, and they're also doing the analysis. In addition to threat detection, we're doing threat prevention. URL filtering fits into that category because we can determine what website an individual was able to access.

Prisma does segmentation either through the management of user groups or according to network access. Prisma provides millions of security updates per day, which is crucial for my government customers and business partners. It helps us keep up with security violations or phishing attacks by bad state actors. These threats are dynamic.

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

We've been using Prisma Access for about a year.

Prisma is stable. It works as advertised.

Prisma is highly scalable and global.

I rate Palo Alto's tech support 10 out of 10. It's outstanding. But I'd like to highlight the difference between technical support and government technical support because it's two different beasts. I'm talking about Palo Alto's government technical support. They have a separate set of personnel inside the organization that handles government customers.

Positive

Setting up Prisma is pretty straightforward. It takes around an hour to get it up and running. The amount of time needed to fully deploy Prisma depends on the size of the enterprise and the number of units, groups, endpoints, etc. Pre-deployment preparation also varies according to the size of the enterprise. It takes about a couple of days for a medium-size organization. You have to set up the architecture, determine who the users are, set up the IP schema, establish your Zero Trust scheme, set up network access, and send your log files over to the site. All of that takes about three days. Two network engineers can handle setup and deployment. After that, Prisma can be maintained by normal networking staff and at least one engineer.

Integrators from our partners at Tech Data help us deploy. We also get help integrating from my engineers over at TOSIBOX, our proprietary VPN solution.

We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions. 

We looked at other competitors, including Aruba, HP, Cisco, and Microsoft Enterprise solutions. 

I rate Prisma Access nine out of 10. It has been constantly changing since it was released. Palo Alto is the leader in all these technologies on the Gartner Magic Quadrant. 

I would advise anyone considering Prisma to look at their endpoint protection and evaluate how it fits in the overall enterprise solution, including integration with operational technology.

We use Prisma Access to enhance security control on endpoints in a hybrid workplace. Everyone in my company uses Prisma. It's about 500 users.

Prisma covers web-based and non-web apps, reducing data breach risks. In addition to protecting web traffic, it can replace the VPN. Instead of using a separate VPN, we can route all the traffic to our office through Prisma Access. 

The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management. Because it is a SaaS solution, the system admins don't need to worry about technical implementation, updates, or anything happening on the backend. 

The most valuable features are the Secure Web Gateway and firewall as a service. Prisma Access protects all internet traffic. It isn't limited to apps. Currently, it covers more than 90 percent of our web traffic.

Autonomous digital experience management is another essential feature that provides a level of end-to-end visibility that most other solutions cannot offer. ADEM's real and synthetic traffic analysis is highly useful.

The benefit ADEM provides to the end-user is pretty indirect. It gives a system admin some evidence to show the user that the problem may not be on the user's side rather than a system issue.

Prisma Access features like traffic analysis, threat protection, URL filtering, and segmentation are critical because our use case is a hybrid workplace. Users are working worldwide, so we expect security to be consistent anywhere, not just in the office.

It updates weekly. Because it's a SaaS solution, they don't tell you what is updated on their side, but if an update is on the user side, then they update it once weekly or biweekly.

If I had to rate Prisma Access for ease of use, I'd give it two out of ten. It's easy for the users, but it's difficult for admins to configure. 

I have been using Prisma Access for less than a year.

Prisma Access is stable. 

Prisma Access is scalable. 

I rate Palo Alto support seven out of ten. They sometimes take a long time to resolve complicated issues. 

Neutral

We tried Zscaler, but we switched to Prisma because of the price, and Palo Alto was better suited to our business requirements. Palo Alto is one of the best choices for regional deployment, but Zscaler is better for a global use case.

Setting up Prisma Access is complex. You cannot deploy it without help from Palo Alto or a Palo Alto partner. They are the only ones who can do the configuration. It took us about four months to get the solution up and running. We need about two IT staff to provide user support for Prisma, but Palo Alto handles all the updates. 

The licensing model isn't flexible enough. It's an all-or-nothing model. Other providers in the market allow you to buy modules or add-ons separately. With Prisma Access, you have to purchase the same module for all users.

In addition to Zscaler, we looked at Netskope and Cato Networks.

I rate Palo Alto Prisma Access a seven out of ten. It's not suitable for organizations whose users are primarily in mainland China. Prisma Access is excellent if you use most Palo Alto products, but Prisma Access might not be the best solution if you only use one of their products. 

It's crucial to define your business requirements well from the start because a Palo Alto solution can't quickly adapt to the changes that you need. If Palo Alto satisfies your initial conditions, it may be the cheapest solution at the time. However, if you need to make a change in the middle, the price can go up drastically. 

Prisma Access GlobalProtect is our always-on VPN. We use it for URL filtering, to make sure people don't go to websites that are not permissible according to our security policy, such as gambling and pornography sites. We also implement Data Loss Prevention and decrypt the packets so that we can analyze the inside and make sure that nobody is trying to exfiltrate data. It's always on and it doesn't matter if you're in an office or at home or in a coffee shop or a hotel. 

We also use their service connections to access our internal services through them.

Since everybody is on the network all the time, it's allowing us to eliminate the step of having to connect to a VPN. That's the whole premise of an always-on VPN. Nobody has to think, "Oh, I need to get on VPN before I can connect to that server," or, "Oh, my VPN timed out because I've been on for 12 hours." The whole premise is that you're constantly on a VPN and it's constantly securing the system. That has helped from an end-user perspective. It hasn't come without its challenge, but that is one thing that is definitely a benefit.

In terms of security, it's definitely better than what we had because a user could just disconnect from the VPN before. They couldn't shut off the cloud proxy, but the cloud proxy only handled web-based traffic. If they wanted to FTP to a server, when they were connected to the VPN, it would get blocked. But they could just disconnect from VPN and then connect to FTP. Now, it goes through more security controls. So we are definitely more secure because of it. But it's just a completely different technology; it's more because of that than the product itself.

It's also somewhat of an alternative to SD-WAN. We had been looking at SD-WAN solutions and, realistically, the way the users are connecting now with Prisma Access, there's really no need for it.

It's an always-on solution and it supports both Mac and Windows. We have one configuration globally, and the only area where we had to do something differently is China.

Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. 

It also allows us to access non-web apps; anything internal that we need access to, we can access. Because we're using it as a VPN solution, our users are always on the internal network, regardless of where they are. They can't do anything because we lock them down so that if GlobalProtect doesn't connect, they can't get out to the internet. It's helped in that there were things that people would work around in other ways with our old model, things that they can't work around with the new model.

Also, having a single cloud-delivered platform, a global solution, was a key requirement for us.

We use the solution's threat prevention, URL filtering, and segmentation and they're all extremely important, based on what we're doing with the product. It's also very important to the business that Prisma Access provides millions of security updates per day.

We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this. We've had some very pointed discussions with the support organization and the development teams on those issues and on doing what we can to help remediate them as well. They have been more responsive now towards our needs but it's a work in progress. 

They're going from being an organization that supported physical hardware, the Palo Alto firewall, into the realm of a SaaS-based solution. As a result, they need to change their operating model, support model, and release model to support that SaaS-based solution. That is related to support, related to operational efficiency, and deployments of code. Those are the areas where they need to improve.

I've been using Prisma Access by Palo Alto for about a year.

I don't see issues yet in terms of its scalability. We have more capacity than we need, so I think it's fine. We have firewalls in every region and in every country that Palo Alto has available. It's fairly scalable.

We previously used Cisco AnyConnect for VPN and a cloud proxy solution for web-based security. We went from two products to one. The main purpose was to find a replacement for the cloud proxy solution. VPN just wound up being a good and positive outcome, in addition to it.

The initial setup was complex. It has taken us almost a year, but we have about 7,000 users. We're just finishing up the main deployment of 5,000-plus users. We had an acquisition earlier this year and that will add another couple of thousand users. There have been a lot of hurdles with the bugs that we hit in the product. The stability of the software has been our biggest challenge.

We did the deployment ourselves. In terms of maintenance, I manage the network engineering team globally, and our team is responsible for it.

We did look at other vendors when we were deciding on our VPN software and we went with Palo Alto for security reasons. 

My advice would be to wait until they fix the bugs. We've been on a pretty stable version for the past several months and haven't had any issues. But other users who are on the same version have hit bugs on a regular basis, and it has been a nightmare to try to support. We're waiting on the final update of version 5.2.9 to get some of these issues fixed, and we're also waiting on 5.2.10 to support Windows 11 and the new version of Mac.

It's a balancing act in terms of security and nothing is perfect. We do have Palo Alto hardware as well as the Prisma Access solution, so we're reliant on Palo Alto's security for a lot of our security needs. I think the security is adequate.

I like the product in principle and I would rate it pretty high, but the bugs that we've hit pull the score down a bit. And then there are the operational support issues that we've had with Palo Alto, in general, that contribute to the score of six out of 10, as well.