Try our new research platform with insights from 80,000+ expert users
Burak Dartar - PeerSpot reviewer
Cybersecurity Unit Manager at a university with 11-50 employees
Real User
Unlike traditional VPN, we were able to analyze and block things immediately, and track user connections
Pros and Cons
  • "The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them."
  • "Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side."

What is our primary use case?

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

How has it helped my organization?

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

What is most valuable?

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

What needs improvement?

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

Buyer's Guide
Prisma Access by Palo Alto Networks
March 2025
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

What do I think about the stability of the solution?

It's reliable.

What do I think about the scalability of the solution?

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

How are customer service and support?

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used a traditional VPN solution, but nothing like Prisma Access.

How was the initial setup?

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

What about the implementation team?

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Which other solutions did I evaluate?

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

What other advice do I have?

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Real User
Beneficial single platform delivery, protects application data well, but reports lacking
Pros and Cons
  • "The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection."
  • "If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos."

What is our primary use case?

We are using Prisma SaaS for products. We use many content-based platforms and we were using this product to perform policy detection. If someone is sharing something publicly, externally, from our domain, which is risky. This product allows you to write policies, and those policies will detect content, which captures them in the policy category or in the criteria. You then can add remediation action for protection.

We deploy the solution using their infrastructure and we connected that solution with our applications.

How has it helped my organization?

Prisma SaaS has helped the way our organization has functioned. Before the used the solution, we needed to write API calls for every platform to receive data out of it. It's a tedious task because we have 20 products and you need to write 20 application API calls. Once you receive the API calls, you need to massage and manipulate the data, search, and filter it. We need to write the full-fledged application. However, this product does it all, it gives you everything.

Instead of writing applications, we only need to go into one place, one URL, and we are able to do whatever we need to. In terms of hours, it saved us a lot of time and hours to do similar tasks previously, which we used to do using API calls to the product.

What is most valuable?

This is a one-stop solution. They have multiple features for every product, you don't need to purchase different products for each platform. When you purchase one Prisma SaaS you can connect to 10 different things. You can write different policies, attach different policies, search, and export the data out. There are many capabilities of this solution.

The solution has all its capabilities in a single cloud delivery platform which is great and it provides overall good protection.

What needs improvement?

If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos.

The reports and setting the policies could improve, they are important. Their UI is a little bit confusing when you create the policy section. There are times when it looks like you are in one section, but you're technically in another section and you're saving something else. The need to make it more clear in the UI for policy creation and setup.

For how long have I used the solution?

I have been using Prisma SaaS for approximately one year.

What do I think about the stability of the solution?

The stability of the solution is a little bit slow when you do searching. However, I have never seen an error on the application for over one year. It is stable.

What do I think about the scalability of the solution?

The scalability of Prisma SaaS is very good.

We plan to increase the usage of this solution. We are working with the compliance team and we are trying to find more policies and more products where we can use Prisma SaaS. We have recently renewed the solution for three more years.

How are customer service and support?

If we open a private ticket, they're pretty fast. They get back to us in a timely manner and we work with them actively.

I would rate the technical support a seven out of ten.

Which solution did I use previously and why did I switch?

We have two solutions that we use. We also use CloudLock for a specific product. These products are usually application-based, and if you compare BetterCloud and CloudLock, CloudLock is good for Google. Similarly, BetterCloud is good for Dropbox because their EPA's are more integrated. Prisma SaaS is good for receiving data from OneDrive, Office365, and a lot of other products. We have multiple products depending on the use case.

How was the initial setup?

The initial setup is straightforward. It's a SaaS product, we only need to log in and integrate our apps using our administrative rights.

The full deployment takes a couple of weeks. The deployment is easy, but the scanning takes time. If you connect a product and that product is having a terabyte of data, the scanning will take time. However, deployment connecting to the products, it's fairly easy.

We implement the solution in a sandbox environment and a production environment. The sandbox environment is connected to our sandbox applications, and production is connected to production applications. Whenever we are trying to launch a new policy, we used to try a new sandbox first. If it goes well, we send it to a production environment. We upload a sample of corrupted files to see if the policies are acting as they are supposed to.

What about the implementation team?

We used an integrator and we worked with them directly.

We use approximately 40 hours a week for the maintenance of the solution to get everything done.

What's my experience with pricing, setup cost, and licensing?

The pricing can be difficult because it came to us with another agreement, but it can be negotiated. I highly recommend people to compare this product's performance and pricing against BetterCloud, because I feel BetterCloud is better than Prisma SaaS if they're starting from scratch.

What other advice do I have?

The auditing does not protect all application traffic. It's more content-based. For example, if I uploaded a file and that file has sensitive information, Prisma will detect it. It will tell me where that file has been uploaded, how it's shared, whose current external parties were accessed. Anything which is bound to my user base, I will receive the report, but not the audit log. It won't tell me when users log into the platform, or if they log out. However,  it will tell me if they upload anything and take any action on that content.

We can connect the solution to AWS F3, which you can be considered not web-based because it has both products. From the F3 bucket, you can access it through different mechanisms. We are using it for some products which are not purely web-based.

We use SaaS products. That means infrastructure is not in our control and if you upload something into those platforms, such as Dropbox, any content that is put into the data system, we need to make sure that our data is protected and not shared outside. This product and its processes allow us to monitor it. We can create a policy, and limit the action. A person does not need to wait and then take action. For example, if someone uploaded something critical, a Saas policy gets triggered, and it automatically brings that operation down. If someone shares a file publicly, the policy triggers and detects the file and removes the public sharing. This is how we are protecting our data within our platform using this product.

I have learned from using this solution we should have more policies created as per compliance and security to utilize the features of this product better. If you have this product and if you're not writing a policy, then this product is useless. Right now we have basic policies, four and five, which I feel we have the potential to increase to 15 or 20.

I rate Prisma SaaS by Palo Alto Networks a seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Buyer's Guide
Prisma Access by Palo Alto Networks
March 2025
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
842,672 professionals have used our research since 2012.
Md. Al Imran Chowdhury - PeerSpot reviewer
Cyber Security Analyst at Link3 Technologies
Real User
Top 5Leaderboard
Offers good performance and reliability to users
Pros and Cons
  • "The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly."
  • "From any improvement perspective, the product's compatibility issues with Linux need to be resolved."

What is our primary use case?

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

What is most valuable?

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

What needs improvement?

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

What do I think about the stability of the solution?

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

What do I think about the scalability of the solution?

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

How are customer service and support?

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

How was the initial setup?

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

What was our ROI?

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

Which other solutions did I evaluate?

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

What other advice do I have?

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Gur Sannikov - PeerSpot reviewer
Technical program manager at Intel Corporation
Real User
Top 10
A seamless solution that can be used for VPN connection for remote work
Pros and Cons
  • "Prisma Access by Palo Alto Networks is a seamless solution."
  • "The solution’s stability could be improved."

What is our primary use case?

We use the solution for VPN connection for remote work.

What is most valuable?

The most important feature of the solution is that it works transparently, and you don't need to enter a new password after restarting the PC. Prisma Access by Palo Alto Networks is a seamless solution. People don't need to know how the infrastructure is working. It just seamlessly works for them.

The most valuable features of the solution are encryption, compliance, and stability.

What needs improvement?

The solution’s stability could be improved.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto Networks for one month.

What do I think about the stability of the solution?

I rate the solution a nine out of ten for stability.

What do I think about the scalability of the solution?

Prisma Access by Palo Alto Networks is a scalable solution.

I rate the solution a nine out of ten for scalability.

How was the initial setup?

The solution's initial setup is pretty straightforward. The solution is easy to implement.

What about the implementation team?

The solution's deployment took two weeks. Compared to other products, the solution has a pretty fast deployment.

What was our ROI?

We have seen a positive return on investment with the solution because remote work is very important for us.

What other advice do I have?

I would recommend Prisma Access by Palo Alto Networks to other users.

Overall, I rate the solution a nine out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Executive Officer at Clemtech LLC
Real User
Helps us keep up with security violations or phishing attacks by bad state actors
Pros and Cons
  • "We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions."
  • "Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance."

What is our primary use case?

My customers are military and federal government agencies. They're really interested in Secure Access Service Edge technology for their endpoints. Palo Alto Prisma is one of the solutions we use to make the SASE solution work for endpoints. For our customers, we normally do SD-WAN, Zero Trust, SWG, and SWaaS. Nobody has really asked for ADEM yet.

How has it helped my organization?

Prisma Access lets us compete in the cloud space.

What is most valuable?

Prisma isn't hard for the average system admin to use, and our customers are interested in Prisma's SD-WAN and Zero Trust capabilities. Government customers are particularly interested in the CASB capability. Prisma protects all app traffic, so our customers can access all of our apps, which is essential. That's one of the main reasons my business and customers use this technology, especially in the COVID-19 environment.

My military customers have users who need secure access to their information from all over the world. If they're using Microsoft Office products or some other app that isn't web-based, they can still access them through the web whether they're using their corporate devices or working on their personal devices using corporate information. Prisma will still protect that from phishing or other attacks.

Having all of these capabilities on a single cloud-delivered platform was extremely important to us. We also liked how well Prisma integrates with other solutions. Other solutions offer the same functionalities Prisma does when it comes to Zero Trust, CASB, and SD-WAN within the Microsoft Cloud. Prisma helps us protect our customers when a user isn't going to the Microsoft Cloud. 

Prisma also helps with traffic analysis, and that is controlled through the Manager. We can see what websites individuals within organizations are going to. For example, we can do cybersecurity analysis, such as phishing and so forth, to determine the cybersecurity risk of a particular site. While Prisma is doing that, we're also sending those Prisma files to our security operations, and they're also doing the analysis. In addition to threat detection, we're doing threat prevention. URL filtering fits into that category because we can determine what website an individual was able to access.

Prisma does segmentation either through the management of user groups or according to network access. Prisma provides millions of security updates per day, which is crucial for my government customers and business partners. It helps us keep up with security violations or phishing attacks by bad state actors. These threats are dynamic.

What needs improvement?

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

For how long have I used the solution?

We've been using Prisma Access for about a year.

What do I think about the stability of the solution?

Prisma is stable. It works as advertised.

What do I think about the scalability of the solution?

Prisma is highly scalable and global.

How are customer service and support?

I rate Palo Alto's tech support 10 out of 10. It's outstanding. But I'd like to highlight the difference between technical support and government technical support because it's two different beasts. I'm talking about Palo Alto's government technical support. They have a separate set of personnel inside the organization that handles government customers.

How would you rate customer service and support?

Positive

How was the initial setup?

Setting up Prisma is pretty straightforward. It takes around an hour to get it up and running. The amount of time needed to fully deploy Prisma depends on the size of the enterprise and the number of units, groups, endpoints, etc. Pre-deployment preparation also varies according to the size of the enterprise. It takes about a couple of days for a medium-size organization. You have to set up the architecture, determine who the users are, set up the IP schema, establish your Zero Trust scheme, set up network access, and send your log files over to the site. All of that takes about three days. Two network engineers can handle setup and deployment. After that, Prisma can be maintained by normal networking staff and at least one engineer.

What about the implementation team?

Integrators from our partners at Tech Data help us deploy. We also get help integrating from my engineers over at TOSIBOX, our proprietary VPN solution.

What was our ROI?

We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions. 

Which other solutions did I evaluate?

We looked at other competitors, including Aruba, HP, Cisco, and Microsoft Enterprise solutions. 

What other advice do I have?

I rate Prisma Access nine out of 10. It has been constantly changing since it was released. Palo Alto is the leader in all these technologies on the Gartner Magic Quadrant. 

I would advise anyone considering Prisma to look at their endpoint protection and evaluate how it fits in the overall enterprise solution, including integration with operational technology.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
AndyChan3 - PeerSpot reviewer
General manager at a tech services company with 201-500 employees
Real User
Top 10
The solution improved the consistency of our security controls, but the pricing model is inflexible
Pros and Cons
  • "The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management."
  • "The licensing model isn't flexible enough. It's an all-or-nothing model. Other providers in the market allow you to buy modules or add-ons separately. With Prisma Access, you have to purchase the same module for all users."

What is our primary use case?

We use Prisma Access to enhance security control on endpoints in a hybrid workplace. Everyone in my company uses Prisma. It's about 500 users.

How has it helped my organization?

Prisma covers web-based and non-web apps, reducing data breach risks. In addition to protecting web traffic, it can replace the VPN. Instead of using a separate VPN, we can route all the traffic to our office through Prisma Access. 

The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management. Because it is a SaaS solution, the system admins don't need to worry about technical implementation, updates, or anything happening on the backend. 

What is most valuable?

The most valuable features are the Secure Web Gateway and firewall as a service. Prisma Access protects all internet traffic. It isn't limited to apps. Currently, it covers more than 90 percent of our web traffic.

Autonomous digital experience management is another essential feature that provides a level of end-to-end visibility that most other solutions cannot offer. ADEM's real and synthetic traffic analysis is highly useful.

The benefit ADEM provides to the end-user is pretty indirect. It gives a system admin some evidence to show the user that the problem may not be on the user's side rather than a system issue.

Prisma Access features like traffic analysis, threat protection, URL filtering, and segmentation are critical because our use case is a hybrid workplace. Users are working worldwide, so we expect security to be consistent anywhere, not just in the office.

It updates weekly. Because it's a SaaS solution, they don't tell you what is updated on their side, but if an update is on the user side, then they update it once weekly or biweekly.

What needs improvement?

If I had to rate Prisma Access for ease of use, I'd give it two out of ten. It's easy for the users, but it's difficult for admins to configure. 

For how long have I used the solution?

I have been using Prisma Access for less than a year.

What do I think about the stability of the solution?

Prisma Access is stable. 

What do I think about the scalability of the solution?

Prisma Access is scalable. 

How are customer service and support?

I rate Palo Alto support seven out of ten. They sometimes take a long time to resolve complicated issues. 

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

We tried Zscaler, but we switched to Prisma because of the price, and Palo Alto was better suited to our business requirements. Palo Alto is one of the best choices for regional deployment, but Zscaler is better for a global use case.

How was the initial setup?

Setting up Prisma Access is complex. You cannot deploy it without help from Palo Alto or a Palo Alto partner. They are the only ones who can do the configuration. It took us about four months to get the solution up and running. We need about two IT staff to provide user support for Prisma, but Palo Alto handles all the updates. 

What's my experience with pricing, setup cost, and licensing?

The licensing model isn't flexible enough. It's an all-or-nothing model. Other providers in the market allow you to buy modules or add-ons separately. With Prisma Access, you have to purchase the same module for all users.

Which other solutions did I evaluate?

In addition to Zscaler, we looked at Netskope and Cato Networks.

What other advice do I have?

I rate Palo Alto Prisma Access a seven out of ten. It's not suitable for organizations whose users are primarily in mainland China. Prisma Access is excellent if you use most Palo Alto products, but Prisma Access might not be the best solution if you only use one of their products. 

It's crucial to define your business requirements well from the start because a Palo Alto solution can't quickly adapt to the changes that you need. If Palo Alto satisfies your initial conditions, it may be the cheapest solution at the time. However, if you need to make a change in the middle, the price can go up drastically. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
reviewer1717380 - PeerSpot reviewer
Global Leader Network Engineering at a financial services firm with 5,001-10,000 employees
Real User
Always-on VPN is constantly securing our system, but bugs and response to them have been challenging
Pros and Cons
  • "Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. It also allows us to access non-web apps; anything internal that we need access to, we can access."
  • "We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this."

What is our primary use case?

Prisma Access GlobalProtect is our always-on VPN. We use it for URL filtering, to make sure people don't go to websites that are not permissible according to our security policy, such as gambling and pornography sites. We also implement Data Loss Prevention and decrypt the packets so that we can analyze the inside and make sure that nobody is trying to exfiltrate data. It's always on and it doesn't matter if you're in an office or at home or in a coffee shop or a hotel. 

We also use their service connections to access our internal services through them.

How has it helped my organization?

Since everybody is on the network all the time, it's allowing us to eliminate the step of having to connect to a VPN. That's the whole premise of an always-on VPN. Nobody has to think, "Oh, I need to get on VPN before I can connect to that server," or, "Oh, my VPN timed out because I've been on for 12 hours." The whole premise is that you're constantly on a VPN and it's constantly securing the system. That has helped from an end-user perspective. It hasn't come without its challenge, but that is one thing that is definitely a benefit.

In terms of security, it's definitely better than what we had because a user could just disconnect from the VPN before. They couldn't shut off the cloud proxy, but the cloud proxy only handled web-based traffic. If they wanted to FTP to a server, when they were connected to the VPN, it would get blocked. But they could just disconnect from VPN and then connect to FTP. Now, it goes through more security controls. So we are definitely more secure because of it. But it's just a completely different technology; it's more because of that than the product itself.

It's also somewhat of an alternative to SD-WAN. We had been looking at SD-WAN solutions and, realistically, the way the users are connecting now with Prisma Access, there's really no need for it.

What is most valuable?

It's an always-on solution and it supports both Mac and Windows. We have one configuration globally, and the only area where we had to do something differently is China.

Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. 

It also allows us to access non-web apps; anything internal that we need access to, we can access. Because we're using it as a VPN solution, our users are always on the internal network, regardless of where they are. They can't do anything because we lock them down so that if GlobalProtect doesn't connect, they can't get out to the internet. It's helped in that there were things that people would work around in other ways with our old model, things that they can't work around with the new model.

Also, having a single cloud-delivered platform, a global solution, was a key requirement for us.

We use the solution's threat prevention, URL filtering, and segmentation and they're all extremely important, based on what we're doing with the product. It's also very important to the business that Prisma Access provides millions of security updates per day.

What needs improvement?

We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this. We've had some very pointed discussions with the support organization and the development teams on those issues and on doing what we can to help remediate them as well. They have been more responsive now towards our needs but it's a work in progress. 

They're going from being an organization that supported physical hardware, the Palo Alto firewall, into the realm of a SaaS-based solution. As a result, they need to change their operating model, support model, and release model to support that SaaS-based solution. That is related to support, related to operational efficiency, and deployments of code. Those are the areas where they need to improve.

For how long have I used the solution?

I've been using Prisma Access by Palo Alto for about a year.

What do I think about the scalability of the solution?

I don't see issues yet in terms of its scalability. We have more capacity than we need, so I think it's fine. We have firewalls in every region and in every country that Palo Alto has available. It's fairly scalable.

Which solution did I use previously and why did I switch?

We previously used Cisco AnyConnect for VPN and a cloud proxy solution for web-based security. We went from two products to one. The main purpose was to find a replacement for the cloud proxy solution. VPN just wound up being a good and positive outcome, in addition to it.

How was the initial setup?

The initial setup was complex. It has taken us almost a year, but we have about 7,000 users. We're just finishing up the main deployment of 5,000-plus users. We had an acquisition earlier this year and that will add another couple of thousand users. There have been a lot of hurdles with the bugs that we hit in the product. The stability of the software has been our biggest challenge.

What about the implementation team?

We did the deployment ourselves. In terms of maintenance, I manage the network engineering team globally, and our team is responsible for it.

Which other solutions did I evaluate?

We did look at other vendors when we were deciding on our VPN software and we went with Palo Alto for security reasons. 

What other advice do I have?

My advice would be to wait until they fix the bugs. We've been on a pretty stable version for the past several months and haven't had any issues. But other users who are on the same version have hit bugs on a regular basis, and it has been a nightmare to try to support. We're waiting on the final update of version 5.2.9 to get some of these issues fixed, and we're also waiting on 5.2.10 to support Windows 11 and the new version of Mac.

It's a balancing act in terms of security and nothing is perfect. We do have Palo Alto hardware as well as the Prisma Access solution, so we're reliant on Palo Alto's security for a lot of our security needs. I think the security is adequate.

I like the product in principle and I would rate it pretty high, but the bugs that we've hit pull the score down a bit. And then there are the operational support issues that we've had with Palo Alto, in general, that contribute to the score of six out of 10, as well.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
PeerSpot user
Endpoint Security Manager at Catholic Health Initiatives
Real User
Stable with good posture checking and relatively easy to set up
Pros and Cons
  • "It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in."
  • "The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes."

What is our primary use case?

We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.

What is most valuable?

Overall, it's a great solution that works quite well.

The solution's most valuable feature is the posture checking. 

It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.

What needs improvement?

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

For how long have I used the solution?

I've probably been using the solution for four years at this point.

What do I think about the stability of the solution?

The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.

What do I think about the scalability of the solution?

The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult. 

You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.

On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users. 

How are customer service and technical support?

I can't speak to the acceptability of technical support. I've never had to contact them.

Which solution did I use previously and why did I switch?

We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.

How was the initial setup?

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

What's my experience with pricing, setup cost, and licensing?

I don't deal with licensing in the company. I'm not sure what the pricing is.

My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.

Overall, I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2025
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.