Prisma Access by Palo Alto Networks Reviews

We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.

Overall, it's a great solution that works quite well.

The solution's most valuable feature is the posture checking. 

It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

I've probably been using the solution for four years at this point.

The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.

The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult. 

You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.

On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users. 

I can't speak to the acceptability of technical support. I've never had to contact them.

We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

I don't deal with licensing in the company. I'm not sure what the pricing is.

My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.

We're just a customer. We don't have a business relationship with the company.

I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.

Overall, I'd rate the solution eight out of ten.

We use the product to access resources from outside networks.

They could add more flexibility and improve product performance.

I've been using Prisma Access by Palo Alto Networks for about one or two years.

The technical support services are good, and they provide faster responses. However, there is room for improvement regarding the support for local languages.

Neutral

Competitors' advantages for the product lie in their ability to cover different security aspects, such as DDoS protection, DNS security, and WAF.

The setup is relatively straightforward. Typically, distributors or partners handle the implementation process.

Palo Alto products are expensive, but they offer efficient features. We have to pay additional costs for maintenance and support services.

I typically recommend Prisma Access to private companies, especially small or medium-sized ones.

Integrating the product with other tools is easy as it offers APIs. I rate it a seven out of ten.

Our use case started with the pandemic. Before the pandemic, our users worked in our office, but when the pandemic started our users were at home. They wanted to have the same kind of access that they had on-premises. We deployed a network and mobile services for them so that they could have the same experience sitting at home and access all the infra in the office. We use mobile access to connect to Prisma Access, and from Prisma Access we built a site-to-site VPN to connect to the office network so that they would have the same kind of access.

It is very helpful because it is protecting the applications that are behind it. It has so many components that we can use to secure our applications.

Prisma Access has all the features from Palo Alto. But the visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used. It gives a great view of what is happening, of everyone who is connected. That is one of the things I like.

It provides traffic analysis, threat prevention, and URL filtering, although I'm not sure if it provides segmentation. These features are very important. We wanted to filter traffic according to our standards. The URL filtering helps to filter the traffic so that we only send the traffic we want to on-premises or the internet. Without this, it would be very tough.

Also, it protects all your app traffic. It's like a next-generation firewall. It does everything.

For a non-technical guy, the reporting of Prisma Access is very easy. You need to know the navigation tabs, but it only has so many of them and you can do many things in the tabs. It is pretty easy because there aren't that many pages or options.

And the updates, like URL updates, IPS, IDS, and any WildFire subscription updates are very helpful for protecting our infra.

There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin. An administrator should be able to look at it from a configuration perspective and not the management and maintenance perspectives.

We started using Prisma Access by Palo Alto Networks with the pandemic in 2019, so I have been using it for over three years.

Initially, they were coming up with a new plugin every one or two months, and you would have to download it. But now, I don't see that. Their team continues to work on it, but as a customer, I see it as stable. 

They're using the resources of GCP so if GCP in a specific region has some issues, it will impact Prisma Access. They have to look at some kind of backup.

I don't see it as a scalable solution because it is running on top of VMs. They say it is scalable, but we didn't see it working that way for one or two incidents that we had. But later, they had more firewalls in the cloud and kept them on standby. Since then, I haven't seen that issue.

I have implemented the solution for 100,000-plus users, and most of them are connecting from home. It reduces the load on our on-premises firewall, handling posturing and VPN. It is a dedicated project, meaning everyone, all of our employees, uses the same solution to connect to the infra.

When I started working with their support, the product was new for them as well so they were not all that familiar with it. They need to improve the technical support staff.

Positive

We were using Cisco AnyConnect but we replaced it, in part, with Zscaler and mostly with Prisma Access.

Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.

When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.

The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.

Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.

We evaluated Zscaler Private Access and multiple other cloud solutions.

Compared to Zscaler and other services, the advantage of Prisma Access is that it supports both data and voice. The other vendors don't support voice. With Prisma Access, we don't need to look for any other services or solutions. It supports your data and voice services as well and that is one of our most important requirements.

At the end of the day, Prisma Access is nothing but a firewall that is hosted in the cloud. It depends on your capacity, the users that are connecting, and the VM you are running in the backend. It has all the capabilities and subscriptions that we were using on-premises. I don't see any challenges in terms of security. It is secure. They haven't compromised on anything with Prisma Access. It tries to protect us as much as possible.

It's crucial for us and is helping us a lot if you look at it from a business perspective.

We can do a lot with it and use it for eight to nine use cases. It supports your data and voice and, as I noted, I haven't seen any other product support both. Prisma Access is the best product. It depends on what you're looking for. But if you have a lot of requirements, you should go with Prisma Access.

The solution is not very complex and is easy to manage for people who may or may not have knowledge about Palo Alto Networks. 

The initial support team is not very good. Most of the time, I have found that they are one to three years experienced only. They don't have network expertise. They know about Palo Alto products but don't know how to troubleshoot the issues. We have to guide them most of the time to troubleshoot correctly since their approach is not developed. 

I have been working with the solution for a few months. 

The solution is very stable. 

We are a large team and work for multiple customers. 

The senior engineers are very good and you need to escalate your issues to them. 

The tool is very easy to set up. It will take some time since you need to plan all the things. You also need to think about the migration of the existing infrastructure. It is not like you can complete the installation in a week. We will collect information first on users and categorize them from a user perspective like the applications and services which will be connected to the product. We will make a plan once we understand the user requirements. It is a long process and we will ensure that everything is secure. A document will be created with the data flow. We will ensure 100 percent that everything is working fine. 

Prisma Access is a good product and I would rate it a nine out of ten. 

The use case for our clients is that they have branch office locations all over the world. Users can connect over the internet and inspection of their traffic will happen on the Prisma infrastructure. Remote users can also connect to the VPN through Prisma infrastructure, and they can connect their data center with the Prisma infrastructure as well.

It's a cloud solution from Palo Alto Networks. Customers just need to establish an IPSec tunnel from their on-prem device with Palo Alto's closest location, which they have all over the world—100-plus locations.

The benefit of using Prisma Access is that the customer doesn't need to have their own data center. They just need to purchase a Prisma Access license. The customer will save on the labor cost associated with the data center, on the electricity cost, and they will save on the land cost as well. The data center infrastructure is provided by Palo Alto Networks.

Prisma Access is a big change for our customers. Not having to have data centers, and not having to deploy a firewall at each location, makes things simpler.

The solution also enables customers to deliver better applications. It helps them save on costs. It is easy to manage with fewer resources.

It's easy to manage. Our customers do not need to worry about what is happening in the data center. With legacy networks, they have to worry about things like the firewall being down and having to go to the data center to replace it. With Prisma Access, they do not need to worry about that. Palo Alto takes care of it. If something goes down in the infrastructure, the Palo Alto team will take care of it.

Prisma Access protects all app traffic, so that users can gain access to all apps. It is important for our clients that all traffic coming through the firewall is inspected. Prisma inspects all the traffic, and if a customer wants to make an exception for certain traffic, that is also possible.

It also inspects both web-based apps and non web-based apps.

In addition, it's really easy to manage. If customers have Panorama they can use it to manage Prisma Access. There is also a cloud application which provides a single console to manage it. Changes can be made on that console and pushed to the customer's environment, which is another way they make it easy to manage. The customer can opt for Panorama or the cloud management application. The latter is free.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation, as well as vulnerability protection, DLP, anti-spyware, antivirus, URL filtering, and file blocking. It provides everything. This combination is very important. When a customer wants to block certain URL categories, they can block them. If they want to exclude any entertainment websites from their environment, they can block them. What we implement depends totally on the customer's environment and what they need. We can play with it and modify things.

Another benefit is that if any vulnerability is detected, such as a Zero-day attack, Palo Alto provides an update dynamically. The patch is installed so that the network is not exploited.

The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well. The ADEM analysis of various tests will give the user feedback such as, "Okay, I'm seeing latency here." We or the customer can then improve on that. If something is blocked that shouldn't be, we can make a change in the policy. It's a good tool to have. It makes the user experience better.

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

I have been using Palo Alto Networks Prisma Access for around one year, as a consultant. I have deployed the solution for clients all over the world.

The availability of Prisma Access is good. I haven't seen any major issues yet.

It is scalable. We scale the solution based on the customer's requirements, after getting their technical design and discussing how they want to deploy it.

I would rate their customer support at nine out of 10. The one point I have deducted is because it is very hard to get support sometimes. There are times when the customer has to wait a long time in the queue. But once they get an engineer, they get the proper support. The Palo Alto engineers are good. It's just that it's very hard to get the engineer on time, sometimes. I believe this is because the solution has expanded a lot. Users are purchasing it but the support is not keeping pace. They are working on that and the support is going to be increased in the future.

Positive

The deployment is simple.

The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.

I'm not involved on the financial side, but I believe the solution is costly.

In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama.

Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.

We use Prisma Access to enhance security control on endpoints in a hybrid workplace. Everyone in my company uses Prisma. It's about 500 users.

Prisma covers web-based and non-web apps, reducing data breach risks. In addition to protecting web traffic, it can replace the VPN. Instead of using a separate VPN, we can route all the traffic to our office through Prisma Access. 

The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management. Because it is a SaaS solution, the system admins don't need to worry about technical implementation, updates, or anything happening on the backend. 

The most valuable features are the Secure Web Gateway and firewall as a service. Prisma Access protects all internet traffic. It isn't limited to apps. Currently, it covers more than 90 percent of our web traffic.

Autonomous digital experience management is another essential feature that provides a level of end-to-end visibility that most other solutions cannot offer. ADEM's real and synthetic traffic analysis is highly useful.

The benefit ADEM provides to the end-user is pretty indirect. It gives a system admin some evidence to show the user that the problem may not be on the user's side rather than a system issue.

Prisma Access features like traffic analysis, threat protection, URL filtering, and segmentation are critical because our use case is a hybrid workplace. Users are working worldwide, so we expect security to be consistent anywhere, not just in the office.

It updates weekly. Because it's a SaaS solution, they don't tell you what is updated on their side, but if an update is on the user side, then they update it once weekly or biweekly.

If I had to rate Prisma Access for ease of use, I'd give it two out of ten. It's easy for the users, but it's difficult for admins to configure. 

I have been using Prisma Access for less than a year.

Prisma Access is stable. 

Prisma Access is scalable. 

I rate Palo Alto support seven out of ten. They sometimes take a long time to resolve complicated issues. 

Neutral

We tried Zscaler, but we switched to Prisma because of the price, and Palo Alto was better suited to our business requirements. Palo Alto is one of the best choices for regional deployment, but Zscaler is better for a global use case.

Setting up Prisma Access is complex. You cannot deploy it without help from Palo Alto or a Palo Alto partner. They are the only ones who can do the configuration. It took us about four months to get the solution up and running. We need about two IT staff to provide user support for Prisma, but Palo Alto handles all the updates. 

The licensing model isn't flexible enough. It's an all-or-nothing model. Other providers in the market allow you to buy modules or add-ons separately. With Prisma Access, you have to purchase the same module for all users.

In addition to Zscaler, we looked at Netskope and Cato Networks.

I rate Palo Alto Prisma Access a seven out of ten. It's not suitable for organizations whose users are primarily in mainland China. Prisma Access is excellent if you use most Palo Alto products, but Prisma Access might not be the best solution if you only use one of their products. 

It's crucial to define your business requirements well from the start because a Palo Alto solution can't quickly adapt to the changes that you need. If Palo Alto satisfies your initial conditions, it may be the cheapest solution at the time. However, if you need to make a change in the middle, the price can go up drastically. 

As a Palo Alto provider, their Platform as a Service (PaaS) for their Prisma Cloud-Native product, is offered as a hosted or Software as a Service (SaaS) version. As a user their product should scan and manage cloud container images to identify vulnerabilities. It's a key feature for identifying CI/CD development issues for remediation. 

The most valuable feature of Prisma Cloud-Native, in my opinion, is that it assists in identifying, analyzing, and remediating vulnerabilities.

Palo Alto does a great job on managing updates to their products. It can be difficult managing all the subscription updates, especially if they are manual. There should be a process in place. 

One area of challenge is for them to stay on top of current CVEs on their platform. Anything in the lines of compliance should be current from potential attacks. They have a URL link where customers can make recommendations to map to specific compliance frameworks or standards. That's great, but instead of having the customer identify those, they should make sure they're using the most recent version. The NIST SP 800-53 Rev. 4, should be mapped to NIST SP 800-53 Rev. 5 current version. Many people are unaware of this change. Should use the most current version, unless you have an exception for legacy systems.

I have been using Palo Alto Prisma Cloud for about a year now.

I'm currently supporting a Prisma Cloud-Native re-configuration project. It's their Software-as-a-Service (SaaS) version in the Cloud to scan for vulnerabilities. 

Prisma Palo Alto Networks is an optimal solution. They use the Amazon platform. They have some extremely talented engineers who keep the product up to date. Version updates could be a challenge as some versions are not automated. They don't always push you to update unless you're maybe using the hosted version. If you are unaware of this, you may have been using an older version for an extended period of time. There will be bugs and issues, and it will not perform optimally. It's important to use the most current version. 

Palo Alot support is great. There are no complaints.

I am familiar with Trend Micro, and WatchGuard solutions. I really like Trend Micro. They are excellent, in my opinion. They are great for anti-malware, as well as scanning your desktops and computers for personal or business use.

Proofpoint is another product that I really like for DLP Endpoint Security. They do an excellent job.

I didn't do the original configuration, but I am doing some of the re-configuration. It is important to understand your organization's infrastructure, cloud containers, and all the various types of administrative access controls. It all comes down to having the knowledge and visibility to configure it with your environment. 

The pricing is reasonable for Palo Alto. They price their products using credit modules. There are various types of modules in each section. I believe there are four different modules. If you want to ensure that you are saving on cost, you should develop a very good DevOps or DevSecOps process with the cloud engineers and development team. Meaning, when the development team is no longer creating apps or working in their CI/CD environment, they must scale down, repave and decommission or it could increase your costs significantly.

We use it for remote access VPN. When our users are working remotely, from home, they can use it to connect to our IT environment.

An important aspect is that Prisma Access provides all its capabilities in a single cloud-delivered platform. It would be very inconvenient for us if we had to go to multiple places. It gives us centralized operations, and centralized configuration and management that enable us to be more efficient. We don't have to reference or go to multiple places or systems to maintain things and operate.

It has also improved our remote access. We deployed it to replace an older remote-access VPN that we had been using. That is where the usefulness of the product is for us. It provides security and allows our remote users to connect to our environments.

Remote access is the most valuable feature, giving remote users secure access to our IT environment. That is the specific feature that we are using it for. Prisma Access provides secure access to the environment, including apps, and some non-apps systems, such as system administration. This ability is very important, almost a mandatory requirement for some of our systems.

It not only protects web-based apps, but non-web-based apps as well. Again, that's important, because for this kind of access, the traffic has to be protected and secure. The fact that it secures not just web-based apps but non-web apps indirectly reduces the risk of a data breach. If all the traffic can be seen it should help keep things from getting into the hands of hackers, helping prevent data from being compromised and preventing access to systems as well. We don't want our systems to be compromised, as they are critical to our services and to our customers.

The solution also provides traffic analysis, threat prevention, URL filtering, and segmentation. That combination is important because it enhances the protection and makes the traffic more secure. It also keeps things more up-to-date, enabling us to deal with more of the current threats.

In addition, Prisma Access provides security updates for threat prevention. Those updates are important in general, of course, for security reasons. The more up-to-date you are, the better you are protected.

It's not very easy to use. Sometimes it's buggy and there are problems when doing updates. The user interface is okay, but some configuration items are difficult. I would like it to be less buggy and easier to configure, to better streamline the user experience.

I have been using Prisma Access by Palo Alto Networks for a little more than one and half years.

The stability is pretty good. There are certain portions that are not very stable, but the core is pretty good.

I think the scalability is pretty good too, although we are a small company so I don't know how big we can scale, but for us, it's pretty good.

We have about a dozen users on it and most of them are technical staff, such as engineers and software engineers. Outside of the IT personnel, even finance people use it because they need access to the systems and applications. We are using it for one part of our environment, but we plan to expand it from 1,000 users to about 5,000 users.

The technical support is pretty good, as is the post-sales support. They are both very good and very attentive. Although the software is buggy, and sometimes it's hard to fix, they do provide the appropriate support levels to help us through.

Positive

We have used Cisco VPN, and I have used Juniper and Meraki. We switched because we are standardized on Palo Alto firewalls, so we wanted to use the same vendor for more interoperability.

The initial setup of the solution was complex. The configuration is not easy to understand and requires a lot of expertise from the Palo Alto side. The terms that they use in the product require quite a bit of explanation and clarification.

We used a phased approach. The first deployment we did, as a milestone, took us at least six months. For the deployment, we needed at least two to three engineers: someone from security, someone from networking, and someone from the end-user side. All parties had to be involved.

We used a contractor to help us.

The return on investment is that it allows our remote users to access our environment.

The licensing model for this product is complicated and changes all the time, making it very hard for the user to comprehend the configuration.

My advice would be to directly test it before you purchase it to see if the user experience and the complexity of the networking component are things you are able to handle.

The biggest lesson we learned from using the solution is not specific to the solution: We needed to do more proper planning in the beginning. Because the process is complicated, without good planning, it becomes more difficult during the process. The configuration involves many templates. Without planning ahead, they are created in a messy and disorganized way, and that causes further problems when we need to grow and do more setups. Now, we have to go back and correct those messy configurations, and that is something we are still doing.

Overall, the security provided by Prisma Access is very good. It provides the authentication, protection, and encryption that we are looking for for our remote users.