Prisma Access by Palo Alto Networks Reviews

My customers are military and federal government agencies. They're really interested in Secure Access Service Edge technology for their endpoints. Palo Alto Prisma is one of the solutions we use to make the SASE solution work for endpoints. For our customers, we normally do SD-WAN, Zero Trust, SWG, and SWaaS. Nobody has really asked for ADEM yet.

Prisma Access lets us compete in the cloud space.

Prisma isn't hard for the average system admin to use, and our customers are interested in Prisma's SD-WAN and Zero Trust capabilities. Government customers are particularly interested in the CASB capability. Prisma protects all app traffic, so our customers can access all of our apps, which is essential. That's one of the main reasons my business and customers use this technology, especially in the COVID-19 environment.

My military customers have users who need secure access to their information from all over the world. If they're using Microsoft Office products or some other app that isn't web-based, they can still access them through the web whether they're using their corporate devices or working on their personal devices using corporate information. Prisma will still protect that from phishing or other attacks.

Having all of these capabilities on a single cloud-delivered platform was extremely important to us. We also liked how well Prisma integrates with other solutions. Other solutions offer the same functionalities Prisma does when it comes to Zero Trust, CASB, and SD-WAN within the Microsoft Cloud. Prisma helps us protect our customers when a user isn't going to the Microsoft Cloud. 

Prisma also helps with traffic analysis, and that is controlled through the Manager. We can see what websites individuals within organizations are going to. For example, we can do cybersecurity analysis, such as phishing and so forth, to determine the cybersecurity risk of a particular site. While Prisma is doing that, we're also sending those Prisma files to our security operations, and they're also doing the analysis. In addition to threat detection, we're doing threat prevention. URL filtering fits into that category because we can determine what website an individual was able to access.

Prisma does segmentation either through the management of user groups or according to network access. Prisma provides millions of security updates per day, which is crucial for my government customers and business partners. It helps us keep up with security violations or phishing attacks by bad state actors. These threats are dynamic.

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

We've been using Prisma Access for about a year.

Prisma is stable. It works as advertised.

Prisma is highly scalable and global.

I rate Palo Alto's tech support 10 out of 10. It's outstanding. But I'd like to highlight the difference between technical support and government technical support because it's two different beasts. I'm talking about Palo Alto's government technical support. They have a separate set of personnel inside the organization that handles government customers.

Positive

Setting up Prisma is pretty straightforward. It takes around an hour to get it up and running. The amount of time needed to fully deploy Prisma depends on the size of the enterprise and the number of units, groups, endpoints, etc. Pre-deployment preparation also varies according to the size of the enterprise. It takes about a couple of days for a medium-size organization. You have to set up the architecture, determine who the users are, set up the IP schema, establish your Zero Trust scheme, set up network access, and send your log files over to the site. All of that takes about three days. Two network engineers can handle setup and deployment. After that, Prisma can be maintained by normal networking staff and at least one engineer.

Integrators from our partners at Tech Data help us deploy. We also get help integrating from my engineers over at TOSIBOX, our proprietary VPN solution.

We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions. 

We looked at other competitors, including Aruba, HP, Cisco, and Microsoft Enterprise solutions. 

I rate Prisma Access nine out of 10. It has been constantly changing since it was released. Palo Alto is the leader in all these technologies on the Gartner Magic Quadrant. 

I would advise anyone considering Prisma to look at their endpoint protection and evaluate how it fits in the overall enterprise solution, including integration with operational technology.

I use the solution in my company for our remote workers and branch access.

The product's price is an area of concern where improvements are required. The solution's price should be lowered.

Our company faces some issues during the product's configuration phase. The product's configuration part is slow and not very effective. In my company, we have to change the configuration multiple times to make it effective. The configuration part of the product can be improved.

The product's support team needs to improve the quality of services offered.

I have been using Prisma Access by Palo Alto Networks for a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a ten out of ten.

The product is suitable for medium to large-sized companies.

I have experience with the solution's technical support. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet FortiEDR.

The product's initial setup phase is simple.

The solution is deployed on the cloud.

The solution can be deployed in a couple of hours.

Zscaler is a good product. In terms of features, Prisma Access by Palo Alto Networks and Zscaler are at the same level. Prisma Access by Palo Alto Networks may have an advantage over Zscaler in terms of security. Palo Alto Networks comes from security vendors, and Zscaler is available from cloud vendors. When it comes to simplicity and connectivity, Zscaler is better than Prisma Access by Palo Alto Networks.

The product is secure for remote workers since it has many cloud-based facilities that can offer protection.

The product can provide improved access to those clients who do not directly go to SaaS applications but prefer to use such applications via Prisma Access since it provides security policies to help secure the network traffic.

For security needs, the product's security profile is good.

I have experience with the product's GlobalProtect VPN feature, and I feel that it works fine. The feature also allows the customer or client to go through a tunnel to Prisma Access.

The integration of Prisma Access with Palo Alto Networks can provide a better security posture. The integration of Prisma Access with Palo Alto Cortex XDR is the best, especially when our company sends the logs from Prisma Access to Cortex Data Lake. My company gets a full view of the attack part, consolidation, and timeline of the attacks in Palo Alto Cortex XDR.

I recommend the product to those who plan to use it.

I rate the tool an eight out of ten.

It can be used for remote access to web applications and to grant secure access to users.

I've mainly used their solutions for VPN connections from mobile devices. 

It's quite reliable and performs well for users.

It wasn't so satisfying to work with it. There is room for improvement in the policy management. It is difficult to cover the entire scenery through Palo Alto products. 

In future releases, more focus on integrations would be beneficial, along with improvements in policy management.

I am familiar with this product. 

It seemed quite a stable product. 

We have a couple of customers using this solution. 

The initial setup was relatively easy, but there were complexities due to the policies we had to generate. 

I was more of a user than an administrator. However, the deployment process seemed quick.

Primarily setting up the software. The team involved in the setup handled the rest.

One person is enough for the deployment. 

From the management side, I'm sure there are several people involved. From an end-user perspective, it's very simple. It likely doesn't need more than one person to manage it.

Overall, I would rate the solution a seven out of ten.

We use Prisma Access to enhance security control on endpoints in a hybrid workplace. Everyone in my company uses Prisma. It's about 500 users.

Prisma covers web-based and non-web apps, reducing data breach risks. In addition to protecting web traffic, it can replace the VPN. Instead of using a separate VPN, we can route all the traffic to our office through Prisma Access. 

The solution improved the consistency of our security controls and the BCP. There has been a 20 percent reduction in TCO. Prisma Access also enabled us to deliver better applications by centralizing security management. Because it is a SaaS solution, the system admins don't need to worry about technical implementation, updates, or anything happening on the backend. 

The most valuable features are the Secure Web Gateway and firewall as a service. Prisma Access protects all internet traffic. It isn't limited to apps. Currently, it covers more than 90 percent of our web traffic.

Autonomous digital experience management is another essential feature that provides a level of end-to-end visibility that most other solutions cannot offer. ADEM's real and synthetic traffic analysis is highly useful.

The benefit ADEM provides to the end-user is pretty indirect. It gives a system admin some evidence to show the user that the problem may not be on the user's side rather than a system issue.

Prisma Access features like traffic analysis, threat protection, URL filtering, and segmentation are critical because our use case is a hybrid workplace. Users are working worldwide, so we expect security to be consistent anywhere, not just in the office.

It updates weekly. Because it's a SaaS solution, they don't tell you what is updated on their side, but if an update is on the user side, then they update it once weekly or biweekly.

If I had to rate Prisma Access for ease of use, I'd give it two out of ten. It's easy for the users, but it's difficult for admins to configure. 

I have been using Prisma Access for less than a year.

Prisma Access is stable. 

Prisma Access is scalable. 

I rate Palo Alto support seven out of ten. They sometimes take a long time to resolve complicated issues. 

Neutral

We tried Zscaler, but we switched to Prisma because of the price, and Palo Alto was better suited to our business requirements. Palo Alto is one of the best choices for regional deployment, but Zscaler is better for a global use case.

Setting up Prisma Access is complex. You cannot deploy it without help from Palo Alto or a Palo Alto partner. They are the only ones who can do the configuration. It took us about four months to get the solution up and running. We need about two IT staff to provide user support for Prisma, but Palo Alto handles all the updates. 

The licensing model isn't flexible enough. It's an all-or-nothing model. Other providers in the market allow you to buy modules or add-ons separately. With Prisma Access, you have to purchase the same module for all users.

In addition to Zscaler, we looked at Netskope and Cato Networks.

I rate Palo Alto Prisma Access a seven out of ten. It's not suitable for organizations whose users are primarily in mainland China. Prisma Access is excellent if you use most Palo Alto products, but Prisma Access might not be the best solution if you only use one of their products. 

It's crucial to define your business requirements well from the start because a Palo Alto solution can't quickly adapt to the changes that you need. If Palo Alto satisfies your initial conditions, it may be the cheapest solution at the time. However, if you need to make a change in the middle, the price can go up drastically. 

Prisma Access GlobalProtect is our always-on VPN. We use it for URL filtering, to make sure people don't go to websites that are not permissible according to our security policy, such as gambling and pornography sites. We also implement Data Loss Prevention and decrypt the packets so that we can analyze the inside and make sure that nobody is trying to exfiltrate data. It's always on and it doesn't matter if you're in an office or at home or in a coffee shop or a hotel. 

We also use their service connections to access our internal services through them.

Since everybody is on the network all the time, it's allowing us to eliminate the step of having to connect to a VPN. That's the whole premise of an always-on VPN. Nobody has to think, "Oh, I need to get on VPN before I can connect to that server," or, "Oh, my VPN timed out because I've been on for 12 hours." The whole premise is that you're constantly on a VPN and it's constantly securing the system. That has helped from an end-user perspective. It hasn't come without its challenge, but that is one thing that is definitely a benefit.

In terms of security, it's definitely better than what we had because a user could just disconnect from the VPN before. They couldn't shut off the cloud proxy, but the cloud proxy only handled web-based traffic. If they wanted to FTP to a server, when they were connected to the VPN, it would get blocked. But they could just disconnect from VPN and then connect to FTP. Now, it goes through more security controls. So we are definitely more secure because of it. But it's just a completely different technology; it's more because of that than the product itself.

It's also somewhat of an alternative to SD-WAN. We had been looking at SD-WAN solutions and, realistically, the way the users are connecting now with Prisma Access, there's really no need for it.

It's an always-on solution and it supports both Mac and Windows. We have one configuration globally, and the only area where we had to do something differently is China.

Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. 

It also allows us to access non-web apps; anything internal that we need access to, we can access. Because we're using it as a VPN solution, our users are always on the internal network, regardless of where they are. They can't do anything because we lock them down so that if GlobalProtect doesn't connect, they can't get out to the internet. It's helped in that there were things that people would work around in other ways with our old model, things that they can't work around with the new model.

Also, having a single cloud-delivered platform, a global solution, was a key requirement for us.

We use the solution's threat prevention, URL filtering, and segmentation and they're all extremely important, based on what we're doing with the product. It's also very important to the business that Prisma Access provides millions of security updates per day.

We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this. We've had some very pointed discussions with the support organization and the development teams on those issues and on doing what we can to help remediate them as well. They have been more responsive now towards our needs but it's a work in progress. 

They're going from being an organization that supported physical hardware, the Palo Alto firewall, into the realm of a SaaS-based solution. As a result, they need to change their operating model, support model, and release model to support that SaaS-based solution. That is related to support, related to operational efficiency, and deployments of code. Those are the areas where they need to improve.

I've been using Prisma Access by Palo Alto for about a year.

I don't see issues yet in terms of its scalability. We have more capacity than we need, so I think it's fine. We have firewalls in every region and in every country that Palo Alto has available. It's fairly scalable.

We previously used Cisco AnyConnect for VPN and a cloud proxy solution for web-based security. We went from two products to one. The main purpose was to find a replacement for the cloud proxy solution. VPN just wound up being a good and positive outcome, in addition to it.

The initial setup was complex. It has taken us almost a year, but we have about 7,000 users. We're just finishing up the main deployment of 5,000-plus users. We had an acquisition earlier this year and that will add another couple of thousand users. There have been a lot of hurdles with the bugs that we hit in the product. The stability of the software has been our biggest challenge.

We did the deployment ourselves. In terms of maintenance, I manage the network engineering team globally, and our team is responsible for it.

We did look at other vendors when we were deciding on our VPN software and we went with Palo Alto for security reasons. 

My advice would be to wait until they fix the bugs. We've been on a pretty stable version for the past several months and haven't had any issues. But other users who are on the same version have hit bugs on a regular basis, and it has been a nightmare to try to support. We're waiting on the final update of version 5.2.9 to get some of these issues fixed, and we're also waiting on 5.2.10 to support Windows 11 and the new version of Mac.

It's a balancing act in terms of security and nothing is perfect. We do have Palo Alto hardware as well as the Prisma Access solution, so we're reliant on Palo Alto's security for a lot of our security needs. I think the security is adequate.

I like the product in principle and I would rate it pretty high, but the bugs that we've hit pull the score down a bit. And then there are the operational support issues that we've had with Palo Alto, in general, that contribute to the score of six out of 10, as well.

We use the solution to secure and monitor our traffic to the cloud. We are able to route traffic where we need it to go and It provides us with secure direct connectivity to our cloud application console.

There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI. The cloud server provides maximum uptime, controls, and overall strong security. 

I have received a lot of good client user experience from the solution.

There can be some latency issues with the solution that should be improved.

I have found when comparing this solution to others it is very stable.

The solution is scalable. We definitely plan to increase usage, many people are working from home and this solution makes sense being in the cloud. We encourage our organization to utilize the solution to its maximum potential.

Whenever we had to use the technical support they have been very knowledgeable about the issue we were facing.

I have used other solutions in the past and this solution has better security and conductivity in the cloud environment.

The initial setup is straightforward.

We did the implementation ourselves. The full implementation can take a while, it typically does not take more than a few days. However, the time is dependant on the environment in which the solution is being implemented. It should not take more than 20 days. 

Since this is a cloud base solution it does not require a lot of maintenance. The updates are done from the company side.

The solution requires a license and the technical support has extra costs. The licensing model could improve.

I have learned that moving operations to the cloud is a good thing. 

I rate Prisma Access by Palo Alto Networks a nine out of ten.

We're migrating customers from existing Cisco AnyConnect VPN to Prisma Access GlobalProtect VPN.

GlobalProtect VPN is a brand new concept compared to Cisco AnyConnect VPN. The huge difference is that if a user is working from home and needs access to Office 365, the way traffic is usually sent will potentially increase the delay. Some companies open split tunneling for users and they are able to send a request to Office 365 directly, but there is a loss of control from the network and security perspectives.

Since we started using GlobalProtect VPN, all the traffic is monitored, even for a user who needs access to Office 365. The traffic from the user's PC will connect to the closed and available VPN boxes, depending on the location. The traffic from that box will head to Office 365, meaning it will meet the performance and as well as security requirements. So that's one, the huge difference.

The other difference, in my experience with Cisco VPN, is that we normally control traffic based on source address, destination address, and destination port. But with Prisma Access, and using a lot of features from Palo Alto firewalls, we control the source, in particular, with the user ID or an Active Directory Group, instead of an IP address. The benefit for the user of using the user ID or Active Directory Group is in the following scenario. Suppose a user is usually in the United States but goes on a business trip to the UK. With a regular VPN, the user in the U.S. has a subnet. But when they travel to the UK, the IP just will be changed and there will be a totally different subnet. The access they had in the States may be lost when connecting from the UK. But using the user ID or Active Directory Group, the ID is always there no matter whether they are in the States, the UK, or anywhere else. That makes it more flexible for a user who is working remotely, traveling, or roaming.

In addition, performance-wise, a lot of applications have improved because the cloud-based VPN, based on the geographical location, provides a more optimized path and potentially reduces the latency. That provides better performance, but it depends on the applications.

Being able to use the user ID or Active Directory Group is one of the great features for control and providing more flexibility without worrying about IP addresses. 

Prisma Access has a lot of other features. Instead of VPN, its gateway is able to decrypt traffic and, potentially, inspect it. This feature is more likely to be used by companies using Websense or a proxy server. Prisma Access or Prisma VPN has merged VPN, firewall, and some of the Websense-type and proxy functions. This means that four or five components have become one now.

The solution also protects all app traffic, meaning that users can access all apps. All traffic is sent through the Prisma devices. Even a user who reaches Office 365 with a load closed location is still controlled by the VPN boxes, and from the security and network perspectives, we can still see all of the traffic, meaning everything is under control.

In addition, there is something called Pre-logon with Prisma VPN, which means before you log in to the PC with the user ID, domain, and password, the PC automatically connects to the Prisma VPN. That means you already have some basic access, like to Office 365. In case the VPN box is having issues, the user still has access to Outlook, Teams, Word documents, et cetera. The Pre-logon features make things really convenient.

Another nice feature for users is that Prisma VPN saves the user session for seven days instead of, with Cisco VPN, only one day. As a result, the user doesn't need to connect to the VPN every day. After a week, once it expires, they will need to log in with the username and password, but it still keeps the security intact.

There is also the ability to do a HIP (Host Information Profile) check. We can check things like whether a device's operating systems are properly patched, that the antivirus software meets security requirements, and that the hard drive is encrypted. The latter is important because if the laptop is lost, the data can be stolen. A HIP check enables us to make sure the endpoint maintains the security requirements. That helps make things more secure.

And as a cloud-based solution, there are a lot of redundancies. I'm in Canada and have a gateway in Canada. In case the getaway or VPN box in Canada dies, they will automatically reroute me to New York or any other location that is available. In addition, if the cloud-based solution has an issue, we still have the on-prem firewall or VPN in place in our data centers, which means everything falls back to something that is just like Cisco VPN, but it is Palo Alto. But that is only happening in DR situations. The fact that Prisma Access is cloud-based also makes it easier to connect from our environment to cloud-computing environments.

I can't think of many things that need real improvement. But one thing that comes to mind is that when we deploy firewall rules via Panorama, we find it's a little bit slow. We have a global environment and might have 100 gateways or VPNs in the cloud. When we deploy something, it tries to deploy it one-by-one, and that can be slow. For example, one time we pushed a firewall change and the changes took about 10 minutes to finish up. If they could optimize the whole process to speed up that kind of deployment, that would be especially helpful.

I have been using Prisma Access by Palo Alto Networks for close to two years, including the testing and eventually working on it in the production environment.

As of now, we have deployed it for 25 percent of our employees globally and, so far, it has been stable. We haven't seen a situation where it is working one day and totally stops working the next. 

There are still some bugs and sometimes we encounter issues and we have to open a case with Palo Alto to ask them to fix things. Because this is a new solution in the market, having been introduced two or three years ago, the overall stability is good, but they can still enhance that aspect even more.

The scalability is pretty good. Since we bought it, we have added more and more users and had no issues. And because it's cloud-based, they can add VPN boxes in the cloud and, for us, that process is transparent, which is pretty good.

All in all, tech support has satisfied us. We are a big customer, and they have two tech engineers working with us when we deploy and when we do a migration. We always have them with us, especially via conference calls.

The support is timely, but there is still some room for improvement because, when we open cases with them, some agents are not as timely about fixing problems as others.

But overall, we are satisfied with their services.

Positive

The initial setup was not too complicated, but it still took a little time to get familiar with it. The good thing is that Prisma VPN uses our existing Panorama centralized management tool, which we use to manage Palo Alto firewalls and VPNs. Because the centralized management tool is very familiar to us, it helped us in using the new solution. But, of course, since it is a cloud-based VPN, it did take a little bit of time to get used to, but after we got used to it, it became straightforward.

It is pretty expensive. We have to balance the cost of some features. They need to work on some of the services and products, price-wise.

The importance of the combination of the solution's traffic analysis, threat prevention, URL filtering, and segmentation depends on the business. Some business lines are very critical so we might potentially apply more features to them, but everything has pros and cons. Applying more features potentially slows down the performance, so we have to balance between security and performance. But so far, in most situations, we don't have any concerns because we already apply the HIP check to make sure the laptop side meets all kinds of security requirements, based on our internal policies. Also, we are able to see all the traffic logs. Even though it's a huge amount of data, and we're not currently doing so, we're potentially able to investigate or analyze things. 

It is a good solution and a new direction for many companies, especially big companies with global offices. Overall, the security that Prisma Access provides definitely meets our security requirements. Otherwise, we wouldn't be using this solution. The majority of companies, including a bank or any other financial company, should be happy with this solution.

In this pandemic, users want to work remotely and that means we need centralized control of remote users, our branch offices, and the head office. Prisma Access collects everything together and provides us with centralized management, enabling us to manage all our locations and users globally.

It manages on-premises networks, but it has its own infra in the cloud.

The ability to manage networks reduces costs for our organization. Suppose I have four offices and all four have a firewall device. All of those firewalls will have separate licenses, and each office will have a separate internet connection. The Prisma Access solution means we only need one router at each office and all the internet connectivity will go through the solution. That definitely cuts our internet costs.

It is also very important that Prisma Access provides all its capabilities in a single, cloud-delivered platform. For mobile users, without Prisma Access, I would have to control their traffic through on-premises networks and give them on-premises internet. Suppose that one of those users does not connect through the on-premises VPN. That user would then have access to and control of whatever he wants. The system might be compromised through unauthorized access. That's why, from a security perspective, it is very important to control this type of situation. We could control the system without Prisma Access, but that would require additional solutions. We would have to add another security client to the user's system. With Prisma Access, instead of having two solutions, we have one solution.

Prisma Access gives us security from a single point. It controls mobile users and determines how secure their networks will be, including from where they will get internet access. We can optimize things and add security profiles centrally.

Another valuable feature for mobile users is the GP VPN access. It provides security and a firewall as a service, including threat and vulnerability protection. From a security perspective, it is very good.

I haven't seen any SD-WAN configuration capability. If Prisma Access would support SD-WAN, that would help. There are some trending technologies in networking with SD-WAN. SD-WAN is nothing more than optimizing your WAN. SD-WAN devices should be able to reach Prisma Access, and Palo Alto should support different, vendor-specific devices, not just Palo Alto devices, for SD-WAN configuration.

Also, Palo Alto only provides corporate licenses. If they would give a license to a non-corporate email ID, for testing and a pre-trial, that would be really great for users to practice with it. Everybody could explore it. Or, for people who are not working in a corporate environment and who want to explore this kind of setup, it would enable that type of test access on a personal email account.

I have been working in networking and security for eight-plus years. I work on various infra including routers, switches, firewalls, and different cloud services. I work on various vendors' solutions, such as Fortinet, SonicWall, Sophos, and for the last four years, on Palo Alto.

Prisma Access is a subset of Palo Alto Networks and is a product they recently introduced. We just recently heard that our organization was planning to use the Prisma Access solution.

I cannot evaluate the stability based on my limited experience, but I recently called a colleague in a different organization who has been running Prisma Access, and he said it is going well and that he has seen good stability.

We have more than 10,000 users and 40 Palo Alto firewalls, located in different regions. They were involved in the PoC. In the future, we are planning on having Prisma in production.

Palo Alto support is very responsive. They respond immediately and they are very kind and very knowledgeable. They work on cases by priority. In general, when we call them, we are able to talk with them without much delay and they provide solutions that have met our expectations. 

I would rate their support at eight out of 10. I deducted two points because sometimes they do have a very busy schedule and every engineer is busy. Once we reach them, everything works fine.

Positive

This is a new implementation for SASE in our organization.

The license activation process is very straightforward. When we purchased Prisma Access, they provided a link and, from there, we had to add the serial number of our existing Panorama. After that, everything happened automatically. Once that management setup was done, we were easily able to add a rule and do other configurations.

Our deployment did not take a long time. However, our infra is very big. While the initial setup was done in four to five hours, finishing everything took us one week.

If you are planning on using the SASE model for your organization, I would recommend Palo Alto Prisma Access. It works well, based on my experience.

I have come across many firewalls and I have hands-on experience with various devices, but Palo Alto is the best for everything. It is the best device for infra security. It not only has security, but it works well when it comes to routing and switching.

Overall I would rate Prisma Access at 8 out of 10. It gives us centralized management and reliability, scalability, and ease of configuration.