Prisma SD-WAN Reviews

We used to have Panorama. Panorama is the centralized management platform for all the firewalls. In terms of centralized configuration management and troubleshooting, all the firewalls in the network are managed. 

Prisma is one step ahead, and it is a one-stop solution. Firstly, we used a different type of global coding VPN in our environment. For example, we use XYZ VPN to connect to the production network. We were using four to five types of VPNs. Prisma is the global VPN solution that it offers. They connect to Prisma via a single gateway, even maintaining security and segmentation. It's the centralized solution for managing all the configuration and VPN solutions. We have service connections to our data centers in AWS and Azure. If there are any workloads in AWS or Azure, users don't have specific connectivity to AWS and Azure nowadays. They can access all the required applications from Prisma. 

When you log in to the Palo Alto hub, a website where they have all the cloud-hosted portfolios, you will see many custom applications they are hosting in the cloud along with Prisma. For example, they have AIOps in the ignition firewall feature. 

Once you integrate that with Prisma, you have a centralized view of your network's security-related services. For example, you can see which firewalls have the antivirus profile enabled and which firewalls are missing this profile. You get a centralized view in a single dashboard. Additionally, for individual firewalls, whether physical servers or cloud-based firewalls, you must manage all these security policies, NAT policies, interfaces, etc. In Prisma, you manage everything in a single dashboard or configuration. Based on the service connection, you modify the route to have granular control of all the networks, making it quite useful to manage everything in a single dashboard.

Accessibility could be improved. Any new person attempting to access Prisma will have difficulty. It doesn't have CLI available. Only you can manage it via the GUI. There are specific tasks for basic functionalities, but on Prisma, the structure of all the tabs or the management functionality is slightly different. A newbie will take some time to understand the functionality of each tab and the significance of any changes. Once a person fully understands, they should get admin access to make changes.

I have been using Prisma SD-WAN for ten years.

The solution is hosted in a cloud. So, they have many backup instances running in the background.

Prisma SD-WAN is scalable, though specific cost parameters are associated with it. The scalability depends on the type of license you are using. However, with the appropriate licensing, it is very easy to scale.

We are a partner for Palo Alto Networks, and our organization has been using Palo Alto solutions for a long time. You can access Prisma through the Palo Alto support portal with all the necessary firewall licenses. Depending on the type of issue, you can create support cases such as P1 or P2. Regarding support, we have not experienced any problems in the last two and a half years.

Positive

Prisma SD-WAN is a highly reliable solution that, once you're familiar with it, makes switching to another vendor challenging. It stands out as a user-friendly brand, offering simplicity across all parameters.

Prisma SD-WAN automates and consolidates real-time data from all firewalls within a network into a centralized state. They display the security score on the dashboard and offer highly customizable dashboards. This allows real-time monitoring and provides step-by-step guidance for basic troubleshooting. In networking terms, it simplifies the tasks typically handled by Level 1 users, from monitoring to troubleshooting, making their jobs significantly easier. Additionally, it enhances layer-two email capabilities for more effective analysis.

Deployment is very easy. It's cloud-based, so you can configure a service connection using a primary routing protocol.

We achieved cost savings. We eliminated all VPNs, including decommissioning on-premises firewalls that hosted the VPN solutions. 

Since Prisma SD-WAN is a relatively new product, so its pricing is higher. However, the advanced functionality it offers justifies the cost. Business needs ultimately determine pricing, and financial organizations or banks typically prefer this technology for its granular control over network security. We have purchased a license for three service connections in our environment, which meets our requirements. 

We have service connections to the cloud and on-premises. Cloud-based intelligence synchronizes between them. So, in terms of traffic shaping, there is too much segmentation on the granular components there because, based on the service connection, you are managing your Rapid Protection and SASE policy. Various contexts are available. Based on that, you can negotiate your traffic policy.

Maintenance depends on you. There are autoscaling tasks available. You can schedule these tasks based on network downtime. For example, you can perform dynamic or certificate updates at your convenience using autoscaling. If most of the traffic in Prisma is coming from the US server side, you can schedule your jobs during off-peak hours. These jobs will be automatically installed and updated. This flexibility allows you to choose whether to perform manual or auto-updates based on your convenience.

Integration requires a service connection, which might have limitations. You may need to purchase an additional license for that. However, you can integrate various infrastructures if you have a service connection. Additionally, it would help if you used some protocols. 

The choice of Prisma SD-WAN depends on the specific environment in which a business operates. For instance, in our case, we have exclusively used Palo Alto firewalls from the beginning. This made Prisma a particularly advantageous solution for us due to seamless installation, implementation, and operational efficiencies. Our longstanding use of products from the same vendor reinforces this suitability. However, the decision ultimately hinges on the business requirements and the nature of the customer's network environment. Some customers may use FortiGate firewalls or a mix of different vendors' products. They need to evaluate whether transitioning to Palo Alto and then to Prisma makes sense, which could involve a two-step process. Transitioning to Prisma could be more straightforward if a customer already has an existing setup integrating various vendors' solutions across their network. Therefore, the recommendation for Prisma SD-WAN depends significantly on these factors. I recommend it to those considering such a transition.

Overall, I rate the solution a ten out of ten.

We have introduced many applications for our clients and they need to launch with very minimal latency. Running them through traditional processes is not sufficient for our network or for our customers' or clients' satisfaction. We have moved to the SD-WAN approach.

Our traditional network using Cisco routers is quite old and it's not very intelligent when it comes to troubleshooting. Prisma SD-WAN is very helpful for our network.

SD-WAN is very

• flexible
• easy to deploy
• easy to troubleshoot.

When it comes to supporting large, complex, network architectures, it's a very simple architecture. The main component is the fabric. It's very easy to troubleshoot if there is an issue happening in the underlying network. More specifically, there is a bypass feature that is very helpful.

And CloudBlade makes automation easy. We can check the logs because it collects the data from all the branch sites and analyzes the data. Those features make it very helpful for large networks.

It also has very high capacity and it can retain and analyze many thousands of connection and application details.

From a security point of view, it can analyze and filter the packets and detect malware and other anomalies in the packets. That feature is also helpful for a larger organization.

The hardware is more robust. When we are rebooting and resetting a device, it is very flexible. It reboots in between 10 seconds to three minutes. It's also quite easy to deploy and troubleshoot in a real-time scenario in the field. If something hangs at the hardware level, it recovers quickly.

Overall, the hardware, security features, and automation are a few of the key points that will help a large organization.

Also, WAN management is quite flexible and if something goes down it triggers an alert on the graphical user interface and the end-user or operations team can act accordingly. It has a very good feature, LQM (Link Quality Monitoring) that calculates link quality metrics and populates them on the dashboard. For WAN management, it's a good feature.

Event correlation and analysis capabilities do not help minimize the number of alarms from a single event. That is the problem. We are getting a lot of incidents, and there is some issue with the correlation. That is still a drawback. Sometimes we get many alerts when a device is going down, and when it goes up again the alerts are not automatically cleared. Some type of modification is required.

Another drawback I have observed is that Prisma SD-WAN has a tunnel to the Zscaler endpoint. It forms the tunnel through an API call and that is not sufficient from the client side. Improvement is needed to the parameters they're using for the Zscaler endpoint. There are new features, new protocols, that need to be applied so that it can be checked and work properly. Improvement is needed from Prisma to the Zscaler endpoint because when the tunnel goes down, there are no intelligent parameters, like an alert timer.

I have been using Palo Alto's Prisma SD-WAN for the last two and a half years, for my client.

The stability is very good.

The scalability is also good and robust.

We have a portal so that when we are facing an issue, we can get with the support team and raise a case.

Neutral

Previously, we were more aligned with a traditional network which was our Cisco routers. They were not intelligent, or multi-application oriented. SD-WAN is application-oriented and we can analyze the logs. There are many intelligent features. The troubleshooting is also easy.

Our network is very large. We have more than 10,000 routers and switches, and more than 600 sites. We have legacy, traditional Cisco, Juniper, and other routers, and most of them are at end-of-support.

With Cisco, there is a control plane and a data plane and so many protocols. By comparison, Prisma SD-WAN has flexible solutions. There is no complexity due to protocols and the control and data planes. It's very simple and it's also easy to understand the traffic flow.

The initial setup of Prisma is very straightforward. It took us one to two hours, maximum. We did it ourselves, following a setup process. 

There was an issue because some applications do not support this SD-WAN and the application packets are dropped by Prisma SD-WAN. There were a couple of challenges for us. Even now, after one year, Prisma SD-WAN is not supporting an application. Its packets are getting dropped. That is one of the drawbacks.

It has been deployed in a hybrid model. On the branch side, we have Instant-On Network (ION) 2K and 3K, and at our DC sites we have ION 9K and a hybrid model. And from the branch to DC there is a fabric running via the internet.

It doesn't require any maintenance. It's a one-rack-unit device. It can be placed in any small rack and requires only two internet connections and little power in DC volts.

It's worth the money we are paying for the features and availability and stability of the network.

The solution also gives us deep application visibility, with Layer 7 intelligence. Traffic engineering is not working on our side. That generally works on the ISP network. There is a security feature in Prisma and a security path setting. We need to create a policy and a zone and mention the policy rules in the zone. It will bind to the security binding and we can apply a global security policy.

We use Palo Alto Prisma SD-WAN to stay connected between branches and headquarters. It's very well developed, easy to manage, and very secure for us. Without Prisma SD-WAN, we would rely solely on the firewall for VPN, which is not as beneficial as using software-defined WAN. 

The dynamic routing in Prisma SD-WAN is high-speed and valuable because it quickly adjusts, so users do not realize the link is down. The traffic shaping feature is also handy. In branches with poor internet connections, traffic shaping allows us to restrict and manage bandwidth effectively. This ensures no single user can consume all the bandwidth, and it reserves equal parts of the link for all users. For example, we can share the link equally in a small office with ten people. Prisma SD-WAN is highly effective in handling network failovers and ensuring business continuity. It includes redundancy, failover capabilities, and extensive monitoring tools. If one customer experiences an attack, updates are provided to all other customers to prevent similar threats.

The pricing for Prisma SD-WAN needs improvement. It's a perfect solution, but its price is above the market average. An additional feature that can be introduced is the inclusion of a remote browser solution with the same license as Prisma SD-WAN. This could complement and improve the overall solution.

I have been using Prisma SD-WAN for the past year.

I would rate the stability a nine out of ten since it schedules some updates but still offers high stability.

The manager runs on the cloud, which indicates that there are no limits. We can manage many branch offices as our company has about thirty branches, which is quickly done with this solution.

I rate the scalability of Prisma SD-WAN ten out of ten.

We previously used Cyberoam without an SD-WAN license, relying on the older method of VPN with private links and no dynamic routing.

The setup was pretty straightforward and can be deployed by any senior analyst. We required five specialists for deployment, including network security analysts and one project manager. We also needed two guys from the partner for the deployment.

The deployment took about forty days. We designed the architecture, defined the topology, and planned the logistics to change the equipment without stopping work at the branches throughout the country. After creating the implementation methods using the manager, we scheduled Windows to turn the solution on and switch from the former solution to the new one.

I would rate my experience with the initial setup of Prisma SD-WAN as seven out of ten.

Regarding ROI, I think it takes about two years, or twenty-four months, to see the return. We replaced older technologies like MPLS with more affordable broadband links, allowing us to equip branches with multiple broadband links that are cheaper than MPLS.

It is more expensive than Fortinet.

We evaluated other options, including Fortinet and Aruba, before choosing Prisma SD-WAN. We decided on Prisma SD-WAN because of its cloud-based composition, extensive features, surpassing Fortinet, and lower cost compared to Aruba.

I recommend doing a POC before buying Prisma SD-WAN. This helps you understand how the solution works, clarify doubts with Palo Alto specialists, and make a preliminary design for implementation. This way, you can identify all costs involved and avoid surprises post-purchase.

Regarding AI, I know Prisma SD-WAN is connected to Palo Alto's data lake and monitors threats using AI, but I don't see how it works. However, it does help optimize our network.

Overall, I rate Prisma SD-WAN as nine out of ten as it is good but not perfect.

Prisma SD-WAN offers the same functionalities as Palo Alto CloudGenix, but my company uses it for different clients who operate retail chains. All the places where I have seen a big business setup, consisting of the head office, warehouse, sales office, and different kinds of offices for a particular area of business, require everything to be connected with their data centers, which is one of the main requirements of a business for which Prisma SD-WAN is required. Depending on the needs of my company's customers, we suggest Meraki, CloudGenix, or Juniper since the basic nature of all the aforementioned products is the same for a multi-point business setup.

The solution's most valuable features are that it is easy to onboard and its features are easier to understand. Prisma SD-WAN's features are similar to Cisco Viptela. Prisma SD-WAN is less costly than Cisco Viptela, but it did its job well. With Prisma SD-WAN, it took me a week to understand the concepts. In a month's time, I was able to deploy Prisma SD-WAN, so it was very easy and good. Users can cover up for the lack of support with the level of ease that the device provides you to interact with, so it gives confidence to its users. Whenever you go to the support, you are confident about what the issue is in the tool. Juniper, which functions on a Linux-based architecture, allows only a Linux expert to work on it, but a normal network technician cannot work so smoothly on it. The ease of troubleshooting and deployment are two main features that are better in Prisma SD-WAN compared to its competitors.

There are some small issues in Prisma SD-WAN's area related to bypass pair or couple ports related to redundancy. Sometimes, during the product's initial setup phase, bypass pair or couple ports don't come up normally, and it requires an hour and a half to troubleshoot to reset the box from Prisma SD-WAN to factory default. Prisma SD-WAN has some minor issues in its physical port, especially in bypass pair or couple ports. Bypass pair or couple ports are not abnormal ports. It is just that the aforementioned ports behave differently. If Prisma SD-WAN can fix bypass pair or couple ports and make them robust enough to work after the initial setup in the first attempt, then it can save a lot of time. The physical device's bypass pair or couple ports generally have issues.

I have been using Prisma SD-WAN for three years. My company has a partnership with the product.

It is a stable solution. Stability-wise, I rate the solution a nine out of ten.

The solution has some issues related to bugs, but in my company, we can fix them.

The product's scalability is good since my company has never found any issue with the traffic load or the memory utilization part. Scalability-wise, I rate the solution an eight or nine out of ten.

I have dealt with around 100 sites with small setups, so I can say that around 1,000 to 2,000 users use the solution.

Prisma SD-WAN has some support issues, but not much since it can be handled.

There are certain areas where the support team of the solution lacks.

I would say that the support team can easily find the root cause of the problems related to the product in a very short amount of time, but the support team's availability is not good. If we have a P1 ticket now, which needs to be given priority owing to its severity, the product's support team takes nearly two hours to join, which doesn't help us solve the problem even though they are good. In our company, every time we have some activity, we pre-plan it, and we ask the product's support team to join us irrespective of whether we have an issue or not so that in case we face an issue, we can get help. The support team might not be available to help our company even if there is some severe issue.

I rate the technical support a seven out of ten.

Neutral

The product's initial setup phase is straightforward.

The solution can be deployed in a day or two, considering it is done from my company's customer's branch office.

I have seen a return on investment in the sense that earlier, the customer used to work on the legacy network where it usually took time to set up the network, and once the network was set up, it worked fine, but, again, if you want to change something in the network, it takes time. After implementing Prisma SD-WAN in an environment like this, it can be described as offering more automation on the WAN side, so if you add a new service, you don't need to redesign the network. You just enable the service you want on the box from Prisma SD-WAN, or if you have some specific parameters, the box will take care of them under the service default list. In Prisma SD-WAN, voice is always prioritized, and data is less prioritized. Whatever services you have in your network, you can just add, and the device will take care of them, as it knows that a particular service may have four links, it knows from where it needs to send it, and if the service goes down, it knows by default where it has to send a link, so there is no manual intervention required. By considering the solution's base, we can say that it offers good scalability, as a user gets to see an increase in network readiness and uptime.

I recommend the solution to those who plan to use it. As per market standards, the product is doing good.

I rate the overall tool a nine out of ten.

We use this solution to enable better connectivity for utilizing the more available Internet broadband lines instead of the expensive MPLS lines.

The solution is deployed on the cloud. I'm using version 5.4.

There are 15 people using this solution in my organization, including network and security engineers. We currently don't have any plans to increase usage.

The reliability of the solution has improved our organization. We don't have any downtime unless there is a power outage. The network is more resilient and faster. It delivers applications in a timely manner. The performance has greatly improved due to the expansion of bandwidth and a reduction in costs. 

MPLS lines are the most expensive lines. After changing to a broadband line, the monthly cost of running the network is completely different.

Prisma SD-WAN also provides Panorama integration, although we haven't used it.

We use Prisma SD-WAN's event correlation and analysis capabilities to help minimize the number of alarms from a single event, but this is all done from the dashboard. This feature has made our network operations much more clear and more concise. Sifting through numerous alarms, especially if they're for related incidents, makes it cumbersome to focus on the problem that needs our attention.

Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud. It provides seamless integration with the Prisma core networks and traffic web filtering. This simplifies our WAN management. 

We're able to have one place where we can configure pretty much all of the features of our network. We can designate a device to use a certain set of features, policies, etc. It's just a matter of doing its local configuration and it's instantly on. We don't have to configure each device from scratch. We set the policy, upload the configuration, and that's it.

The move to Prisma SD-WAN definitely resulted in a reduction in outages because we usually have one WAN link. Regardless of whether the internet access is used from the hub site, ideally, Prisma Access allows us to have local internet access through the branch side. The benefits are numerous in that respect.

I like that the integration with Palo Alto is easy.

The dashboard is okay. The dashboard gives us enough flexibility to get the information needed so that we can act upon any issues or data that is represented. It serves our purpose for our use case. Like with any other product, it takes time to get acquainted with it.

The only con is the pricing because it's more premium. 

I have used this solution for less than a year.

It's a solid product.

Scalability is not an issue. We can have defined policies, defined routing, etc. Onboarding new sites isn't a problem.

I haven't needed to contact technical support in the past year. The product is performing well. From what I know from my colleagues, the support from Palo Alto is usually great.

I wasn't involved in deployment, but I was told that it was pretty straightforward. It became complex because they did a full-blown deployment and configured everything. Palo Alto did the POC.

If you're already invested in a Palo Alto product, it would be logical to use this solution. If not, there might be some other solutions that are more viable in terms of pricing.

I would rate this solution a nine out of ten. 

My advice is that everybody should do a proof of concept. First, read the basic white papers on Palo Alto. If the product seems to suit your needs, contact them and see what the POC will be and what the pricing will be like. The pricing is different for different companies. Larger enterprises get larger discounts. This also depends on how many sites will be incorporated. There are many factors. It's not a simple decision, but at least you know the product is good. It's on the premium end, but that's what Palo Alto is all about. If you want a top-notch solution, then Prisma is for you.

Our security team evaluated the solution and couldn't find any lacking features. I think it's suitable for large and complex enterprises.

We are doing a proof of concept for Prisma SD-WAN and considering whether to migrate from our existing solution. We are attempting to replicate our existing technology and duplicate that traffic.

In POC testing, we're able to communicate from one site to another perfectly.

Prisma supports all of the applications we're currently using. 

Prisma could be a little cheaper. 

We are currently evaluating Prisma SD-WAN and haven't implemented it yet.

I rate Prisma SD-WAN nine out of 10 for stability.

I rate Prisma SD-WAN eight out of 10 for scalability. 

I rate Palo Alto support eight out of 10.

Positive

We are using an HP solution. Prisma SD-WAN is easier to manage and has more features. 

It's very easy to set up Prisma SD-WAN. 

Prisma SD-WAN is a good investment. 

I rate Prisma SD-WAN 10 out of 10. 

Prisma SD-WAN is a software-defined wide area network that allows us to programmatically reconfigure how remote office locations connect to each other or to a centralized repository.

The most valuable component of the solution is the necessity of utilizing an SD-WAN to implement Prisma Access. The solution allows our network to be self-healing in the event of a loss of connectivity between different locations.

Prisma SD-WAN can be built on top of a couple of hardware platforms, including the Palo Alto Next-Generation Firewall or the CloudGenix infrastructure. On the CloudGenix side, the ability to drill down into the details of connectivity issues and built-in firewall capabilities is lacking. However, you don't have those limitations if you build it on top of the Next-Generation Firewall.

I rate the solution’s stability ten out of ten.

We've been able to add new sites without any significant increase in effort to implement it. Around 1,200 users are using the solution in a rental car company.

I rate the solution an eight out of ten for scalability.

The solution's initial setup and configuration were very problematic. However, once we got all the issues worked out, it has been working pretty much flawlessly.

Positive

We had significant issues getting the tool operational with the CloudGenix base for the SD-WAN, but once it became operational, we had no issues with it.

Four people from our side were utilized to deploy the solution, which included me, two network engineers, and one security analyst. We also had to rely heavily on the professional services of Palo Alto and a third party.

Prisma SD-WAN is a pretty expensive solution.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing an eight out of ten.

Before choosing Prisma SD-WAN, we evaluated other tools like Cisco Umbrella, Zscaler, and BeyondCorp. At the time, Cisco Umbrella was incomplete. There were SaaS features that it had not yet implemented. BeyondCorp was still in production without a complete product yet released.

Zscaler was missing some of the core features and functions, and it had stability issues and some security breaches. Palo Alto was the last one standing, and it was far superior even in the definition of the capabilities of what was supposed to be included in the other tools.

Currently, we have just one person responsible for maintaining or making configuration changes for Prisma SD-WAN. Prisma SD-WAN has allowed us to reduce our telecommunications expenses by about 50%.

If you want your SD-WAN to be feature-rich, build it on top of the Next-Generation Firewall. If you just want to get it up and running, the CloudGenix solution is the better option.

Overall, I rate the solution an eight out of ten.

We are using Prisma SD-WAN for testing and training purposes on our side. We deploy it for customers.

Our customers using Prisma SD-WAN have seen multiple unique benefits, including a complete application SLA. They can track application traffic flow and route traffic based on application slowness or round trip time, providing complete security and the best network optimization.

The most valuable features of Prisma SD-WAN are its ability to utilize Internet plus MPLS optimization path to route traffic as per the SLA, and its seamless integration with other security stacks.

The pricing model could be improved to make it more affordable for smaller companies.

The implementation of the solution is easy.

We usually help customers to implement the Palo Alto solutions.

Customers have seen significant ROI benefits.

Pricing can be an issue. Some customers may find it unaffordable due to their budget constraints.

We have another vendor providing an SD-WAN box within a price range of 10,000 to  20,000 thousand INR, suitable for budget-limited customers.

Integrating Prisma SD-WAN with third-party solutions is definitely required and it is recommended to utilize its AI capabilities.