Cloudgenix ION 3000 Remote Office Hardware 8X5 NBD RMA
Mfg # ION-HW-3000-BASE
CDW # 4505074
Know your gear
The ION 3000 can be deployed in a standalone fashion with no data center device, enabling granular control and visibility for direct to internet deployment scenarios, or in conjunction with ION 7000s in the data center, creating a secure, full mesh fabric across the WAN.
Enhance your purchase
Cloudgenix ION 3000 Remote Office Hardware 8X5 NBD RMA is rated
4.50 out of
5 by
11.
Rated 5 out of
5 by
reviewer1752819 from
We haven't experienced anything ever go down. It has limited documentation on how it manipulates traffic.
What is our primary use case?
Initially, we deployed it in a hybrid fashion and were utilizing the Internet, but we had MPLS being defined on our WAN routers as well. While the MPLS link wasn't terminated on Prisma SD-WAN, it was helping us route traffic through it. This made the WAN routers kind of redundant since the solution creates its VPN tunnels from Internet links and we have data center devices where it establishes its tunnels. Therefore, if any MPLS goes down in any of our branch offices, it helps us route the traffic through them.
We have a site where we deployed its VPN tunnels through MPLS, not just the Internet. However, we still have some BFD issues there. Right now, we are transitioning our sites to all Internet circuit sites. We are deploying our Prisma SD-WANs there. So, it is just doing VPN tunnels through the Internet with no MPLS on all new upcoming sites.
We are transitioning into AWS.
How has it helped my organization?
When we deployed CloudGenix, we had Internet and MPLS links. We had to manually transition our VPN tunnels and shift the routing from MPLS towards the Internet in case our MPLS went down. During that transition, there were human errors. Sometimes, there was downtime, where the MPLS went down, and people were on a short coffee break when services went down. Then, people had to scramble, come in, and put in commands, typing in everything to just fail over the traffic from MPLS to the VPN tunnels. However, Prisma SD-WAN has taken that out of our minds, because it does that itself. It is pretty smooth. As soon as it analyzes that the MPLS has gone down, it starts to advertise branch routes to others through Internet VPN links. So, it has saved us a lot of time, effort, and cost from this aspect.
We haven't experienced anything ever go down. It sends traffic out, regardless of the fact that we aren't maintaining any SLAs on the Prisma SD-WAN front, because it is doing routing only. There is a traffic flow log where we can clearly see if it wasn't able to reach an AWS-deployed application over the Internet, then it sends the traffic over to MPLS. That transition is very smooth. It's not like we need to go into the aspect of saying that Prisma SD-WAN took time to fail over the traffic because it couldn't understand the cloud-based services. Therefore, we never had a need to define any SLA for its transitioning and work.
It decreases alarms in terms of network link failure. Many times earlier, we could miss some traffic that was being sent over MPLS. For example, if we had 15 applications routed over MPLS and that MPLS failed, we had to manually route all those back towards the Internet. Many times, we missed some applications and that resulted in new tickets trickling in. We then had to identify if the traffic was taking a default routing earlier. In that case, it was working over MPLS, but since MPLS is down, we have to now put in another route and advertise it over BGP so it is reachable over VPN. With Prisma SD-WAN in play, we don't need that because it analyzes applications, like Layer 7 applications, and transitions them based on our policies. We do not need to worry that we may have forgotten something or that Prisma SD-WAN may forget to fail over some stuff if MPLS goes down.
What is most valuable?
Its valuable features are its use of VPN tunnels. You don't really have to tinker with anything.
If the MPLS goes down, there is a really smooth transition for a branch site to take traffic over the Internet. It will advertise the routes of that site in a jiffy.
Its VPN tunnel creation is smooth. I have never faced any issues where it wasn't able to establish its VPN tunnels or had trouble doing negotiations. That is pretty awesome.
Prisma SD-WAN provides deep application visibility, along with Layer 7 intelligence. We can manipulate traffic on Layer 7. It understands the algorithm, packets, and which application it is, according to the traffic going through it. For example, we usually have traffic going out for Zoom. We wanted to understand whether Zoom had some new public IPs every now and then. In its early years, Prisma SD-WAN didn't have the correct signatures to understand that it was a Zoom application, but they have continued to improve it. They published that Prisma SD-WAN can now understand Zoom, as per its Layer 7 signatures. Now, we can pin its traffic over the Internet only. It analyzes the deep packets going out on an application basis. We can manipulate it as well on the affinity. So, we can state, "I do not want the video traffic to be going over MPLS if my Internet goes down. Just shut it off."
What needs improvement?
Previously, they were sending traffic from their data center primarily over VPN lines. This was the default routing behavior for them. We had routing policies in our branch offices, which basically did the routing on outgoing traffic regardless of where the traffic was received. If we had a policy that stated, "Do not send it back over the VPN. Send it over any other link." The data center understood that, because it has persistent routing enabled. It would send it over that link, then start sending it back over the link with the routing policy in effect. Recently, regardless of our routing policy, the data center devices keep sending traffic on the VM and our return traffic is sent according to our policy. This can now have some effect on stateful devices, which are in between, because they see traffic going in from another link and coming out from another link. They sometimes change their routing design and manipulations with their firmware, which shouldn't be happening.
We are incorporating their zone-based firewalls. Prisma SD-WAN has limited documentation on how it manipulates traffic, e.g., how it is interacting with TCP and UDP. We recently had some traffic that was black holing. We literally had to do packet captures to see that the new zone-based firewall, which runs on top of Prisma SD-WAN, was causing issues.
It is growing in its routing policy. Its transitioning is pretty smooth, but its maintenance is what takes time and understanding. From the maintenance aspect, if there are any issues caused by Prisma SD-WAN, you really need to dig down and troubleshoot. Many times, it is not evident from its traffic logs whether you can assert that Prisma SD-WAN is doing something wrong. You need to understand the interactions between Prisma SD-WAN and other networking gears. When you need to troubleshoot something, then you really need to dig down. Two or three people have needed to do packet captures so many times on different devices. So, if you are on a shift and four people are working, and there is a major routing issue, then you need at least two people to work on the routing issue and the other two people to cover the day-to-day normal operations.
We don't want our MPLS link to get saturated if the Internet goes down. This minimizes other application bandwidth utilization. So, it analyzes Layer 7 applications as well, e.g., we saw that with Zoom. We can also limit some web-based public IPs based on regions. We can apply a policy that states, "If it understands that this application is Zoom and the outgoing traffic is going towards these public IPs, put a strict affinity on them and just pin them on an Internet link. If the Internet goes down, then just drop those packets."
We are deploying the new zone-based firewall of Prisma SD-WAN into our network. The original CGX appliance and the new firewall do not always go hand to hand, because the former one is a stateless device and their new firewall is stateful.
If an event occurred and Prisma SD-WAN finds that event, it defines that in its dashboard. However, there is a gripe that it is not very good at defining traps and sending alerts over to third-party monitoring software. For example, if you have SolarWinds or LM in your environment, and you have people who are watching over those monitoring appliances' GUIs. Sometimes those alerts are missed because they are present over in the Prisma SD-WAN dashboard, but Prisma SD-WAN does not have that flexible communication with monitoring appliances. Therefore, we have experienced stuff where some traffic was pinned over MPLS and there were no secondary paths defined for them.
The MPLS went down and failed over everything to the Internet. Since we had it set for certain kinds of traffic to be pinned over on MPLS only, or the dedicated circuit, it didn't actually put out an alert. If you check its traffic logs, it states there that the L3 path reachability for this traffic has been lost and is being dropped. The policy control is a bit lacking with the event correlation because we do not get active alerts on our monitoring applications. We need to go into Prisma SD-WAN traffic flow logs to see if certain flows have been dropped.
For how long have I used the solution?
We have been using this solution for the past four years.
What do I think about the stability of the solution?
It is far more stable now than it was in its initial years. We used to face TCP proxies getting hung and their internal processes getting stuck. Our routes were not advertised in the first year of our Prisma SD-WAN being deployed. Those issues have been smoothed out and we no longer face them. Each passing year, we see less issues with Prisma SD-WAN. As of now, we seldom have any Prisma SD-WAN issues. So, its stability is growing. However, when you throw into the picture the new Prisma SD-WAN appliance, which is a zone-based firewall, then we have some complications like we had when we first deployed Prisma SD-WAN.
The downtime has been zero, if we have MPLS and Internet at our site. It has transitioned everything smoothly over the Internet. If someth...
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-01-04T00:00:00-05:00
Rated 5 out of
5 by
MohamedHassan1 from
Great connectivity and security with and easy initial setup
What is our primary use case?
The solution is used for multi-cloud and remote access for workers. On top of that is the CASB use case. We are going for zero-trust. If you want to implement zero-trust, this approach is very successful.
What is most valuable?
The mix between the normal gateway of my firewall and the other branches or the head office firewall is great. The gateway is available on the cloud which allows you to gain access from anywhere and still connect to your home gateway.
Also, if I want to access a resource on the cloud, it can be accessed from the nearest EU tower data center right from London, not from here where I am.
Its connectivity and security are great.
The initial setup is easy.
What needs improvement?
I'm happy with it as it is. Maybe they could introduce some new features that make things easier. That said, for me, I didn't find it lacking in any major way. It gives me all that I really need.
I'd like to see them move more towards CASB.
The solution does do a lot of frequent updating.
For how long have I used the solution?
I've used the solution for about two years now. Since they started, I've been using it.
What do I think about the stability of the solution?
The solution is both stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
We mostly deal with medium and large-sized organizations, specifically in retail and multi-national branches. It works well and can scale to meet the needs of businesses of that size.
It should scale well. We don't have a large implementation - which I would consider as 100 branches or more. Until now, we've been able to handle 35 to 36 branches without issue. It should scale. I haven't had issues yet in this regard.
How are customer service and support?
Palo Alto support is good. We are an old Palo Alto partner. We're not a customer, however, instead, we have our own setup with Palo Alto. It's not a limitation. They're good. Technical support has been amazing for us.
Which solution did I use previously and why did I switch?
I have used both Prisma SD-WAN and Juniper Contrail SD-WAN.
How was the initial setup?
We found the initial setup to be very simple and straightforward. it wasn't overly complex or difficult.
That said, it depends on how many sites it allows and what the complications related to that might be. If your setup is not ready, and you need to work on it, normalize it, and baseline it, it could take longer. That's it.
For us, for 20 sites, it took us two days to complete with just one resource.
In terms of maintenance, we receive the updates automatically. This is scheduled for the weekends. It's non-disruptive. The updates are frequent. They happen frequently and mostly on the firewall, or the ION itself.
What's my experience with pricing, setup cost, and licensing?
The solution is expensive. Its competitor, Zscaler, is far less expensive. It's half the price. I haven't however, tried it to compare them.
It's sort of like iPhone versus Android. They are both phones, yes, however, I don't care about the money, I care about the product. I'll choose an iPhone even if it is more expensive due to the fact that I love the experience I get from Apple. The same is true with Prisma. It's not cheap, however, I really appreciate the service they offer.
There are different ways they can deliver their services, and these have different costs associated. There's Prisma Access, Prisma SaaS, and Prisma Cloud.
What other advice do I have?
We are a Palo Alto partner.
We are a system integrator and not a customer. We're selling to customers right now.
We are using the solution with a SASE subscription, Prisma Access.
I've used both on-premises and cloud deployments.
I'd recommend the solution to the users and companies. It comes with all the security and the good direct point to the cloud application as well.
I would rate the solution at a ten out of ten. It's a really great product.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2022-03-23T00:00:00-04:00
Rated 5 out of
5 by
Imran Taiyeb Ali from
A stable tool that offers a good uptime and ensures a return on investment
What is our primary use case?
Prisma SD-WAN offers the same functionalities as Palo Alto CloudGenix, but my company uses it for different clients who operate retail chains. All the places where I have seen a big business setup, consisting of the head office, warehouse, sales office, and different kinds of offices for a particular area of business, require everything to be connected with their data centers, which is one of the main requirements of a business for which Prisma SD-WAN is required. Depending on the needs of my company's customers, we suggest Meraki, CloudGenix, or Juniper since the basic nature of all the aforementioned products is the same for a multi-point business setup.
What is most valuable?
The solution's most valuable features are that it is easy to onboard and its features are easier to understand. Prisma SD-WAN's features are similar to Cisco Viptela. Prisma SD-WAN is less costly than Cisco Viptela, but it did its job well. With Prisma SD-WAN, it took me a week to understand the concepts. In a month's time, I was able to deploy Prisma SD-WAN, so it was very easy and good. Users can cover up for the lack of support with the level of ease that the device provides you to interact with, so it gives confidence to its users. Whenever you go to the support, you are confident about what the issue is in the tool. Juniper, which functions on a Linux-based architecture, allows only a Linux expert to work on it, but a normal network technician cannot work so smoothly on it. The ease of troubleshooting and deployment are two main features that are better in Prisma SD-WAN compared to its competitors.
What needs improvement?
There are some small issues in Prisma SD-WAN's area related to bypass pair or couple ports related to redundancy. Sometimes, during the product's initial setup phase, bypass pair or couple ports don't come up normally, and it requires an hour and a half to troubleshoot to reset the box from Prisma SD-WAN to factory default. Prisma SD-WAN has some minor issues in its physical port, especially in bypass pair or couple ports. Bypass pair or couple ports are not abnormal ports. It is just that the aforementioned ports behave differently. If Prisma SD-WAN can fix bypass pair or couple ports and make them robust enough to work after the initial setup in the first attempt, then it can save a lot of time. The physical device's bypass pair or couple ports generally have issues.
For how long have I used the solution?
I have been using Prisma SD-WAN for three years. My company has a partnership with the product.
What do I think about the stability of the solution?
It is a stable solution. Stability-wise, I rate the solution a nine out of ten.
The solution has some issues related to bugs, but in my company, we can fix them.
What do I think about the scalability of the solution?
The product's scalability is good since my company has never found any issue with the traffic load or the memory utilization part. Scalability-wise, I rate the solution an eight or nine out of ten.
I have dealt with around 100 sites with small setups, so I can say that around 1,000 to 2,000 users use the solution.
How are customer service and support?
Prisma SD-WAN has some support issues, but not much since it can be handled.
There are certain areas where the support team of the solution lacks.
I would say that the support team can easily find the root cause of the problems related to the product in a very short amount of time, but the support team's availability is not good. If we have a P1 ticket now, which needs to be given priority owing to its severity, the product's support team takes nearly two hours to join, which doesn't help us solve the problem even though they are good. In our company, every time we have some activity, we pre-plan it, and we ask the product's support team to join us irrespective of whether we have an issue or not so that in case we face an issue, we can get help. The support team might not be available to help our company even if there is some severe issue.
I rate the technical support a seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The product's initial setup phase is straightforward.
The solution can be deployed in a day or two, considering it is done from my company's customer's branch office.
What was our ROI?
I have seen a return on investment in the sense that earlier, the customer used to work on the legacy network where it usually took time to set up the network, and once the network was set up, it worked fine, but, again, if you want to change something in the network, it takes time. After implementing Prisma SD-WAN in an environment like this, it can be described as offering more automation on the WAN side, so if you add a new service, you don't need to redesign the network. You just enable the service you want on the box from Prisma SD-WAN, or if you have some specific parameters, the box will take care of them under the service default list. In Prisma SD-WAN, voice is always prioritized, and data is less prioritized. Whatever services you have in your network, you can just add, and the device will take care of them, as it knows that a particular service may have four links, it knows from where it needs to send it, and if the service goes down, it knows by default where it has to send a link, so there is no manual intervention required. By considering the solution's base, we can say that it offers good scalability, as a user gets to see an increase in network readiness and uptime.
What other advice do I have?
I recommend the solution to those who plan to use it. As per market standards, the product is doing good.
I rate the overall tool a nine out of ten.
Disclaimer: My company has a business relationship with this vendor other than being a customer:
Date published: 2023-11-21T00:00:00-05:00
Rated 5 out of
5 by
Libin Joseph from
Administration is very flexible for devices and policies; everything is in a single portal
What is our primary use case?
We can integrate Prisma SD-WAN with Zscaler, a third-party application, as well as with Prisma Access from Palo Alto. These are the endpoints. That means we are controlling the internet traffic. These days, with so many people working from home due to Corona, we have to control the internet traffic. That is one of the main use cases for Prisma SD-WAN.
Another use case is because in Europe there are multiple languages. Some of our customers complain that when they are browsing the internet, they are not getting their local language, or they're not getting English. The reason is that we have established Zscaler connectivity. The low latency endpoint, because Zscaler is in the cloud, is communicating to the branch and, as a result, they're getting a different language. In such a case, we build a static tunnel to the static Zscaler and a static tunnel to the node. We can establish that connectivity in Prisma SD-WAN and it will connect smoothly, without any issues.
How has it helped my organization?
Prisma SD-WAN is an SD-WAN optimization product, where we don't require any kind of MPLS circuit. If such a circuit is there, it is no problem, but in general we are able to eliminate MPLS circuits and establish a site-to-site tunnel. That is one of Prisma's benefits. Some of our customers are still using MPLS circuits, but I am working with my customers to eliminate them. In place of that, we are allocating high-bandwidth internet to the site.
It also helps reduce costs. If you have one data center connected to another data center, or a branch connected to a DC, you have a P2P circuit. That is too costly and we can eliminate it. So it is very helpful, cost-wise, for our customers.
The solution is also very flexible when it comes to policies, so that you can redirect the traffic. Suppose the quality of one of your circuits is bad. It will automatically shift traffic to the second circuit, which has better quality. We don't need to make any alterations. In a legacy environment, we would have to do a lot of traffic-routing and change everything. But here, it is automatic. No human interaction is needed.
In addition, administration using Prisma SD-WAN is very flexible. Devices, policies— everything—is in a single portal. If you think about a legacy network, you would have to go to a data center, you have to go to a server or log in to the data center router, and do routing P2P. With this solution, that is not at all required. Everything is in the UI. With 10 days of training you can administer a customer. I was not a network guy, previously. I started my career as a system support engineer and I don't have a networking background. But it is very easy. With some training and knowledge of networks, it is easy to manage.
In terms of automation, we can connect this solution to our ticketing tool, which is ServiceNow. (We can also integrate Prisma SD-WAN with other third-party applications like Zscaler, AWS, and Azure, among others). Whenever there is an alert, it will send a message to ServiceNow and that solution will automatically create a ticket and send it to the concerned team. If we have 10 customers, we can monitor all the infra at the same time. Whenever an issue is resolved, one more message is sent automatically to ServiceNow saying, "Okay, this issue is resolved," and ServiceNow will automatically resolve the issue without human interaction. This kind of automation simplifies things because there is a single portal for administration.
Troubleshooting is very easy compared to other SD-WANs and legacy environments. We can filter by source and destination IP and check, if the traffic is failing, what is happening to it. We also have the advantage of being able to look at which application is involved, and that is not something we could not do on a legacy system. We can filter by application and see if the traffic behavior is normal or failing.
We can also see
* application health - if it is good, it shows as green, if not it will be red
* application response - whether the application is responding or not properly
* current, new and concurrent flows.
Everything is viewed in a single page. We don't need to go to a CLI. We can filter everything. Even the L1 team can monitor things and talk to the customer, rather than issues having to go to L3 or L4. That is the beauty of the solution. It is very easy. Previously, the L1 team could only create a ticket and didn't have access to the router to do troubleshooting. They would have to wait for L2 or L3. Now, we can give them basic, read-only access so that they can also view the network and see what the traffic is like, whether a device is up or down, its power status, et cetera. These kinds of things are no longer dependent on the L2 team. Tickets are mostly handled by the L1 team.
Another benefit is that it helps reduce network troubleshooting time, by a lot.
Previously, we were getting multiple alerts, even from one site going down. There are interface-down alerts, device-down alerts, internet-down alerts. All these are really a single alert that means "site down." That type of correlation was implemented about six months ago by the Prisma SD-WAN engineering team and it is working successfully. It makes things much easier when we are only getting a single alert. Otherwise what happens is that we have multiple tickets created in ServiceNow. A single site down could create 50 alerts, but now it's a single "site down" incident.
What is most valuable?
The product has a controller which is hosted on the AWS cloud, and we have three cloud data centers. From the main controller, we can administer the customer's devices, QoS, network, and traffic. We can monitor it and we can change and create policies as well as upgrade the software. We can totally control a customer's network from one site, the Prisma SD-WAN portal.
Prisma SD-WAN has a lot of advanced features, one of which is Zero Touch Provisioning. If you want to migrate to the cloud, or you want to migrate your office to a high-end router or an edge router, it is too difficult. It would require a lot of planning, a lot of implementation, and a lot of headaches and operational burdens. But with Prisma SD-WAN's Zero Touch Provisioning, we can collect the customer's infra and analyze it. According to that, we can prepare a diagram and implement high availability with two devices. That way, if one of the devices is down, the other will take an active role with the forwarded traffic.
And whenever we are required to make any changes, we can make them to multiple devices at the same time. Suppose we want to change the IP address, or create a static cloud. We can create a template and can use it for multiple uses.
If we want to upgrade software, in GitHub there is a lot of code uploaded by Prisma SD-WAN developers that we can download to schedule the upgrade onsite, and it will automatically upgrade the software and reboot the devices. If there is only a single device involved, traffic will definitely be cut off for some time, but if you have implemented high-availability, with two devices onsite, there is no traffic interruption during a software upgrade. It will be shifted to the second device while rebooting the first device.
Other features include event, security, network, and path policies. Regarding path policies, suppose you have two internet circuits and you want one circuit to be the primary and the second circuit to be the backup. Using an SD circuit would be too costly in a normal situation. But whenever the primary circuit is down, since the office should definitely not have an outage, we have to ship the traffic to the SD circuit. In that scenario, we can create a path policy, so that whenever the primary circuit is down, this traffic will forward automatically to the other circuit.
Also, suppose I have very critical business applications hosted on the cloud and I want to prioritize these applications. For example, if there are two people working with SAP while other people are just casually browsing the internet, using Facebook or Gmail. I want to give priority to the SAP customers. I can set this kind of priority with four levels of traffic or QoS, platinum, gold, silver, and bronze. I can put the SAP traffic in the platinum level and it will get more bandwidth and the application will perform fast. Its traffic is prioritized immediately, over the other levels. And if you have two internet circuits and you want to direct your SAP traffic to the fastest primary circuit and your Gmail and Facebook traffic to the secondary circuit, that is also possible with Prisma SD-WAN.
In Prisma SD-WAN there are three modes: Control, Analytics, and Disabled. If you disable the site the site is completely down and inactive. If you are in Analytics mode, that means the site is being monitored. But mostly, we are using that for DC sites to get the traffic metrics. In Control mode, the site is fully functional.
And WAN management is very flexible. We can create multiple WANs in a site and we can customize a WAN. We can move traffic around, depending on the customer's requirements and internet availability.
What needs improvement?
In some areas, compared to other SD-WANs, Prisma SD-WAN has fewer features.
First of all, sometimes, if one device is down, the other device will not come up. When there are two devices and we have created HA, that means one device gets a priority of 100 and the other is given 90. The 100 priority is active and the 90 is the backup. In some cases, the primary device is down, but the secondary device is not becoming active. In that case, we have to reboot the devices, causing an outage.
I would also like to see improvement in the product training for customers. Palo Alto has not initiated very much training but they have to do so because this i...
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2022-11-27T00:00:00-05:00
Rated 5 out of
5 by
reviewer1688805 from
Enables better connectivity and greatly improves performance due to the expansion of bandwidth and a reduction in costs
What is our primary use case?
We use this solution to enable better connectivity for utilizing the more available Internet broadband lines instead of the expensive MPLS lines.
The solution is deployed on the cloud. I'm using version 5.4.
There are 15 people using this solution in my organization, including network and security engineers. We currently don't have any plans to increase usage.
How has it helped my organization?
The reliability of the solution has improved our organization. We don't have any downtime unless there is a power outage. The network is more resilient and faster. It delivers applications in a timely manner. The performance has greatly improved due to the expansion of bandwidth and a reduction in costs.
MPLS lines are the most expensive lines. After changing to a broadband line, the monthly cost of running the network is completely different.
Prisma SD-WAN also provides Panorama integration, although we haven't used it.
We use Prisma SD-WAN's event correlation and analysis capabilities to help minimize the number of alarms from a single event, but this is all done from the dashboard. This feature has made our network operations much more clear and more concise. Sifting through numerous alarms, especially if they're for related incidents, makes it cumbersome to focus on the problem that needs our attention.
Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud. It provides seamless integration with the Prisma core networks and traffic web filtering. This simplifies our WAN management.
We're able to have one place where we can configure pretty much all of the features of our network. We can designate a device to use a certain set of features, policies, etc. It's just a matter of doing its local configuration and it's instantly on. We don't have to configure each device from scratch. We set the policy, upload the configuration, and that's it.
The move to Prisma SD-WAN definitely resulted in a reduction in outages because we usually have one WAN link. Regardless of whether the internet access is used from the hub site, ideally, Prisma Access allows us to have local internet access through the branch side. The benefits are numerous in that respect.
What is most valuable?
I like that the integration with Palo Alto is easy.
What needs improvement?
The dashboard is okay. The dashboard gives us enough flexibility to get the information needed so that we can act upon any issues or data that is represented. It serves our purpose for our use case. Like with any other product, it takes time to get acquainted with it.
The only con is the pricing because it's more premium.
For how long have I used the solution?
I have used this solution for less than a year.
What do I think about the stability of the solution?
It's a solid product.
What do I think about the scalability of the solution?
Scalability is not an issue. We can have defined policies, defined routing, etc. Onboarding new sites isn't a problem.
How are customer service and support?
I haven't needed to contact technical support in the past year. The product is performing well. From what I know from my colleagues, the support from Palo Alto is usually great.
How was the initial setup?
I wasn't involved in deployment, but I was told that it was pretty straightforward. It became complex because they did a full-blown deployment and configured everything. Palo Alto did the POC.
What's my experience with pricing, setup cost, and licensing?
If you're already invested in a Palo Alto product, it would be logical to use this solution. If not, there might be some other solutions that are more viable in terms of pricing.
What other advice do I have?
I would rate this solution a nine out of ten.
My advice is that everybody should do a proof of concept. First, read the basic white papers on Palo Alto. If the product seems to suit your needs, contact them and see what the POC will be and what the pricing will be like. The pricing is different for different companies. Larger enterprises get larger discounts. This also depends on how many sites will be incorporated. There are many factors. It's not a simple decision, but at least you know the product is good. It's on the premium end, but that's what Palo Alto is all about. If you want a top-notch solution, then Prisma is for you.
Our security team evaluated the solution and couldn't find any lacking features. I think it's suitable for large and complex enterprises.
Which deployment model are you using for this solution?
Public Cloud
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2022-10-30T00:00:00-04:00
Rated 5 out of
5 by
reviewer2198622 from
A cost-effective and easy to manage solution
What is our primary use case?
Prisma SD-WAN is cost-effective and easy to manage. We have replaced all our MPLS connections with dial-up internet links. This will reduce our costs in place of ISP and is easy to manage. We can route the traffic based on the application. Sometimes, we used to route the package based on the user because some users want to use the internet. We are effectively using the solution for path manipulation for the users. We also have multiple tunnels whenever there is an issue or drop with one of the ISP tunnels.
How has it helped my organization?
We have a single dashboard to view all kinds of analytics. If we make Prisma SD-WAN as analytics, we can only see what kind of traffic is going and how much bandwidth it is utilizing. We can also see if there is high utilization from any particular link or application. Otherwise, we can configure Prisma SD-WAN as a control mode to use it as a routing protocol and for analytics. It gives you more insights about what kind of traffic is going, how much the consumption was, how we can reduce that consumption, and how we can apply that quality of service. If one of the sites is accessing more teams, our bandwidth will be utilized as a platinum application so that most of the bandwidth will be utilized for the team. Unlike traditional networks, it is very flexible, and based on the kind of application we are using, our bandwidth will be utilized.
What is most valuable?
It is flexible to use the internet connection via local breakouts without going to data centers. We don't need to install firewalls within the site to inspect the traffic. It will forward the traffic directly to the cloud so that the inspection will happen there for any unknown or unwanted traffic. This will also reduce the cost because we are not managing side-by-side firewalls. Your traffic will not go to data centers to inspect the outgoing traffic.
What needs improvement?
Prisma SD-WAN's technical support should be improved. When we have some issues, the technical support should be available on time, and the engineer should join to help us. It can increase the bandwidth capacity for some of the small branches. A warning message comes to us to notify us that something is going wrong, but we cannot understand that information.
Prisma SD-WAN can be automated so that our network will be faster and our work will be reduced.
For how long have I used the solution?
My team has been using Prisma SD-WAN for the last two years, but I joined this project for the last six months.
What do I think about the stability of the solution?
Prisma SD-WAN is a stable solution.
What do I think about the scalability of the solution?
I rate Prisma SD-WAN a seven or eight out of ten for scalability.
How are customer service and support?
Prisma SD-WAN's support is good, but the engagement of the engineers gets delayed, or the right person might not join the call. The information should be made available on time. So we require very knowledgeable people in technical support to improve the customer environment and the network performance, as well as the operation team's knowledge.
How would you rate customer service and support?
Neutral
How was the initial setup?
Prisma SD-WAN’s initial setup is very straightforward.
What about the implementation team?
Prisma SD-WAN's deployment is completely based on the process. For example, one box running with a little older version was migrated from one of the sites to our site. So, it is running with a very older version, and our devices are running with a very higher version. Sometimes, the internet connectivity will not come up, and we have to connect to that Prisma cloud to get the diverse version to upgrade it.
Sometimes, the upgrade might take some time due to the heavy load on the cloud or a congested ISP. Generally, if you go for a simple configuration, it won't take much time. You simply configure basic ISP settings, and it will get the internet connection. It might not take more than 45 minutes.
You need console access. It's based on the ISP. If you have a dynamic ISP, you connect that ISP to one of the WAN links, and it'll get the IP address. So if you get the IP address, it automatically shows it online in the system in your domain. If that ISP is not dynamic and we have to manually configure the IT address, we have to take the console access. We need help from site IDs. It is not a drawback of the project, but it is something dependent on the ISP.
What other advice do I have?
We used to open tickets because it was a completely new environment for every engineer and because it was hosted for the last two years. Whenever we had such challenges in the network at the architect level, we used to open a ticket. So we request the engineer to join and discuss our plans for what we want to achieve. They will help us with most things. Sometimes we might see some failure of changes as well, but most of the time, we succeed when we involve this Prisma SD-WAN tactic.
Prisma SD-WAN has layer seven capability to check how the traffic is going, but unfortunately, I do not have in-depth knowledge of that process. We have a workflow at the layer seven level. They have all kinds of analytics at layers three, four, five, and seven.
Prisma SD-WAN can automate many things, but we also need to have that kind of testing environment. We never use it in our environment because of our daily activities.
Network automation is the biggest thing in current evaluation in the network world. We have thousands of switches and network devices where we need to configure multiple configurations. So if you have automation in place, it will reduce the timeline, and we won't miss anything. If we do it manually, some people might properly follow the process, and others might not. So if the automation comes in place, only one person can push all the configurations to the respective devices so that we follow the standards.
We never tried using automation for network troubleshooting, but we tried much automation while provisioning some networks, like new installations. Troubleshooting will come with the packet capture directly. We do some packet captures, but as of now, we didn't automate those. We are looking for automation for provisioning things when new sites come into the picture. We want to automate without doing manual configurations.
The alarms make sure that we are checking everything on time and give us some flexibility to ensure that the device will not go down. So, the alarms might not reduce in the future, but they will give us a trigger point so that we check immediately what is missing. Those are mandatory alarms for CPU alerts. Every time there is a high utilization on the box, it will show some trigger. We'll understand why the CPU utilization was happening. They will show some information on the network regarding why the CPU is being utilized. We can ensure not to repeat that kind of scenario in the future. Sometimes, if the bandwidth utilization from the users is high, we cannot control those alerts. But when such kind of traffic utilization is high, we can increase the bandwidth so that we can reduce those alerts. If you take those steps effectively, then it will definitely reduce your alerts.
Prisma SD-WAN incorporates policy control for event correlation and analysis, which affects our admins' control over events generated on our network.
We have many path policies and QOS policies. It will show which is the better path that needs to be selected while the traffic was going. It also shows the next backup path, if one of the paths fails. We have to configure manually with the path policies, what kind of application requires minimum amounts of bandwidth. Those path policies need to be applied to the iron box. Whenever a user sends traffic via the iron box, it will select those path policies to make an effective decision.
Prisma SD-WAN's policy control for event correlation and analysis helps admins pinpoint issues. Whenever we log in and check, users complain about issues related to packet loss, and we have to load share the network manually. These automated path policies affect configurations. Sometimes, if the internet link keeps on disconnecting, we can see something on the analytics screen that packet drops are high.
Unlike traditional networks, you don't have any kind of analytics. The customer might not take third-party analytics because of the cost. So we don't know the visibility of checking those WAN links, and we simply rely on the ISPs to understand how the WAN link is working. They tell that there is no issue with the WAN links and everything is fine.
There might be some milli-seconds of packet loss which cannot be shown on the ping reserves. So this analytics gives a lot of information to the administrator to understand the issue. We can ask those people to understand this issue, and they can resolve those things by seeing those analytics. Prisma SD-WAN is the web solution that helps the administrator to understand the issue and resolve it.
Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud. They also have virtual solutions that they can provide, but we never use those virtual solutions.
Prisma SD-WAN is a very good product. It gives lots of benefits to the enterprise network by deactivating the costliest MPRS networks. Even non-technical people can understand the packet flow and easily see what is happening by seeing the analytics of the link.
Overall,...
Disclaimer: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Date published: 2023-05-31T00:00:00-04:00
Rated 5 out of
5 by
Tareque Khan from
It supports all of the applications we're currently using
What is our primary use case?
We are doing a proof of concept for Prisma SD-WAN and considering whether to migrate from our existing solution. We are attempting to replicate our existing technology and duplicate that traffic.
How has it helped my organization?
In POC testing, we're able to communicate from one site to another perfectly.
What is most valuable?
Prisma supports all of the applications we're currently using.
What needs improvement?
Prisma could be a little cheaper.
For how long have I used the solution?
We are currently evaluating Prisma SD-WAN and haven't implemented it yet.
What do I think about the stability of the solution?
I rate Prisma SD-WAN nine out of 10 for stability.
What do I think about the scalability of the solution?
I rate Prisma SD-WAN eight out of 10 for scalability.
How are customer service and support?
I rate Palo Alto support eight out of 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are using an HP solution. Prisma SD-WAN is easier to manage and has more features.
How was the initial setup?
It's very easy to set up Prisma SD-WAN.
What was our ROI?
Prisma SD-WAN is a good investment.
What's my experience with pricing, setup cost, and licensing?
What other advice do I have?
I rate Prisma SD-WAN 10 out of 10.
Which deployment model are you using for this solution?
On-premises
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-06-04T00:00:00-04:00
Rated 5 out of
5 by
reviewer2060574 from
The portal provides a single pane of glass and zero-touch provisioning
What is our primary use case?
I deal with various attack support use cases for multiple organizations. The most common use case is when enterprises are looking for easy failover of their links and better visibility into their network environments and traffic. It also supports integration with other vendors' products, like Slack or Teams, and integration with Prisma Access, a cloud-based firewall. We also have a cloud presence, but we need the licenses for firewalls or routers in the cloud.
We have more than 700 tenants or users. I can't disclose customer names, but we have clients in retail, auto manufacturing, banks, and manufacturers of consumer products like toothpaste. I have clients ranging from the Australian time zone to the European time zones. There are some working in the United States, as well.
How has it helped my organization?
Prisma reduces the network engineers' workload by 40-60 percent. When there is a problem with traffic not reaching its destination, you'll get an alert to get it sorted out. The second benefit is security. Prisma SD-WAN has built-in VPN and fault-tolerance personnel functionality. It's integrated with cloud firewalls, and you can get the strength and availability of a SASE environment.
You can replace your old routers and firewall with Prisma. It's like two devices in one. The portal provides a single pane of glass and zero-touch provisioning. You only need to get the device online, and you can do the rest through the portal.
Prisma inspects packets for Layer 7 intelligence but doesn't provide all the intelligence that firewalls do. That's the job of a firewall, not ION boxes or SD-WAN devices. Prisma provides application-level visibility. For example, you can see the bandwidth consumption of Teams and Outlook or the consumption of SaaS applications versus in-house applications. With that level of detail, we can have security applied to traffic-based applications.
This gives you control over what application traffic should link. For example, let's say I have a link from AT&T and one from Verizon, but the Verizon link is not performing well in certain areas compared to AT&T. I can send my mission-critical applications to the AT&T link. Applications that aren't mission-critical, like Microsoft updates or file transfers can go to the Verizon link.
You can steer traffic based on the application type, and it warns you if traffic isn't reaching a destination. For example, if Verizon isn't taking me to Google, the device will recognize that and redirect the traffic through AT&T. If the policy says to go to Verizon, with AT&T as a backup, it will ship to AT&T and start probing. These kinds of features are unique to Prisma.
The application visibility features help you to support your SLAs. Before SD-WAN, most customers reported issues with voice communication, CUCM, and video conferencing. In those cases, the failover provides a seamless experience of voice, video, and real-time traffic.
Prisma simplifies troubleshooting. One recent example is that one of my customers was seeing certain links getting flapped. One alarm created one ticket each time it popped up, but that flap was five seconds, ten seconds, or a minute. Creating a ticket for a one-minute flap isn't an efficient use of tickets. With automation, you have one other feature of an event policy device. You can also automate with tools like Splunk and ITSM. You can set a rule where they only raise a ticket if it flaps five times within ten minutes or if the link is down for longer than two or three minutes.
We have used automation for dealing with those kinds of minor things. There are other use cases, but this is the most common. You get email integration with all alerts, ITSM, and Splunk. Predefined cloud levels are also available on the portal. You can request it and integrate your ITSM with Prisma SD-WAN. The automation helps you quickly locate the root cause, so you don't need to dig through multiple layers of logs. In fact, you don't need to touch the device to get the logs. You can get it on a portal or through automation on your preferred monitoring tool.
Prisma's event correlation and analysis help minimize the number of alarms from one event. A year ago, Prisma SD-WAN rolled out an event separation feature. Let's say one link goes down, and it causes ten VPNs to go down, making a site unreachable. In that case, it triggers only one alarm that this site is partially inaccessible or has some fault. It will not trigger a separate notice for each VPN or application that isn't performing because of that. It will present one alarm showing that the IP is down. That significantly reduces downs the number of alerts in the portal. All the constituent alarms will still be there, and you can drill down to see those.
Prisma has specific policies for event management you can use for sites under maintenance or those with a lower priority. For example, a branch site shouldn't have the same priority as the home office or the data center. You set priorities with the event policies. The administrators will focus on priority events they see in a portal at the same level. A link that goes down at the headquarters is a higher priority than a single VPN going down at a branch with two links. Under normal working conditions, both events will have the same priority. However, if you have this event policy set up, the administrator will see the priority levels for each ticket and prioritize tasks accordingly.
With Prisma, we can deliver branch services like networking and security from the cloud. We can have security integrations, including cloud-based firewalls like Zscaler and Prisma Access. You can also do some Zoom-based firewalling on these devices. Shifting from a legacy Layer 2 WAN to Prisma has reduced outages. Many things change when you move from legacy to SD-WAN. You must learn a lot in the initial stages, but once you are familiar with the changes, your job is almost 60 percent done. You don't need to focus on many tasks. The device takes care of them.
What is most valuable?
I like the link monitoring and analytics. These are the features that set Prisma apart from other products. Prisma works well with large, complex networks. One of my clients is a top bank in the United States, and Prisma has performed well for that customer.
I've never seen a customer with a more complicated architecture than that bank. It has proven itself effective in environments with multiple data centers, branches, and locations. Banks' requirements vary significantly across branch locations, regional offices, ATMs, and data centers. Prisma covers everything.
Prisma is developing machine learning in its product portfolio. ION boxes don't have machine learning, but it's under development, and we'll soon see AI WAN. I can't say when, but it's in the pipeline. Still, there is some automation for deploying multiple branches or pulling up results and analytics for things specific to an organization. If you want to change something throughout the entire environment, you don't need to go to each device. You can use the automation tools available on GitHub, and Prisma SD-WAN has open APIs.
You can use the open APIs to create custom scripts. Prisma engineers have already uploaded several scripts to GitHub. There is one software development kit that is openly available. You can create programs to get your intended data or send configurations to devices.
What needs improvement?
There are two parallel things that we want Palo Alto to work on. First, customers want a unified appliance that does the work of all firewalls in addition to SD-WAN. Second, the cloud presence should be completely automated. If I purchase the SASE architecture, I shouldn't worry about deployments in Prisma Access or on Prisma SD-WAN. It should be deployed in one go.
For how long have I used the solution?
I have been using Prisma SD-WAN for four years now.
What do I think about the stability of the solution?
Prisma SD-WAN is stable. Every product has some instability issues, but eventually, the product matures. This product has proven itself from version 4.6 to the 6.0.X version, so there is stability in this line of products.
I can't say that there are no issues. There are some bugs in the system that our team is constantly fighting to get fixed. Usually, there is a hotfix or a patch in the next release. Overall, Prisma is stable. We have had customers working with it since I joined the company.
What do I think about the scalability of the solution?
Scalability isn't a concern with Prisma SD-WAN. If my whole setup is 10 branches, I could add 50 more branches. You are covered because the data center is the only factor we worry about. We always try to put high-end devices like 9Ks or 7Ks in the data centers. The 7Ks are going out of production, but support will continue.
The 9Ks are capable of handling more than 300 branches in one go. We can put it in parallel, like a cluster, so we can handle 500 branches without a problem. You add a device, plug it into the internet, configure it, and it will scale a new branch for you.
How are customer service and support?
I work in tech, so I rarely need to contact support. Before the Palo Alto acquisition, every support case was routed directly to L3 or L2 engineers. Now an L1 engineer screens most tickets, depending on the priority.
High-priority tickets go straight to L2 engineers. Generally, they try to address those cases before they hit the L2 team. From a customer perspective, it might be challenging to get connected to the right engineer
How was the initial setup?
I have been deploying Prisma ...
Disclaimer: My company has a business relationship with this vendor other than being a customer:Partner
Date published: 2023-01-18T00:00:00-05:00
Rated 5 out of
5 by
reviewer2060541 from
When we switched to this solution, we saw an immediate improvement in our network visibility
What is our primary use case?
We use Prisma SD-WAN for nearly everything. It is deployed at all our remote locations across nine states, and we have cores in our data center. Each branch is connected to the cores.
A high-availability pair we use for our primary banking software is stood up at one of our vendors. All these devices have direct VPN tunnels to a pair strip in their data center. We stood up the HA pair with VM infrastructure and AWS, and all branches have direct VPN connections to those devices. This passes all the traffic for the branches and networks.
We have these devices deployed on AWS, but we're not using the AWS aspect to send policy or control the branch management. We do it from the local device or the hardware cores in our data center. As far as WAN, you can build direct tunnels. If we did management from the cloud, we would have direct VPN tunnels to that cloud service.
How has it helped my organization?
Before we deployed Prisma SD-WAN, most of our branches were on a legacy T1 circuit over an MPLS. We were using Cisco routers, so we couldn't see networks with applications. We saw an immediate benefit as soon as we rolled these out to all the branches. We could start to see all the data flows and which endpoints were talking. It allowed us to build custom applications and quickly identify them by name when searching for data flows.
We previously only had a single T1 circuit, but Prisma SD-WAN enabled us to deploy two internet circuits at each site, whether it be fiber, DIA, or broadband like you have in your house. All of our locations have a primary and a backup. Sometimes, the second circuit is a cellular LTE or a Cradlepoint.
Prisma helps us troubleshoot endpoint issues. If a branch calls in and tells me they're having trouble accessing an application, I can immediately go into the dashboard to check the tunnels. I can tell them if a tunnel is down or missing. I can troubleshoot that tunnel, disable it, re-enable it, and try to get it back online.
It shortens the resolution time compared to our previous Cisco setup. You'd have to log into the router and type some commands to troubleshoot because everything was through the command line.
With Prisma, I only need to check the dashboard to see if there's an alarm on the home screen. You can click on that and go into greater depth to see if there's high latency or packet loss. The alert on the dashboard directs me pretty quickly to the device with an issue and helps me determine the nature of the problem.
Switching to SD-WAN has significantly reduced our outages. That was one of our primary reasons for switching to an SD-WAN vendor. The legacy hardware lacked visibility in Layer 2 at the switching level or Layer 3 routing. I had to log in to use the command line manually. This device has GUI and command line capabilities, so I get my reports straight from the dashboard, and I can export those to management. I know our company reported fewer outages. I don't remember that percentage, but it was a significant difference.
What is most valuable?
Prisma's analytics provide a lot of valuable data. I like the internet health chart that shows latency, dropped packets, MOS for data quality, etc. It also runs a continuous speed test in the background. I've used it multiple times to troubleshoot internet connections when the service provider has attempted to claim nothing is wrong with the circuit. It gives me data to send them showing we're not getting the speed we should, or there is constant packet loss.
I wouldn't say the Layer 7 intelligence provides deep application visibility, but it does provide some visibility. We rely on our next-gen firewalls, which are also Palo Alto. They work with this product to give a deeper view of Layer 7.
It has some machine-learning features. For example, it collects data in the background. You can look at the data flows to see that internet connectivity was poor at a given time, which correlates with a point on the data flow where the customer complained about a problem with the application.
We can set various policies regarding which traffic goes where using a zone-based firewall. You can also set a policy based on events. We might implement a QoS mechanism where an application might have a higher priority. For example, it might dedicate more bandwidth toward video calls under a given condition based on the policy. We can custom-build applications to ensure they're impacted the least according to the policy we have set.
With the policy in place, we don't need to interact with it as much. It does it for us, so we don't have to tweak too many settings, and it allows us to get pretty granular with it.
The solution formerly known as CloudGenix is now Prisma SD-WAN, so it can do zone-based firewalls. However, they do not put heavy encryption on the device. That's mostly going to be handled by the firewall service you use. It doesn't have to be Palo. It could be Zscaler or Check Point. Even though it's a Palo Prisma device, it works well with various vendors and allows you to do that aspect.
For how long have I used the solution?
I have been using it now for a little over three years.
What do I think about the stability of the solution?
I think Prisma is highly stable. You're going to have some outages here and there, but I rarely see the direct branch-to-branch or branch-to-data center tunnels go down.
Most of the tunnels that go down are third-party or standard VPN tunnels. That's your branch connection straight out to the internet, so you don't have to backhaul any of that data to the data center. It hits a cloud firewall, gets analyzed based on your firewall policies, and goes out directly to the internet.
What do I think about the scalability of the solution?
It's simple to scale up Prisma SD-WAN, especially the Prisma Cloud firewall. We set that up on our Palo Alto Panorama firewall. It is one firewall with all these tunnels directed back to it. Prisma has something called a "cloud blade." It used to be a Docker container, but now it's some container that runs on their hosted servers out in the cloud.
This container was a huge script that auto-builds all these Prisma tunnels for you. It runs a script, configures the IPs and IPsec tunnels, and sets up all the security. It does that in the background, so you don't have to go in and configure two tunnels for every site deployed. If one of these tunnels goes down or a site gets removed, it deletes and clears out that VPN tunnel. When you deploy a new site, it runs a script every so often in the background. It detects a new one, builds it, deploys it, and then it all points to the same Prisma Cloud for the firewall.
We have roughly 2,300 users traverse these networks directly at the branch or using our global VPN solution. Everything goes across these same tunnels. I wouldn't describe our network as extensive. I would say it's a medium network. However, I don't think we'd have an issue with a more extensive network. These are built so you can configure all the tunnels with them. I don't think it would be a problem at all.
How are customer service and support?
I rate Palo Alto support a seven out of ten. Customer support is our biggest pain point. The quality of support has gone down a little since we initially deployed this product. I don't know if this is due to turnover at Palo Alto or a lack of training. It is now taking one or two days to get an initial response that says, "Hey, we've looked into this, can you pull this data for us?" In the past, we'd immediately get a response.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We didn't have an SD-WAN solution previously. We had a legacy MPLS network with on-prem firewalls and a hosted VPN solution.
How was the initial setup?
I was the lead engineer for everything, including the proof of concept, lab testing, and the initial building of the scripts we used for the device. I did the deployment of the first 150 branches before I handed the project off to another engineer.
We had a fairly small network team handling most of the physical deployment, while a dedicated cybersecurity team did the firewall policies, file blocking, etc. We had about eight people between those two teams. For the rest of the deployment, we paid for professional services through Palo Alto to have a dedicated engineer assist me and another team member with all the initial setup to get this deployed. That was roughly three to four people.
What about the implementation team?
We paid for professional services. We bought the project when it was still CloudGenix before the Palo Alto acquisition. We did the initial setup and had a dedicated top-tier engineer come on-site to work through the diagrams with us.
From there, we built the first lab on the device. The engineer took that config off the device and created the initial jinja template with all the data in the config files then handed that over to us. He showed us how to use those templates and build our YAML file for each individual site, and he walked us through how to use the scripting he had put in place, which was Python on the back end. It was an easy process.
What was our ROI?
I think we have seen an ROI. We have a strict auditing and compliance process. That...
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-01-18T00:00:00-05:00
Rated 5 out of
5 by
Deepak Das from
Much simpler and more intelligent than our Cisco legacy system
What is our primary use case?
We have introduced many applications for our clients and they need to launch with very minimal latency. Running them through traditional processes is not sufficient for our network or for our customers' or clients' satisfaction. We have moved to the SD-WAN approach.
How has it helped my organization?
Our traditional network using Cisco routers is quite old and it's not very intelligent when it comes to troubleshooting. Prisma SD-WAN is very helpful for our network.
What is most valuable?
SD-WAN is very
* flexible
* easy to deploy
* easy to troubleshoot.
When it comes to supporting large, complex, network architectures, it's a very simple architecture. The main component is the fabric. It's very easy to troubleshoot if there is an issue happening in the underlying network. More specifically, there is a bypass feature that is very helpful.
And CloudBlade makes automation easy. We can check the logs because it collects the data from all the branch sites and analyzes the data. Those features make it very helpful for large networks.
It also has very high capacity and it can retain and analyze many thousands of connection and application details.
From a security point of view, it can analyze and filter the packets and detect malware and other anomalies in the packets. That feature is also helpful for a larger organization.
The hardware is more robust. When we are rebooting and resetting a device, it is very flexible. It reboots in between 10 seconds to three minutes. It's also quite easy to deploy and troubleshoot in a real-time scenario in the field. If something hangs at the hardware level, it recovers quickly.
Overall, the hardware, security features, and automation are a few of the key points that will help a large organization.
Also, WAN management is quite flexible and if something goes down it triggers an alert on the graphical user interface and the end-user or operations team can act accordingly. It has a very good feature, LQM (Link Quality Monitoring) that calculates link quality metrics and populates them on the dashboard. For WAN management, it's a good feature.
What needs improvement?
Event correlation and analysis capabilities do not help minimize the number of alarms from a single event. That is the problem. We are getting a lot of incidents, and there is some issue with the correlation. That is still a drawback. Sometimes we get many alerts when a device is going down, and when it goes up again the alerts are not automatically cleared. Some type of modification is required.
Another drawback I have observed is that Prisma SD-WAN has a tunnel to the Zscaler endpoint. It forms the tunnel through an API call and that is not sufficient from the client side. Improvement is needed to the parameters they're using for the Zscaler endpoint. There are new features, new protocols, that need to be applied so that it can be checked and work properly. Improvement is needed from Prisma to the Zscaler endpoint because when the tunnel goes down, there are no intelligent parameters, like an alert timer.
For how long have I used the solution?
I have been using Palo Alto's Prisma SD-WAN for the last two and a half years, for my client.
What do I think about the stability of the solution?
The stability is very good.
What do I think about the scalability of the solution?
The scalability is also good and robust.
How are customer service and support?
We have a portal so that when we are facing an issue, we can get with the support team and raise a case.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
Previously, we were more aligned with a traditional network which was our Cisco routers. They were not intelligent, or multi-application oriented. SD-WAN is application-oriented and we can analyze the logs. There are many intelligent features. The troubleshooting is also easy.
Our network is very large. We have more than 10,000 routers and switches, and more than 600 sites. We have legacy, traditional Cisco, Juniper, and other routers, and most of them are at end-of-support.
With Cisco, there is a control plane and a data plane and so many protocols. By comparison, Prisma SD-WAN has flexible solutions. There is no complexity due to protocols and the control and data planes. It's very simple and it's also easy to understand the traffic flow.
How was the initial setup?
The initial setup of Prisma is very straightforward. It took us one to two hours, maximum. We did it ourselves, following a setup process.
There was an issue because some applications do not support this SD-WAN and the application packets are dropped by Prisma SD-WAN. There were a couple of challenges for us. Even now, after one year, Prisma SD-WAN is not supporting an application. Its packets are getting dropped. That is one of the drawbacks.
It has been deployed in a hybrid model. On the branch side, we have Instant-On Network (ION) 2K and 3K, and at our DC sites we have ION 9K and a hybrid model. And from the branch to DC there is a fabric running via the internet.
It doesn't require any maintenance. It's a one-rack-unit device. It can be placed in any small rack and requires only two internet connections and little power in DC volts.
What was our ROI?
It's worth the money we are paying for the features and availability and stability of the network.
What other advice do I have?
The solution also gives us deep application visibility, with Layer 7 intelligence. Traffic engineering is not working on our side. That generally works on the ISP network. There is a security feature in Prisma and a security path setting. We need to create a policy and a zone and mention the policy rules in the zone. It will bind to the security binding and we can apply a global security policy.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-01-18T00:00:00-05:00
Rated 5 out of
5 by
reviewer2274042 from
An inuitive solution that helps to easily navigate between the menus
What is most valuable?
Prisma SD-WAN is intuitive. We have a better idea of the different tools we can use and jump between the menus quickly.
What needs improvement?
The tool needs to work on price and complexity.
For how long have I used the solution?
I have been working with the product for about two weeks.
What other advice do I have?
I rate the product a seven out of ten.
Disclaimer: I am a real user, and this review is based on my own experience and opinions.
Date published: 2023-09-15T00:00:00-04:00