Prisma Access by Palo Alto Networks is mainly used by my clients for zero-trust infrastructure, which includes advanced VPN and zero-trust network access.
Prisma Access by Palo Alto Networks delivers robust security features including secure remote access across apps and traffic monitoring. It integrates smoothly with cloud environments to provide advanced threat protection and visibility into network traffic.


| Product | Mindshare (%) |
|---|---|
| Prisma Access by Palo Alto Networks | 10.2% |
| Zscaler Zero Trust Exchange Platform | 8.8% |
| Cato SASE Cloud Platform | 7.6% |
| Other | 73.4% |
| Type | Title | Date | |
|---|---|---|---|
| Category | Secure Access Service Edge (SASE) | Jul 18, 2026 | Download |
| Product | Reviews, tips, and advice from real users | Jul 18, 2026 | Download |
| Comparison | Prisma Access by Palo Alto Networks vs Zscaler Zero Trust Exchange Platform | Jul 18, 2026 | Download |
| Comparison | Prisma Access by Palo Alto Networks vs Cato SASE Cloud Platform | Jul 18, 2026 | Download |
| Comparison | Prisma Access by Palo Alto Networks vs Cisco Secure Access | Jul 18, 2026 | Download |
| Title | Rating | Mindshare | Recommending | |
|---|---|---|---|---|
| Fortinet FortiGate | 4.2 | N/A | 92% | 594 interviewsAdd to research |
| Cloudflare One | 4.3 | 5.7% | 100% | 23 interviewsAdd to research |
| Company Size | Count |
|---|---|
| Small Business | 20 |
| Midsize Enterprise | 16 |
| Large Enterprise | 24 |
| Company Size | Count |
|---|---|
| Small Business | 672 |
| Midsize Enterprise | 302 |
| Large Enterprise | 1083 |
Prisma Access offers a comprehensive suite of security tools designed to protect cloud environments and remote workforces. With its focus on real-time risk identification and threat prevention, Prisma Access provides encrypted tunnels and centralized management for seamless connectivity and enhanced data security. Designed to scale across platforms like AWS, Azure, and GCP, it optimizes traffic and connectivity while offering extensive visibility into vulnerabilities. However, integration with third-party products, usability, and support services are areas for development, as users report interface challenges and desire improved scalability and geographic coverage, especially in regions like China and South America.
What are the key features of Prisma Access?Prisma Access is effectively used in industries requiring secure remote access and stringent data protection, such as finance and healthcare. Organizations leverage it to enforce Zero Trust policies, optimize network performance with SD-WAN, and ensure security compliance across multiple platforms.
Prisma Access by Palo Alto Networks was previously known as Palo Alto Networks Prisma Access, Prisma Access, GlobalProtect, Palo Alto GlobalProtect Mobile Security Manager, Prisma SaaS by Palo Alto Networks, Prisma Access.
Concord Hospital, State of Colorado, Essilor International, RheinLand Versicherungsgruppe, University of Westminster, Universidade Nove de Julho, SPAR Austria, CAME Group, ZipRealty, Greenhill & Co., IKT Agder, Aviva Stadium, Animal Logic, Management & Training Corporation, Brigham Young University Hawaii, School District of Chilliwack
| Author info | Rating | Review Summary |
|---|---|---|
| Director at PULSEC | 4.0 | I use Prisma Access for zero-trust, finding its HIP Check valuable. It needs more global Points of Presence and better technical support. I recommend it, but wish pricing were lower to compete with physical firewalls. |
| Network and Cybersecurity Consultant at a tech services company with 11-50 employees | 4.0 | As a system integrator, I find Prisma Access's SD-WAN valuable for client edge access, leading to positive ROI. My main concern is its reliance on third-party infrastructure, which can impact operability, though I rate it an 8. |
| Senior DevOps Expert at Telenor | 4.0 | Having used Prisma Access since 2019, I value its stable and scalable security features like ZTNA 2.0 and CASB. However, Palo Alto's customer support needs significant improvement, and initial setup is complicated and costly. |
| Senior Manager for Infrastructure at a computer software company with 5,001-10,000 employees | 4.5 | I find GlobalProtect robust and stable, rated 9/10, beneficial for cloud security, though remote worker latency is a concern. We are exploring Prisma Access and Azure VPN to enhance support, despite Prisma's high costs. |
| Security Engineer at a tech services company with 1,001-5,000 employees | 4.5 | I use Prisma Access for internet control and remote work, valuing its on-premise firewall management. Its stability and support are excellent, but I desire better third-party integration. Despite being expensive, I recommend it for large organizations. |
| CyberSecurity Specialist at Aiuken | 4.0 | I use Prisma Access for firewall and IoC blocking, finding its ThreatVault useful and a major upgrade. I find the interface and complex permissions difficult, often needing good technical support, but the system is stable and effective overall. |
| Network and Security Engineer at a security firm with 11-50 employees | 3.5 | We implemented Prisma Access for strong SaaS and cloud security, valuing its comprehensive features, unlimited IPSec, and detailed logs. Despite initial complex setup and a slow dashboard, we find it stable, scalable, and more cost-effective than Zscaler. |
| Network Security Engineer at a manufacturing company with 10,001+ employees | 4.5 | I found Prisma Access excellent for remote work, offering always-on security, full firewall features, and great scalability, proving superior to past solutions. However, its identity management integration is outdated. |
| Connectivity Platform Cyber Security Specialist at BASF Business Services GmbH | 4.0 | I use this for client VPN, valuing its client-side simplicity and security. Despite being expensive, it's worth it for added protection. Scalability needs improvement on-premise, and overall security could be better, rating it 8/10. |
| Cyber Security Engineer at Paysafe / IBM | 4.0 | Prisma Access by Palo Alto Networks effectively secured our remote workforce during COVID, offering robust features like custom signatures and auto-scaling. However, it lacks certain web gateway functionalities compared to solutions like Zscaler and could improve GlobalProtect's capabilities. |

Prisma Access by Palo Alto Networks is mainly used by my clients for zero-trust infrastructure, which includes advanced VPN and zero-trust network access.
The HIP Check is the most valuable feature of Prisma Access, which is the feature usually used from GlobalProtect.
Prisma Access by Palo Alto Networks is essentially that, and my feedback is that the GlobalProtect cloud service is useful. GlobalProtect is locally hosted on the firewall.
For now, I still support Prisma Access by Palo Alto Networks with my clients.
Regarding the integration part for Prisma Access by Palo Alto Networks, the integration with identity providers is pretty much good. It is basically firewall as a service, so it performs well. I completed the integration without any issues.
What Palo Alto Networks can do better for Prisma Access by Palo Alto Networks is probably to have the point of presence available in more locations. The point of presence from the Serbia region has the nearest POP in Frankfurt, which is an issue since it is your gateway—when you start browsing the internet, you go through a commercial connection in Germany. They definitely need to spread the service in other countries.
I have been working with GlobalProtect for seven or eight years before Prisma Access by Palo Alto Networks was introduced. With Prisma Access by Palo Alto Networks, they rebranded it in the last year.
There was a delay of seven to eight minutes to receive an alert, but that was two years ago, so the product is probably much better now. At that time, the customer expected a quicker solution.
My clients are not satisfied with the technical support from Palo Alto Networks. The vendor support could be better.
I usually need to raise the alarm and contact a couple of people within Palo Alto Networks to just respond quicker, so technical support should be much better.
I have experience with different vendors for the same technology in Cortex. I provided a couple of POCs, but I did not sell any Expanse product.
Prisma Access by Palo Alto Networks is GlobalProtect, and I have been dealing with it for many years, so I can confirm that I am also not working with Prisma SD-WAN.
It is a pretty good solution, and I can provide my opinion about Prisma Access by Palo Alto Networks. They changed the branding to Prisma Access by Palo Alto Networks, but it is essentially GlobalProtect with a name change.
Prisma Access by Palo Alto Networks is a cloud firewall solution. I tried it, but the customer was not satisfied with the DLP functionality, such as a CASB or Security Web Gateway.
Regarding pricing, I would rate Prisma Access by Palo Alto Networks at around four on a scale where one is high and ten is low.
I would recommend Prisma Access by Palo Alto Networks as it is really good, but it would be much better if the pricing were lower so that I could provide cloud firewall services instead of physical firewalls to customers. I am currently providing physical devices instead of cloud solutions because of the pricing. It would be much easier to provide a cloud firewall than an on-premises physical one, as you need to go on-site, deploy it, and perform maintenance, whereas cloud service is much faster and more flexible.
My overall rating for Prisma Access by Palo Alto Networks is eight out of ten.

Our client's main use cases for Prisma Access by Palo Alto Networks include edge access from remote using an SD-WAN capability. In another case, our customers are exploring use for the SASE and CASB offering from Prisma Access by Palo Alto Networks.
We have been doing POCs for the last two years. I work for a system integrator, so we tinker with the technology. We are not end users of these solutions.
I find the SD-WAN part of Prisma Access by Palo Alto Networks particularly valuable.
It's a working solution. It's not the easiest, but no DLP solution is easy. With Netskope, the whole infrastructure is proprietary. Prisma Access by Palo Alto Networks is using a service in AWS, and it's not totally a proprietary infrastructure. Sometimes a third-party outage could impact the whole operability.
I'm not certain if the vendor is moving towards sovereignty of infrastructure at this moment, but from what I saw in the past, there was this reliance on third parties for the infrastructure: AWS, GCP, Oracle, and others.
This is one point of attention for me. I would prefer more proprietary infrastructure.
The product in question is Prisma Access by Palo Alto Networks.
The service and technical support quality varies depending on the personnel. I usually rate the service and technical support around seven. Sometimes it's great, sometimes it's not particularly great.
Positive
I'm not the one doing this type of calculation, but customers are quite happy with Prisma Access by Palo Alto Networks because there is less spending on technologies. There is a net positive return on investment, though I cannot specify the exact amount.
We have customers using CrowdStrike Falcon. We primarily use Cortex XDR from Palo Alto Networks.
Other products from Palo Alto Networks that we use include the next generation firewall offering, the SASE offering from Prisma Access by Palo Alto Networks via the SASE SD-WAN capability.
I am using Cortex Cloud by Palo Alto Networks and Prisma Access by Palo Alto Networks. Prisma Access by Palo Alto Networks has threat profile protection and inspection capabilities.
Machine learning is used in the sandboxing part to better understand file behavior, and it's applied to behavior analysis from user endpoint logs and activities.
I use Data Loss Prevention in the Netskope form currently. We use it to govern data traffic containing personally identifiable information or GDPR relevant information. I'm quite satisfied with it.
On a scale of one to ten, I rate Prisma Access by Palo Alto Networks an eight.
I have been working with Prisma Access since 2019. We have a service reminder for some of our customers. Our usual cases involve the integration of end-user computing solutions with GlobalProtect VPN services, managing private access applications, SaaS, and cloud networks such as AWS, Microsoft Azure, or Google Cloud Platform, using Prisma Access.
The most valuable features are ZTNA 2.0, CASB, Threat Prevention, and Autonomous Digital Experience Management (ADAM). These features are security-driven, providing robust protection against increasing cyber threats by integrating NG Firewalls, SD WAN, and CASB, all within a fully cloud-native solution. This enables easy integration with both legacy and modern platforms, allowing enhanced leverage and scalability.
Palo Alto's operational and support model needs improvement since we have faced issues with resolving problems. While the product itself is comprehensive and up-to-date, Palo Alto should be more vigilant and proactive in customer support.
I have been working with Prisma Access since 2019.
Prisma Access is very stable, and I am very much satisfied with its stability, rating it nine to ten out of ten.
Prisma Access provides significant scalability, allowing integration of different systems. It supports hybrid environments where some services are on cloud and others are on-premises, offering leverage in integrating service hubs, rating its scalability around eight to nine out of ten.
The product is reliable, making customer support less frequently needed. When needed, the operational model can pose issues. I would rate the technical support at less than five.
Neutral
The initial setup is complicated, however, once completed, it works fine. I would rate the initial setup process as around six or seven out of ten.
The pricing is on the higher side, rating it around eight to nine out of ten. While it is justified for its value, there is room for price reduction.
I would rate the overall solution an eight out of ten.
We are an on-premises company at the moment, so we use GlobalProtect. Our firewalls are hosted in our on-premises data centers and offices. We have been using this solution for years and are exploring options like Prisma Access and Azure VPN to enhance security and support for remote workers.
GlobalProtect has been beneficial for its cloud security capabilities, which are vital as businesses seek hybrid options and need to support remote workers while addressing latency issues. By establishing regional hubs in the cloud, we benefit from good backbone services provided by cloud providers like Prisma Access or Azure, which enhances performance.
GlobalProtect can face challenges with latency, especially when remote workers connect to centralized locations. Hosting it in the cloud can mitigate these issues by allowing connection through the nearest Palo Alto or Prisma Cloud regional hub. Overall, no specific issues with the product itself have been observed, but the need for cloud adoption is noted.
We have been using GlobalProtect for several years. For Prisma Access and Azure VPN, we have been testing them for the last couple of months.
GlobalProtect is a satisfying solution, and the product is robust without major stability issues.
Scalability can be limited by the physical hardware, which has performance thresholds. To scale, one would need to upgrade or acquire more hardware. However, if manpower increases significantly, then investing in scaling the hardware is justifiable.
Customer support from Palo Alto has been satisfactory. We rarely need to contact support due to having a strong internal team and a robust product.
Positive
Previously, we used GlobalProtect and Palo Alto Firewalls. We also worked with Cisco ASA and Connect. We are now exploring options like Prisma Access and Azure VPN.
The initial setup of GlobalProtect was straightforward and easy.
We have not performed ROI calculations yet, as we are still learning about the technology.
Pricing for Prisma Access and Prisma SD WAN is high due to the need for different hardware flavors like IONs. However, if a good return on investment is proven, then it is a good option.
The solutions we are considering are Prisma Access and Microsoft Azure VPN.
The advice is highly dependent on whether the business is more on-premises or cloud-based. On-premises businesses are recommended to use GlobalProtect, while cloud-based companies should consider cloud solutions to avoid additional spending on on-premises hosting.
The overall rating for GlobalProtect is nine out of ten.

Our primary use case for Prisma Access by Palo Alto Networks is to control the internet and serve as an internet proxy. Additionally, we use it for secure remote work.
One of the most valuable features of Prisma Access by Palo Alto Networks is the ability to manage on-premise firewalls. We can push policies directly from Prisma Access to FortiGate, which makes managing our on-premise firewall easier and more efficient.
There is a lack of integration with third-party solutions like CrowdStrike or SentinelOne in Prisma Access by Palo Alto Networks. Although they have a tight ecosystem with their products, opening up for integration with other solutions would be beneficial.
I have been working with Prisma Access by Palo Alto Networks for more than two years now.
I think the stability of Prisma Access by Palo Alto Networks is excellent, and I would rate it ten out of ten. There are no notable issues with stability.
Prisma Access by Palo Alto Networks is a cloud-based solution, and from my experience, there are no issues with scalability.
I find customer service and support to be very good, and I would rate them ten out of ten.
Positive
The initial setup was simple and not complex.
For companies with at least one thousand users, I recommend Prisma Access by Palo Alto Networks. I rate the solution 9.8 out of 10.

We are using Prisma Access by Palo Alto Networks for networking and firewall solutions. The most common tasks I perform include modifying rules and traffic, and blocking indicators of compromise. We are not utilizing Prisma Access by Palo Alto Networks to facilitate remote work in our organization.
The ThreatVault, which is the database of indicators of compromise from Palo Alto, is very useful, and that is probably the best feature I have worked with in Prisma Access by Palo Alto Networks.
Prisma Access by Palo Alto Networks makes our life easier because the firewall solution we had before was totally outdated and performing poorly. This solution has completely transformed our operations.
It is all about the interface. The Prisma Access by Palo Alto Networks interface is more difficult than FortiGate.
The area where we encountered most problems was the permissions system. When the client wanted to give me access, they did not want to give me super admin access because they wanted me to have access only for specific tasks. We had significant trouble with configuring those permissions and making them work, as there are many options on the permissions panel. The permissions tab should be more generalized. There are so many options that you always have to open a case for technical support. The technical support team resolved these issues effectively, but this remains an area for improvement.
I have not set up Prisma Access by Palo Alto Networks. They set it up, and I was just given access, so I do not really know about the setup process.
Prisma Access by Palo Alto Networks works efficiently during peak usage times. We have not experienced any problems with it. While I do not directly manage it since it is the device from a client of my company, I can confirm they have not reported any issues.
The solution is easy to use and has not given us any trouble.
I would scale Prisma Access by Palo Alto Networks up. However, it is more difficult to scale compared to FortiGate.
The technical support for Prisma Access by Palo Alto Networks was excellent during calls, deserving a nine out of ten. However, their ticket response time was slower, warranting a six out of ten. Overall, they merit a seven or eight out of ten.
The technical support was good, and although we had to reach out to them frequently due to permission issues, they managed to resolve the problems every time.
Prisma Access by Palo Alto Networks is cloud-based and operates as a SaaS solution.
I have been working with Palo Alto's Cortex, specifically the EDR and XDR components.
I would recommend Prisma Access by Palo Alto Networks to other users who are looking to implement it.
I have rated Prisma Access by Palo Alto Networks an 8 out of 10.
We are an integrator. We are providing the services to a partner of Palo Alto. We are using Prisma Access, Cortex XDR, and Cortex Data Lake.
We are using two kinds of services for security: one is Zscaler and the other one is Prisma Access. For Internet security, we are using Zscaler, and for SaaS applications security, we are using Prisma Access.
By implementing Prisma Access, we wanted to secure the traffic for SaaS applications such as Office 365. We had SaaS application traffic that was already bypassed, but because it was UDP traffic, it was still going to the Internet. There were some internal customer applications over the cloud, and we wanted to secure the content of those applications over the cloud. That is why we are using Prisma Access.
Prisma Access provides comprehensive security. It provides URL filtering, application control, SSL, DLP, etc. It provides complete security for the cloud environment.
We are using IPSec. If you compare it with Zscaler, there is no limit for IPSec bandwidth or throughput. Zscaler provides only 400 Mbps, whereas, with Prisma Access, we are not facing any such issues. We are getting unlimited bandwidth for IPSec. This is one of the main benefits when it comes to the cloud because sometimes the backplane could be very high. In such cases, Prisma Access is very helpful for us.
For our data at rest, which is our data stored in the cloud, we are using the CASB properties of Prisma Access. It provides security to our data at rest.
The way the product is designed is good. It does not take much time to identify a problem and what is going on because we have zone-based and site-based configurations. Whenever we have something coming from users, we get reported about the issue. It is very easy to troubleshoot. With the integration of Prisma Access with Cortex XDR, we can easily identify what is going on.
The logs that Prisma Access provides are also very detailed, so it is very easy to identify the issue and the root cause for resolution. Once you have identified the issue, the solution does not take much time.
We have a centralized dashboard. In the same dashboard, they have integrated multiple parts, such as Cortex Data Lake, GlobalProtect, and Prisma Access for Internet security or cybersecurity as well. There is a single dashboard integrated with different tools. It provides comprehensive security and is easy to manage.
In our infrastructure, we are getting 200 to 300 alerts on a daily basis. We get alerts about all kinds of issues, such as when the tunnel is fluctuating, reports are not getting generated, or there is some compliance issue in configuration. The alerting part is very good in Prisma Access. We get alerts instantly whenever there is a fluctuation. We, as administrators, look into them and resolve them on a priority basis.
These alerts reduce the resolution time and provide insights to proactively resolve an issue. This is a very helpful part of Prisma Access, but this capability is there in every product these days.
We are able to implement security control over the SaaS application traffic. We are able to implement the security posture, and we are able to implement the IPSec tunnel. We are using GRE as well. We are able to implement security for multiple use cases with Prisma Access.
It provides SSL inspection for private or internal applications. That is one of the key features we are getting from Prisma Access. We are using GlobalProtect along with Prisma Access. Even for our SaaS applications, we are doing SSL.
Prisma Access is good. Its security is good. Everything is good, but the way the dashboard responds can be improved. It takes time to implement a policy. If you change only 2 or 3 lines and push the policy to make the change work, it takes 20 to 30 minutes even for a small change. That is something very irritating from the implementation perspective. The response time of the dashboard for configuring things needs to be improved. It should be quick.
Its implementation is also a bit complex.
We have been using this solution for 2.5 years.
It is stable. I would rate it an 8 out of 10 for stability.
It is very scalable. I would rate it a 10 out of 10 for scalability.
Our clients are enterprises.
Their TAC part is okay. It is not the best, and it is also not the worst. They are good. I would rate them an 8 out of 10.
Positive
We have been also using Zscaler, but we are moving to Prisma Access completely. The decision to move is taken by the management. Zscaler is a better product, but it is very expensive.
Another thing is that management has decided to use the firewall solution of Palo Alto going forward. That is why they are proactively switching to Prisma Access. There will be better synchronization between security products. There will be GlobalProtect and Palo Alto Firewall in place going forward.
We had to define the architecture first. We were already using Zscaler, so it was a bit complex to shift the traffic to Prisma Access. It took months to implement this solution to segregate the traffic from Zscaler and move it to Prisma Access. It was not an easy task. It was a bit complex. Once it was implemented, it was good.
Its implementation could be difficult, but when it comes to operations, it is easy. The maintenance part is also good. Only the configuration part takes time. The portal also lags at times.
The implementation duration varies. An implementation can take weeks or months. It depends on your network, infrastructure, and applications.
As compared to other solutions, Prisma Access is much cheaper. It is probably 30% to 40% cheaper than other solutions, but I do not know the exact cost.
A customer is using 250,000 user licenses for Zscaler. You can understand what Palo Alto would offer to take over this kind of project. The price can be negotiated in many ways.
I am not sure if any other solution was evaluated, but I am pretty sure that PoC was not done for any other product.
If you are looking for a cloud security solution, you need to know how many applications are there on the cloud and what is your budget. Prisma Access is overall beneficial. Zscaler could be more expensive or trickier to manage because it requires expertise. Prisma Access is easier.
We have not done any automation. Everything is manual. We have not integrated any of the REST APIs with Prisma Access. We know that REST API is supported in Prisma Access.
Overall, I would rate Prisma Access a 7 out of 10.
We have about 2,000 users, and everybody started working from home when COVID hit, so they needed to use Prisma Access to do their work securely. They told us that this was the best thing we'd ever used. Employees said Prisma was a lot better than Juniper and the previous mode access solution we had.
We implemented it so that it's always on. A user doesn't need to do anything. It connects. Whether you're home or at the office, it cranks up, and you don't have to do anything.
The always-on feature is fantastic for the users. They don't have to think about it. When they go to a coffee shop to do work, there's no need to remember to toggle the VPN on. We'll protect them. URL filtering is the same at home as it is in the office. We can apply policies for URLs wherever our employees work. We see all their traffic and log everything they do as if they were in the office.
When COVID hit, we suddenly had 2,000 users that all needed to use a VPN solution. We had to abandon our previous VPN solution because Pulse couldn't accommodate such a large volume of users at one time. We stood up this cloud environment and switched everybody over to the Palo Alto Prisma Access, GlobalConnect, and GlobalProtect.
The user experience was so much better. Our executives were impressed. We got many compliments. Our senior team tends to worry about security, but they didn't need to fret over our VPN.
It's a full firewall, so I can apply firewall policies just as well for web-based apps as I can for offline apps. I definitely think that reduces the risk because I can write any policy I want.
Palo Alto has several other advanced threat protection features. In addition to the normal application and threat protection, it has DNS security, IPS, IDS, etc. I run their traffic through all of the impressions. It's not just URL filtering and decryption. Prisma Access offers a full firewall feature, and I take advantage of it.
Prisma Access is a Palo Alto firewall in the Cloud that works just like an on-prem firewall. I can manage it from the same platform I use to manage all my other firewalls. I write a policy in one place, and it goes into effect everywhere. It's extremely simple.
The security updates are definitely in there as well. I set it up to dynamically download and store the updates as soon as they're available. When Palo comes out with an extremely hot threat, I'm automatically blocking and protecting against it—not just on our internal corporate network, but for all remote VPN users.
That is an extremely important feature to have. You pay for those subscriptions, so why would you not take advantage of the people writing protections for you? Why aren't you installing them automatically?
I actually worked for a company that did not automatically install things. They thought we might break something. All the places where I had worked in the past automatically installed updates, and we never broke anything. It just worked. Palo Alto is really good about doing it right and protecting the customer.
Palo Alto Prisma 10 came out over a year ago. Palo Alto added this identity management feature. The legacy way Palo Alto selected which user is sitting on an IP address it passes through has been clunky.
Prisma Access still cannot use that feature, and it's been out for a year. Until they upgrade the Prisma Access backbone to 10.1, that integration will not be there. It's a powerful feature, and it's much more than collecting user IDs. Hopefully, they will add it this month.
I have been using Palo Alto firewalls for about 10 years now.
In the past two years, we've had no issues with the reliability of their cloud environment.
It scales up to thousands of users with no problem. We plan to go from 2,000 to 20,000 users. I don't need to do anything to scale up except buy more licenses.
I rate Palo Alto support a nine out of ten. The presales and support teams are fantastic. They have a technologically proficient person to help you through issues. They can bring someone else in if they don't. We changed support groups. Initially, we were a mid-tier group, but they switched us to the large enterprise team.
Positive
We used a Pulse VPN solution, and I also worked with Cisco AnyConnect in the past. In fact, that's probably what we're going to kick out the door in favor of GlobalProtect.
Pulse VPN used on-prem boxes. Our devices had reached the end of their usable lives, and I couldn't support them. It was going to cost a lot to buy new boxes. For that same amount of money, I could move everything to a virtual cloud environment. I don't need to maintain the hardware anymore. Instead of one box here in the United States, one in Europe, and one in China, I have 100 boxes worldwide.
Setting up Prisma Access is somewhat complex. You must configure many little pieces ahead of time to build the entire portal and LAN. It's slightly painful to ensure everything is working correctly. Do you wrap the comprehensive policy around everything you're trying to do? Configuration is not straightforward.
The solution doesn't need care and feeding once it's set up. It is just like another firewall. Adding rules isn't any different from setting restrictions on a local on-prem firewall.
I set up Prisma Access by myself with the help of Palo Alto's tech support and presales staff.
Prisma Access is worth what we pay for it, but it's hard to quantify. All of our senior staff would say it's worth the cost because it gives us peace of mind. They don't need to worry about security while they're on the road. We can protect all our remote users as well as our in-office users.
Palo Alto is the Cadillac solution, so their products are pretty expensive. That's just the way it is. Their solution surpasses anything else. Cisco AnyConnect, Zscaler, and all of the other products don't compare. Palo Alto is the market leader with the most features. It saves you work, and you don't have to worry about it.
The only license is GlobalProtect. That's the only part that you need to buy. The other features are all included.
I was already set on Palo Alto. We were doing a PoC with Palo Alto when COVID hit, and the codes did it for me. We had to get something stood up. Our hands were tied with Pulse because we couldn't support 2,000 users rushing in the door. The box would just tip over to that.
I rate Prisma Access a nine out of ten. There are definitely things they need to fix. Most people are familiar with VPN technologies. You ensure that it's connected and running the antivirus, etc. All those vendors do pretty much the same thing in that regard.
You can force Cisco into always-on mode as well. It's just different. Palo Alto is integrated into one Palo Alto management platform. There's no need to switch between various consoles to manage remote access. Everything logs to the same place as well. It's a single pane of glass for my corporate and my remote user logs.

We use the solution for client-based VPN remote access.
The solution's most valuable features were the model's reduced complexity on the client side and its capability to provide security.
The tools' scalability is subject to some limitations when done on-premise due to the need for additional licenses. However, in other scenarios, increasing scalability involves expanding infrastructure to accommodate more third-party VPN access. It is scalable as long as you pay the money. Also, it needs to improve security.
I have been using the product for seven years.
I rate the tool's stability an eight out of ten.
Prisma Access by Palo Alto Networks' deployment was straightforward. It was a big project and we were required to migrate the whole infrastructure. It took around six months to complete. It was a network migration project where we transitioned to the solution. The migration involved changing our network supplier from one provider to another. The IT team handled the technical aspects of the project.
We prepared the infrastructure, including the servers and firewalls. We focused on the repair of the firewalls, ensuring connectivity, and replacing the main infrastructure. After these preparations, we proceeded to deploy the clients, conducting a pilot for the clients as part of the overall process.
The product is worth the money.
The solution is expensive.
I rate the overall product an eight out of ten. It reduces the attacks by providing an additional layer of security that inspects all traffic going to the internet. In terms of handling traffic spikes or network demands, the product performs well, but occasional tuning and adjustments may be required, such as changing the connection node.
It enhances security protection beyond endpoint and computer security, which is effective when accessing the internet, and it also ensures secure VPN access to your company.

During the COVID times, the firewalls that were the on-prem gateways couldn't handle SSL decryption and VPNs. After everyone started working from home, the company faced the issue of not having enough firewalls for gateway and SSL decryption services. That's why we started using Prisma Access.
I used version 2.2 while working last with it two or three months ago. In terms of deployment, it was a Prisma Access hybrid solution with Panorama where we had firewalls and Prisma Access. It was not cloud-native Prisma Access with only cloud-based aspects.
We started using Prisma Access after everyone started working from home during COVID. Its auto-scaling feature was helpful for our organization. Prisma Access could scale depending on how many users were working from home. When we had additional users, unlike on-prem firewalls, we didn't have to worry about CPU and other things. It was also cheaper than on-prem firewalls because to handle a large number of users working from home, in the case of on-prem firewalls, we would've had to buy big firewalls.
With Prisma Access, there is auto-scaling. When there are fewer mobile users, there are fewer Prisma Access gateways, and when there are more mobile users, more mobile gateways are created automatically. For example, if you have a company with 10,000 people, you should be able to handle the VPN traffic of 10,000 people and SSL decryption of that traffic. So, you need to buy a big on-prem solution. After COVID, even when people start working from the office, you would need the biggest firewall to be prepared for the future.
Nowadays, most companies have started allowing employees to work from home. Most people don't want to return to the office. In many companies, many people are still working from home. Even in such a scenario, companies are expected to have a solution that provides flexibility for the workforce to work from home.
We were able to use Prisma Access as a VPN solution. We used it as a proxy, and all the traffic was going through it. We wanted the same capability as an on-prem VPN. It was nice to be able to VPN all the traffic that we wanted. We were able to secure what we wanted to secure.
Prisma Access has the same capabilities as an on-prem Palo Alto Firewall in terms of signatures and application IDs. You could do everything with Prisma Access to secure web apps and non-web apps. It is a cloud-native firewall. It seems they use containers in the background but with the same Palo Alto software that is on the firewalls.
It provides traffic analysis, threat prevention, URL filtering, and segmentation.
It supports auto-scaling for mobile users. It auto-scales depending on the mobile user traffic. For example, if 1,000 people are working from home today, and tomorrow, the number increases to 2,000, it is not going to be an issue. Prisma Access is automatically going to scale based on the users. This is really important because with on-prem firewalls, if you enable SSL decryption and VPN and many people join, logging becomes a big issue.
Prisma Access updates its signatures in the background, which is important because when you have on-prem firewalls, sometimes, the users forget to update signatures. With Prisma Access, this is not the issue because it automatically updates signatures.
Prisma Access provides the ability to make custom signatures, which is really important because if you want to block something, you can do it yourself. You don't have to call the vendor and ask for a custom signature to be made. When we compared it with Zscaler, Zscaler is not a bad solution, but it is quite simple. You can't add custom signatures for applications. With Palo Alto, irrespective of whether it is an on-prem firewall or Prisma Access, you can make many customizations, such as custom signatures. For example, you might want to write custom signatures for the Log4J attack. This is something you can't do with Zscaler.
It can be improved if some customers want to use Prisma Access only for web traffic. Currently, it is a bit limited. Zscaler works better for web traffic. Zscaler's agent application on your computer can configure the proxy settings automatically, whereas Palo Alto's GlobalProtect agent is only a VPN solution. You can't use it also as a secure gateway agent to force the computer to have the settings to send the data to Prisma Access. They suggest using other techniques to force the computer to use Prisma Access for a secure web gateway solution. So, Zscaler is more like a secure web gateway, and Prisma Access is more like a full VPN solution. I see the limitations of both vendors. Palo Alto needs to improve the GlobalProtect agent to work as a secure web gateway agent, not only as a VPN agent because some companies would want only a secure gateway. They wouldn't want a full VPN. So, Palo Alto has to make the VPN agent work as a secure web gateway agent for those customers who want only the secure web gateway solution. Other vendors' agents, including ForcePoint which I don't like at all, can do that.
One feature that I find missing in Prisma Access, as well as Palo Alto firewalls, is that they can't insert the 644 header. I want to be able to see the IP address of the users basically. My understanding is that almost no firewall can do this. It is not only Palo Alto, but it would be good to have this feature. The only vendor that I know can insert it is FortiGate, but with them, many other things don't work.
I have been using this solution for almost three years. I have worked with this solution in two companies. One of the companies was a partner with Palo Alto for their Next-Generation firewall and Prisma Access solutions. I also used it for a few months in another organization. I am now in another company, and I'm not using Prisma Access in this company.
It has good stability because it is a Palo Alto firewall. Palo Alto has made firewalls for many years now. It is based on the same software. So, if Palo Alto firewalls are stable, Prisma Access is stable. It is not something so new as everyone is talking about. It is based on the Palo Alto firewalls which are the leader in the market.
They had some issues before, but at that time, Prisma Access was only using Google Cloud. They had some latency issues, but now, Prisma Access is also using AWS. They can use Google Cloud or AWS in the background to provision your environment. The latency issues are now gone because AWS has better coverage than Google Cloud. Palo Alto understood that Google Cloud is not enough. So, they used AWS and Google Cloud as the providers for the Prisma Access solution.
It is a cloud solution. It auto-scales. It is using AWS and Google Cloud. They have a lot of coverage. It can be used anywhere AWS and Google Cloud have PoPs.
We had 1,000 to 2,000 people using it on a daily basis.
When you are working from your home, you can go to Prisma Access or on-prem gateways depending on the configuration. Prisma Access can work together with Palo Alto on-prem gateways. For example, if there's an on-prem firewall in Germany, German users do not have to go to Prisma Access. They can go to the German VPN Palo Alto Gateway, but if you have users in other countries where there are no firewalls, they will go to Prisma Access. So, you have this capability.
Their support is at a medium level. If you pay for premium support, they provide good support. Their normal support is not very good, but that's not only for Prisma Access, that is how Palo Alto works.
I'm working a lot with F5's BIG-IP. They have one of the best support teams. Even if you don't have payment support, their support is quite good. It is better than Palo Alto's normal support. In general, most vendors have issues with support. The worst vendor that I have worked with is Forcepoint. Their support is extremely bad even for paying users.
Neutral
We have different technologies. We still have web application firewalls that we use in the company. Palo Alto Prisma Access is basically for coordinated firewalls, where you have your firewalls in the cloud. Everything you can do with on-prem firewalls can be done with Prisma Access, but this isn't the only solution you need. You would still need web application firewalls along with Prisma Access. The use case of Prisma Access is to secure your corporate employees. Its use case is not to secure your servers from inbound internet traffic. It is like a secure web gateway proxy to secure your corporate users.
It is easy, and I can't complain. It is a straightforward process. It takes about one hour. It is not so complex. It is a cloud solution. So, you just specify how many gateways you want, and with a few clicks, it gets deployed.
You don't need prior knowledge of the setup, but you should be a good network engineer and have the basic knowledge. It can't be done by someone who doesn't understand security networking. You need to have a good understanding of how much bandwidth you need because Prisma Access is taxed on bandwidth. So, you have to know how much bandwidth you need. You have to do static analysis before deploying Prisma Access to know how much bandwidth your users are using on average and how big the connection is going to be. You can increase the bandwidth later, but it is better to provision from the start based on the bandwidth requirements. The bandwidth analysis takes more time than the provisioning itself.
Palo Alto helped us with the initial deployment. In terms of maintenance, being a cloud solution, it requires next to no maintenance. If your company becomes bigger, you may have to push out more bandwidth from Prisma Access.
It is a little expensive. Because it is one of the best in the market, it is a little bit more expensive than other vendors.
It is a little bit more expensive than Zscaler, but for a big company, this difference is not so big. Forcepoint has the cheapest support and the cheapest price. Forcepoint has a Cloud Security Gateway solution, but we ran away from them. If you want to go for the cheapest solution, go for Forcepoint and then complain as much as you want.
When comparing Prisma Access with Zscaler, you can't do much customization with Zscaler. That's why we selected Prisma Access. I like Prisma Access more than Zscaler because Zscaler doesn't have many capabilities. It doesn't let you do much customization, and you just have to depend on what the provider gives you as signatures.
For me, Zscaler is more for web traffic. Zscaler is comparable to Prisma Access when it comes to web filtering, like a secure web gateway proxy. If you want to filter out all your traffic, not only the web traffic, then you should definitely go for Prisma Access. Zscaler can be used as a firewall. They say it is similar to Prisma Access to filter out applications, not only web applications, but with Zscaler, you can't make custom signatures. They don't give you a lot of customization. You just enable the features and hope that they're enough. You can't do customizations that most big companies want. So, as a web filtering solution, it is comparable to Prisma Access, but if you want to filter out all the traffic and not only web traffic, then it is not so comparable to Prisma Access.
Zscaler also doesn't have application-level capabilities. Zscaler can't work with SIP traffic where you have to dynamically open FTP ports. For that, the solution should listen to the control plane traffic to know which port to open. Zscaler doesn't support that. So, it is quite limited for anything other than web traffic. However, Prisma Access is more limited when you use it as a secure web gateway solution.
Forcepoint also has a Cloud Security Gateway solution, but we ran away from them. Their cloud solution sometimes couldn't decrypt the web traffic. They had a bug when you want to decrypt one site from a category. For example, you want to decrypt Facebook, but you don't want to decrypt the social media category. In the Forcepoint GUI, you can specify that. In the GUI, it works, but in reality, it doesn't. There is a bug where the site will be decrypted or not decrypted only depending on the main category. You can't in reality change a site's decryption settings. Forcepoint didn't tell us they have this bug. They took two months to admit that and even got angry with me.
It is basically a Palo Alto firewall in the cloud. So, you can make custom applications and custom threat signatures. In terms of debugging, it is not as good as on-prem firewalls. With on-prem firewalls, you can do a lot more debugging, but you don't get a coordinated solution.
It is easy to use if you have experience with on-prem Palo Alto firewalls. Most customers who have Palo Alto on-prem firewalls have Panorama. Prisma Access integrates with Panorama just like on-prem firewalls. So, for customers who already have Palo Alto experience, it is quite easy. Palo Alto has another product for new customers, which is the Cloud Native Prisma Access, where you don't have on-prem firewalls. I have seen some videos about its web interface, and it seems very simple even for new customers. They can use Prisma Access without on-prem firewalls. They can use the cloud console, not Panorama. It seems even easier. So, newer customers would probably go with that technology and SD-WAN-based deployment, where almost all security is going to be in Prisma Access.
Prisma Access has two zones: an internal test zone and an external zone, which is basically the internet. It allows you to use segmentation. For example, if you're a customer of Prisma Access and you have many departments, you can create different tenants. So, different departments have different Prisma Access instances, but because we were a single company, we didn't use the tenant function. However, it provides the ability to split your organization's tenants so that different tenants get different policies.
Prisma Access’ Autonomous Digital Experience Management (ADEM) is a good feature that you can't have with on-prem firewalls. I have not been using Prisma Access for a couple of months, but I'm still watching the Palo Alto channels. I saw that, with ADEM, they have an agent application that could be installed on the end-user devices. It provides visibility and helps identify any connectivity issues to an application over the VPN. The user gets to know if the issue is with Prisma Access or their ISP so that they don't call the IT department for simple things. For example, if you have a packet loss with Salesforce, you would know where the issue is happening. Is it with the Salesforce cloud application? Is it in Prisma Access between you and the Salesforce application? Is it with your internet service provider? That's the idea of Prisma Access ADEM.
Overall, I would rate it an eight out of ten.