Buyer's Guide
Secure Web Gateways (SWG)
November 2022
Get our free report covering Zscaler, Microsoft, Palo Alto Networks, and other competitors of Cisco Umbrella. Updated: November 2022.
656,474 professionals have used our research since 2012.

Read reviews of Cisco Umbrella alternatives and competitors

Director Of Information Technology at a consumer goods company with 11-50 employees
Real User
Keeps us from getting compromised with something that will impact the day-to-day business
Pros and Cons
  • "Not a whole lot of oversight is required after WebTitan is installed. I get email notifications and occasionally browse the reporting. This is pretty important because I don't have the bandwidth to actively monitor all this stuff 24/7. It is just not possible. Therefore, it is important that it doesn't require a lot of my time once it is deployed and working."
  • "There were a few little glitches in the beginning when rolling out the client app that resides on laptops."

What is our primary use case?

The main focus is just adding an additional layer of security to what we already have, knowing that no particular solution protects you 100%. It provides an additional layer of security while browsing the Internet, which seems to be the most vulnerable place for most companies. It doesn't necessarily mean you are going to a legitimate site, as it could be redirecting you to something malicious, which turns out to be pretty bad. We already have an existing antivirus and gateway security. This was more just an added layer. We are strictly using it as a DNS filter. It seems to achieve what we are looking for. It also blocks some content that could be potentially questionable or harmful.

For our main corporate LAN, we are using WebTitan DNS forwarders that we have set on our local LAN through their DNS filtering servers. Then, we use the OTG client for our mobile devices. We also have laptop users who may or may not always be at our main corporate LAN office, and when they are not on the premises, they use the OTG client.

We are strictly Windows-based.

How has it helped my organization?

It is not necessarily providing any value as far as streamlining our processes. It is not helping with the day-to-day business side of things. It is more just an additional layer of security. It provides me more of a, "Hey, I have this additional layer of security. I have visibility into what is going on with these devices on the Internet browsing side." 

Keeping us safe is important. The safer we are, the less likely we are to get compromised and then have lost revenue and costs, whether it is a ransomware attack or just a single device down.

Since we have deployed this solution, it seems like there are fewer threats that our gateway security appliance detects. However, I have no way of saying, "Hey, without this solution, there would have been 100,000 attacks in the last six months, and with this solution, it is now 50,000." I have no way to really validate whether it is the WebTitan solution that is responsible for the decrease in threats being blocked at the gateway. I suspect that is the case as it seems like the number of threats have gone up for most businesses in the past year. So, it seems to have helped, but I have no way to really quantify whether that is the case or not.

A remote user has the WebTitan Cloud OTG client installed along with other applications that we have deployed, security, etc. This is really important in regards to keeping the technology side of our business going and keeping us from hopefully getting compromised with something that will impact the day-to-day business on the technology side of what we do. 

What is most valuable?

The dashboard of the customer portal has an overview of the web stats for the day, showing where we are at with some of the sites or addresses with high consumption and on what devices. It also has the ability to pull up past reporting, etc. Then, it ties all that stuff out to individual users, which is great. Since there is a lot of web traffic, if you are not sure where that is coming from inside your organization, then it is kind of hard to correct.

The DNS Proxy 2.06 works. There are no major delays in browsing the Internet. I haven't had any issues with it. Obviously, for seeing certain content be blocked, it seems to work just fine.

What needs improvement?

They probably could improve on the initial deployment and the issues that we ran into with the WebTitan Cloud OTG client installation on our mobile devices or laptops. Other than that, everything has been pretty turnkey for the most part.

For how long have I used the solution?

We rolled it out around November or December 2021. We demoed it for a bit, then went live.

What do I think about the stability of the solution?

Not a whole lot of oversight is required after WebTitan is installed. I get email notifications and occasionally browse the reporting. This is pretty important because I don't have the bandwidth to actively monitor all this stuff 24/7. It is just not possible. Therefore, it is important that it doesn't require a lot of my time once it is deployed and working.

How are customer service and support?

The little bit that I have dealt with them, the technical support has been fine. I have dealt with all kinds of different organizations and providers who had good and bad tech support. They rank right up there with some of the other good ones that I have dealt with. I would rate the technical support as nine out of 10.

How would you rate customer service and support?

Positive

How was the initial setup?

It is pretty straightforward to implement and put live in an environment.

The complete deployment probably took way longer than it should have. That was really more on my end, not on TitanHQ's end. I am the IT department, consisting of one individual. Under normal circumstances, if you had an organization with multiple IT individuals, then it could get deployed pretty quickly within a short period of time.

We had an existing server, which was an existing domain controller, that already had DNS on it. So, we just utilized the DNS forwarding side of the DNS server to essentially point to WebTitan's DNS filtering servers. Other than a little bit of my time to update the forwarders to what they provided, it didn't take more than a few minutes to make the change. Therefore, there was very little cost on that piece of it.

What about the implementation team?

The guys at TitanHQ were able to help with the initial testing that I did. Once we decided to go live with it, they made it pretty easy to deploy in our organization. There were a few little glitches in the beginning when rolling out the client app that resides on laptops. However, once they figured out what was going on, that was resolved. Then, all additional deployments to all the remaining laptops in our organization were turnkey and problem-free.

The initial account representative that I dealt with was great about communicating. He set up remote Zoom calls to kind of go over the platform and help with the onboarding process, then looped in the tech support team when needed. It was a pretty turnkey process from start to finish.

What was our ROI?

As far as seeing the value, it was probably instantaneous. Once we went live with it, I could review stats on the customer portal side of things and just dig into the details, which was easy to understand. It was pretty instantaneous to say, "Hey, we made the right decision."

In my mind, it is well worth the money that we spent. We will continue to probably spend per year on this solution, knowing that this is one additional thing that I can say, "Hey, I have implemented," that will provide us the best protection out there along with everything else that we have.

WebTitan helps reduce costs associated with web filtering. In the event that somebody was compromised due to browsing the Internet, there will be at least one device offline. The time and energy spent cleaning that thing up and getting it back online, as well as having that user set up with some sort of a solution so they can continue working, makes it well worth the money. If a single device has been compromised, my time and the potential of having to buy additional hardware is worth at least a couple thousand dollars. Worst case scenario, if our entire organization or the majority of our organization got compromised, then it could get into the 50,000-plus for recovery. It depends on if it is a massive ransomware attack where it has pretty much crippled our entire business.

Which other solutions did I evaluate?

I looked at a couple other solutions, like Cisco Umbrella, but this was the one that I decided to go with. I decided to go with WebTitan because of online reviews and the price point. It felt like the right solution versus some of the other ones out there.

I demoed Cisco Umbrella for a bit. It just seemed like it was going to take too much time to get it up and running in our organization. I felt that the cost and the amount of time, then potentially what it might require moving forward, was just too much.

What other advice do I have?

I elected not to use it with Azure Active Directory. We don't use Azure and I don't have AD integration set up at this point. Down the road, I might elect to do so. It just didn't make sense for the size of our organization.

It probably doesn't provide much value on the customer service side because that is a totally different system. It is self-contained and cloud-managed by the provider.

Being around the technology industry for many years and just seeing different services and applications come, go, and evolve, I would say WebTitan (at this point) seems to be a good solution that doesn't require a lot of out-of-pocket expenses. It also doesn't require a lot of IT resources to implement and manage moving forward.

I would rate this solution as nine out of 10.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Behzad Barzideh - PeerSpot reviewer
Senior Network Architect at SUNY at Stony Brook
Real User
Top 20
We don't have to worry about DNS infiltrations and helps ensure that end-users don't visit problematic websites
Pros and Cons
  • "When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters."
  • "The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood."

What is our primary use case?

BloxOne is for DNS protection. We point our local domain name servers to it and it has a feed for "bad character" domain names. We protect our end-users that way. The way we're using it, that's all it does. It fits in somewhere in the middle of our security stack. DNS is the most important part of networking. Not so many people see it that way, but if you can't resolve, say, "cnn.com", nothing works. If your DNS doesn't work correctly, nothing is going to work correctly on your network. It is one of the first layers that comes into play when going to a website or using email.

It's a SaaS solution, a service that InfoBlox provides. All the systems are run by them and they maintain it.

How has it helped my organization?

It puts us at ease. We don't have to worry about so many DNS infiltrations. It has integrated and helped us make sure that our end-users don't visit websites that are not clean. Overall, it has helped with that side of our security.

BloxOne has also reduced the amount of effort for our SecOps team when investigating events. They have been using it and they're happy with it.

Overall, it's much easier to log, detect, and troubleshoot those aspects of the network.

What is most valuable?

The GUI has been improved a lot. It's easy to use and intuitive to navigate and to do whatever it is that you want to do with the system. Ease of use is one of the top features.

When it comes to helping to detect DNS threats, BloxOne is good on all fronts. The number of false positives is very low, close to none. More than once it has detected new names or lookalike names and protected us and saved us from bad characters.

What needs improvement?

The research side and the reporting side need improvement. Both of those are items on the menu. They could use a little bit of cleanup to make their respective information more easily understood.

For how long have I used the solution?

I have been using Infoblox BloxOne Threat Defense for a year and a half. 

What do I think about the stability of the solution?

We have not had any service outages with BloxOne. It has been very stable.

What do I think about the scalability of the solution?

We have scaled it as far as we need to, and I have not seen any issues in that regard.

BloxOne gets used with every device in our enterprise that does DNS. As the number of devices grows, usage goes up. It is something that gets used without people even noticing that it's there. Almost the entire enterprise is using it.

As for increasing the use of its features, such as the integrations, we have talked about it, but we have way too many other projects and that has been put on the back burner.

How are customer service and technical support?

The only time we contacted them for support was during the initial setup, and that's how we got our SE to help us with the categories. On a scale of one to 10, their support is a 12.

We have been using InfoBlox as a company for more than 10 years. Their support team is well-versed in their products. They know their stuff. And if they don't know something, or there is something they haven't worked with, they are very quick to bring in somebody who knows the environment better. They don't drag you along while they're trying to learn, and that is something I really like.

Which solution did I use previously and why did I switch?

We used something else that does almost the same thing. It provided us with the ability to block DNS. We have been doing this for the past 20 years or so. We switched to BloxOne because it's cloud-based. Logging is easier. With all of the previous systems that we had, we had to sacrifice on the logging feature, reduce the logging, because we couldn't maintain that size of a log. With BloxOne, logging is in the cloud and it's not limited. Also, somebody else is maintaining it, which we like.

How was the initial setup?

The initial setup was "in-between." It wasn't so complex, but it also was not so easy that anybody could do it. It had a learning curve, but the learning curve was not that bad. I tackled the learning curve by asking questions of my SE. He was able to give me directions about the best way to configure it.

The kinds of things I asked about were best practices around which categories to enable. I needed to better understand what all the categories were, and what they mean. The default settings were too rigid and we had to make some changes. The SE helped us to understand all the categories, which categories were redundant and which categories should be more relaxed.

We had a PoC deployment and then production. All together, they took about two to three working days.

Our implementation strategy was to set it up the way we believed it should be set up. We put it in a test environment and then realized that some of the categories were too restricted. We got on the phone and then made some changes to those categories. After a couple of weeks of testing, we put it into production. All the settings that needed to be enabled were enabled at that point.

The team that logs in, in administrative roles, includes about eight people, and I don't think they're in there that often. We're usually in there if there's a report of domains being blocked that shouldn't be blocked. For all intents and purposes, it is set-it-and-forget-it. It has been that simple. We don't go in there unless there is a very specific reason for taking a look at something.

For deployment, it was the networking team, so that everybody was aware of how it was set up. BloxOne doesn't require any maintenance because it's in the cloud and Infoblox is maintaining it.

Which other solutions did I evaluate?

We looked at BlueCat and Umbrella. We went with BloxOne because it integrates better with our system. The functionality also looked a little bit better than that of the other two products.

What other advice do I have?

If a colleague said to me that their next-gen firewall and other security tools mean that they don't need a DNS-specific security solution, I would say to them that, in my opinion, security is layers. Just because you have one layer doesn't mean that you can remove other ones. They work hand-in-hand.

Do a proof of concept for your environment, a test environment, to make sure that it does what you want it to do. And try to understand the categories that it has. Spend some time understanding the categories before you enable them or put them into production.

The biggest lesson I have learned from using BloxOne is patience. It is the cloud, so when you click on something you have to give it a little bit of time to do whatever it needs to do in the back end, before it actually gets implemented. You have to be patient.

I'm sure it would be able to integrate with our firewall company, Palo Alto. But, at the moment, we haven't needed to do that.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
David Carlson - PeerSpot reviewer
CIO at Camco Mfg.
Real User
Non-IT people could plug it in, connect it to the fiber, and get it running without IT help.
Pros and Cons
  • "FortiGate is easy to configure. We configured one of the units and sent it to Indiana to be installed. We asked them to give us a call when they got it, so we could help them through the process, but they called us back to tell us it works great."
  • "Fortinet needs to continue to improve network traceability. Other than that, we haven't run into anything that would give me any concern."

What is our primary use case?

We're a manufacturing shop. So we have 500-700 users on FortiGate SWG and various devices on the manufacturing floor and inside the warehouse using it. Our ERP is on-premises in the United States, so traffic from Asia to the US passes through it.

Eventually, it's going to be used throughout the enterprise. So we're using the gateways today. We have purchased two access points for wifi. Fortinet's devices all talk to each other and use the same management platform. We're planning to transition to 100 percent Fortinet gradually.

How has it helped my organization?

We adopted Fortigate to go to SD-WAN. When I looked at the market, I found Fortigate offered some of the best SD-WAN capabilities, and they're reasonably priced compared to some of their competitors.

We went to SD-WAN because we're moving to Microsoft Dynamics for finance and operations and putting our telephone system into the cloud. As we shift more and more capabilities into the cloud, we need the ability to manage and monitor everything. If we're putting our ERP into the cloud and have performance issues, I need to understand if it's a problem with the internal network, the cloud connection, or Microsoft. Fortinet can pinpoint the source of the problem, so we can work with the right people to get it resolved.

What is most valuable?

FortiGate is easy to configure. We configured one of the units and sent it to Indiana to be installed. We asked them to give us a call when they got it, so we could help them through the process, but they called us back to tell us it works great. 

Non-IT people could plug it in, connect it to the fiber, and get it running without  IT help. That was fantastic. Fortinet also offers a single pane of glass that we can use to manage our routers with gateways, so that's convenient. We're running a VPN to our remote location, and the performance is good. We're changing all our VPN connectors on our laptops from Cisco's Anywhere to Fortinet's VPN because the performance is just so much better.

What needs improvement?

Fortinet needs to continue to improve network traceability. Other than that, we haven't run into anything that would give me any concern. Their support team has been fantastic. One went down, and they immediately sent me a replacement. Everything that they've done has been great.

For how long have I used the solution?

I've been using FortiGate SWG for about  six months now.

What do I think about the stability of the solution?

FortiGate is highly stable.

What do I think about the scalability of the solution?

I was pleased with the scalability.  We have a mid-range appliance in our headquarters and entry-level devices in our remote sites. They all perform extremely well. We did never needed to purchase their largest devices to get the performance we need.

How are customer service and support?

I rate Fortinet support eight out of 10.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We switched from Cisco to Fortinet for a host of reasons, including price. It's also easier to set up and manage.  Cisco requires you to understand how to configure the bare metal, which requires configuration inside the switch, but Fortinet lets you set up profiles and download them. 

How was the initial setup?

I was hoping FortiGate would be more straightforward to set up than it was, but my team has been working with it for around six months. They're getting up to speed and learning to manage it on their own. I have two people on my infrastructure team working on it part-time as one of their many responsibilities.

We're still deploying it and waiting on equipment in Asia. We just got the United States up and running. It took a couple of months because we have six sites. However, we weren't actively doing things for most of that time. We did the headquarters and two other locations in the same city. Next, we set up our remote sites. 

What about the implementation team?

We did have an integrator come in and help us in the original setup, but now my team is managing it. You could do it in-house, but there's a learning curve. If you're a Cisco shop moving to Fortinet, your team needs to learn Fortinet byou can to do it in-house. 

Fortinet has a good training program, and you can become certified just like Cisco. You mainly need to use an outside provider so you don't have to undergo that learning curve before you can be productive. They're also going to know the tricks of the trade to do it best.

What was our ROI?

When we were using Cisco, we had a hot fiber connection and a backup in case of issues. One reason we wanted to go to SD-WAN is to be live-live. We wanted to ensure sure that we could use all our internet connections at the same time and not have anything sitting in a backup situation. It's moving traffic much better.

What's my experience with pricing, setup cost, and licensing?

FortiGate is priced reasonably. We bought a spare to have in case of issues.  It was only $500 for the raw hardware and around $2,000 more annually year for the support and subscription.

Which other solutions did I evaluate?

We looked at four or five different vendors with SD-WAN capabilities, including Fortinet, VMware, and Cisco.  We went with FortiGate because of ease of use and price.

What other advice do I have?

I rate FortiGate SWG eight out of 10. It's a solid product that's easy to install. At the end of the day, there's no reason to use a firewall without SD-WAN capabilities. It brings so many more features to the table.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Information Security Team Lead at Oregon State Treasury
User
Top 20
Does not have the ability to send/merge Harmony logs, technical support isn't helpful, and there are issues with reliability
Pros and Cons
  • "HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways."
  • "Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point)."

What is our primary use case?

Our primary use case is as a Security Web Gateway for off-premises users. 

We use Check Point for application control, IPS, and web filter on-premises and wanted an in-kind solution for off-prem users. The primary requirement was for the Harmony policy to be able to be managed from the same SmartConsole instance as our on-premises gateways are managed. 

We wanted to be able to have one single policy, managed in one place, and for our users to have the same browsing experience whether off-prem or on-prem. It was also a primary requirement to be able to have the logs generated from Harmony merged into the same locations (SmartConsole and our SIEM) as our on-prem gateway logs go.

How has it helped my organization?

It has not improved our organization due to being unable to fully implement in the manner it was sold to us as being able to. 

After attempting to use the same policy for Harmony that we use for on-prem users (managed by on-prem smartConsole), and after much time going through Check Point account reps and support, we were informed it is not possible to manage Harmony Connect policy from SmartConsole if layers or source objects (such as AD users, machines) were used. 

We then were told by Check Point it would be possible to manage both policies from the same platform if we used the Management-as-a-Service Smart1Cloud smartconsole, but after further investigation, we were then later told by Check Point account executives and support that we are unable to manage Harmony policies from Smart1 Cloud, even though they are both housed in the Check Point Infinity Portal. 

It is also not even possible to send our Harmony Connect logs to the Smart1Cloud portal, again - even though they are both within the Infinity portal.

What is most valuable?

HTTPS decryption is a valuable service and not always found in cloud-based secure web gateways. With as much traffic being HTTPS as opposed to HTTP these days it is very important to be able to run that traffic through all the security modules such as IPS and Application Control

We also found the SAML integration to be useful. It is handy to be able to access the portal from anywhere in the world, though as mentioned above we are not fully implementing the product at this time due to other issues.

What needs improvement?

We want the overall ability to manage Harmony and on-prem policies from the same platform. Harmony lacks this ability when anything more than a vanilla access policy is used (we use layers and source user objects in our policy which make this impossible according to Check Point). 

Also, we need the ability to send/merge Harmony logs into the same SmartConsole as our on-prem Gateways send logs to. Have been told this is not possible by Check Point. It makes it really difficult when you have to use two different platforms/portals to see logs

For how long have I used the solution?

I've used the solution for about six months.

What do I think about the stability of the solution?

I have not had any issues with stability, although we have not fully used the solution in the manner intended.

What do I think about the scalability of the solution?

I have not had any issues with cloud-based resources, so I assume it would be easily scalable.

How are customer service and support?

We have had many issues with customer support on this product. 

One example: I created a support ticket for a simple issue on the product not being able to be installed on our client machines. 

It took over a month to resolve with my team having to repeatedly follow up with support in order to get a result. My team eventually had to dig into the issue at a great depth ourselves and discovered the problem - it was that Check Point developers did not properly sign multiple scripts associated with installation, which would not allow it to install in our secure environment. 

My team had to unpack the installer and dig around to examine the files and find the mistake in signing. The issue was then finally solved by Check Point developers in Tel Aviv.

How would you rate customer service and support?

Negative

Which solution did I use previously and why did I switch?

We previously used Check Point Cloud Capsule, which is a similar product. However, we were never happy with its performance and its Application Control objects were very out of date. Support was always hard to get on it from Check Point as well. It was also unable to be used alongside our VPN solution (Microsoft Always-On VPN).

How was the initial setup?

The initial portal setup was straightforward in that the portal is automatically provisioned. 

Getting users integrated through SAML was not straightforward in that the instructions from Check Point on linking it with Azure AD were not accurate. The pre-built Enterprise Application object within Azure AD that is provided for Harmony did not work either. We had to adjust several of the settings to make it work (which were not covered by any support article).

What about the implementation team?

We handled the implementation in-house.

What was our ROI?

We have seen a negative return on investment

What's my experience with pricing, setup cost, and licensing?

Pricing and licensing seemed acceptable; we have no complaints there. 

Which other solutions did I evaluate?

We also evaluated solutions from Cisco and Palo Alto.

What other advice do I have?

Users should just make sure the solution will actually do what is expected, regardless of what the company says it can do.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Microsoft Azure
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Alexander Arnold - PeerSpot reviewer
Infrastructure and Network Engineer at Servomex Group Limited
Real User
Top 10
Easy to deploy, use, and manage, but needs more granularity and control over the interfaces and better licensing and support
Pros and Cons
  • "I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable. It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway."
  • "It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity. They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler. Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best."

What is most valuable?

I like its ease of use. It has a single pane of glass for the ZIA and ZPA pieces. It is very manageable. 

It is also very easy to deploy for secure access, and it gives half-decent coverage for visibility in terms of what the users use and what data is being proxied through the access gateway.

What needs improvement?

It has massive room for improvement. The Zscaler product itself is okay, but it doesn't give enough granularity for us as an organization to stipulate rules or processes, especially for data-driven services. For instance, we can stick on SSL inspection, but it's just a click box. It doesn't allow us to go any further into the detail of the SSL inspection. We also can't pull it out without having an additional logging server. It just doesn't give us enough granularity. 

They should give us more control over the interfaces because it is all backend. They weren't very open to discussing their backend architecture with us in terms of their own data centers. They can maybe a little bit more open about what components are there and how the backend infrastructure works alongside Zscaler.

Its licensing can be better. Some of the additional licensing costs are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. 

Their support should also be improved. I initially had a consultant from Zscaler for its deployment, but the support that I had throughout the deployment of the project wasn't the best.

Which solution did I use previously and why did I switch?

We weren't using any other solution.

How was the initial setup?

It is very easy. There were some constraints trying to deploy the access gateway and the endpoint client to some of our regions due to processes being blocked. They gave a list of processes that need to be allowed through ADM endpoints and our sort of antivirus products so that they're not scanned, and they're allowed through to function. However, I had some issues in following the guide and trying to get them initially deployed and allowed through. The firewall has to be off regardless of whether the port allocations were opened or not, but this could potentially be a regional issue. Other than that, the deployment was very easy.

What about the implementation team?

I went through a subsidiary company of Zscaler. I initially had a consultant from Zscaler themselves, but the support that I had throughout the deployment of the project wasn't the best. They were very much technical sales as opposed to technical consultants. I myself had to work through and resolve a lot of issues that I faced during the deployment and setup.

What's my experience with pricing, setup cost, and licensing?

It has been relatively reasonable for what it does. Some of the additional license costs based on the advanced next-generation firewall functions are quite high, and they should have certain features ready and available as a baseline rather than having to purchase additional licenses for it. Overall, the cost seems reasonable.

What other advice do I have?

What I would say is that try it, test it, and ensure that it sort of meets the company requirements. We were lucky enough to go through an extensive trial period. Zscaler, unfortunately, only allows a two-week trial regardless of where you are with the setup. They only give you coverage for a very basic setup. You have very limited time for trying anything further or trying the product as if it was in the production environment. Therefore, I would advise scoping out what you want and how you want to achieve it as quickly as possible. After that, you can really hammer home when you go through the initial deployment to ensure that it works and meets all the requirements.

We are now looking at Cisco Umbrella. We are a Cisco house predominantly, and Cisco Umbrella just interlinks with our VPN solution and our overall architecture. We're looking to migrate to a Meraki SD-WAN fabric because it allows us to just use that network overlay underneath the secure access edge and just incorporate it into what we already have.

I would rate Zscaler SASE a seven out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Secure Web Gateways (SWG)
November 2022
Get our free report covering Zscaler, Microsoft, Palo Alto Networks, and other competitors of Cisco Umbrella. Updated: November 2022.
656,474 professionals have used our research since 2012.