We performed a comparison between Appgate SDP, F5 BIG-IP Local Traffic Manager (LTM), and Prisma Access by Palo Alto Networks based on real PeerSpot user reviews.
Find out what your peers are saying about Zscaler, Palo Alto Networks, Cisco and others in ZTNA as a Service."It is pretty stable."
"The simplicity of the SDP platform is a standout feature; instead of navigating through intricate details, users can seamlessly connect to the company's network or switch to the internet with minimal effort."
"The interface is really friendly. It's simple to understand."
"The flexibility of the tool is valuable. It is very robust. It has a very robust configuration capability."
"One of the most important features is stopping lateral movement across our network."
"It is a scalable solution...The support answers your questions very fast."
"It is a stable product from a stable company. Recently, they have been more focused on security as well."
"It makes the publishing of applications to the Internet safer."
"The combination of ADC and WAN is the most valuable feature."
"We have multiple solutions we can deploy through the F5."
"It integrates with AWS WAF, which makes it easy to deploy without changes to your infrastructure."
"I have found F5 BIG-IP Local Traffic Manager (LTM) to be stable."
"The most valuable feature is the F5 LTM (Local Traffic Manager). This is the part of the product most organisations will be using most. It provides the core functionality to be able to load balance services and the means and the intelligence to be able to load balance based on advanced logic, e.g., TCL scripting."
"It offers features Kemp doesn't provide. For example, there are predefined templates for handling Office 365. You can download them for automatic configuration."
"It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful."
"It's quite reliable and performs well for users."
"The always-on feature is fantastic for the users. They don't have to think about it. When they go to a coffee shop to do work, there's no need to remember to toggle the VPN on. We'll protect them. URL filtering is the same at home as it is in the office."
"Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. It also allows us to access non-web apps; anything internal that we need access to, we can access."
"We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions."
"The solution also provides traffic analysis, threat prevention, URL filtering, and segmentation. That combination is important because it enhances the protection and makes the traffic more secure. It also keeps things more up-to-date, enabling us to deal with more of the current threats."
"It's very stable. Sometimes after installing the boxes, we leave them for one or two years. We would just touch the box in the case of the customer needing new requirements or changes to the setup."
"It protects all app traffic so that users can gain access to all apps. Unlike other solutions that only work from ports 80 and 443, which are predominantly for web traffic, Prisma Access covers all protocols and works on all traffic patterns... The most sophisticated attacks can arise from sources that are not behind 80/443."
"One limitation is that it's harder to provide access to multiple applications in the company with Appgate, but that's probably because of poor management."
"On the cloud, when you make some changes, it may be difficult."
"The user interface should be improved as it is not very easy to work with the updates."
"One thing that kind of sticks out to me is the ability to do a proper non-split tunnel. VPN tunnel-wise, it is not really a true unsplit tunnel, but I think that's just because of the way it's designed. A split VPN basically allows your system to talk to other systems without being forced down the tunnel. A VPN running in a non-split tunnel mode forces all the traffic down the tunnel to wherever you're VPNing to. It forces the traffic down so that the traffic is subject to the firewall and rules that you have in your corporate environment and such. It helps to prevent remote malicious folks that may be talking directly to that box from piggybacking into the corporate environment through it. They do it partially, but it would be nice to see more of an enterprise-level solution there."
"It would be better to connect to an application portal from any device. Documentation and support could be better."
"They could provide a single-box solution to manage tools for 4000 users. Additionally, they could add extra features to enhance remote micro connection."
"F5 has another solution to load balance servers on the cloud, which they got after the purchase of NGINX. It is deployed as Kubernetes or something like that, but the problem now is that they have two solutions for two situations. They should make F5 deployable on the cloud."
"The initial setup can take a long time."
"Technical support could be faster. It's something I'd like to see them work on in the future."
"Bugs are the part of program and they are fixed with every release, as with any vendor."
"It's a very expensive solution."
"F5 could improve the rule-setting capabilities in the GUI, and they need to simplify web management. For example, the menus in the Citrix GUI are easier to navigate, with a clean structure and layout."
"While the licensing is good through the AWS Marketplace, it is more expensive than what you could buy yourself."
"If one virtual portion is unavailable, it can cause issues."
"We would like to see improvements in the licensing; currently, Palo Alto provides 500 to 1000 licenses for users, and we want to see 1500 to 2000 licenses for one version."
"If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos."
"The cloud setup is straightforward, and the onboarding process is much better, but the on-premises initial setup is slightly complex."
"The frequency of updates could be reduced."
"The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes."
"Prisma would be a stronger solution if it could aggregate resources by project or by application. So say we have an application we've developed in AWS and five applications we've developed in Azure. The platform will group it according to those applications, but it's based on the tags we use in Azure, which means I have to rely on development teams to tag resources properly."
"While Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on."
"It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work."
More F5 BIG-IP Local Traffic Manager (LTM) Pricing and Cost Advice →
More Prisma Access by Palo Alto Networks Pricing and Cost Advice →
