We changed our name from IT Central Station: Here's why
Global Leader Network Engineering at a financial services firm with 5,001-10,000 employees
Real User
Always-on VPN is constantly securing our system, but bugs and response to them have been challenging
Pros and Cons
  • "Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. It also allows us to access non-web apps; anything internal that we need access to, we can access."
  • "We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this."

What is our primary use case?

Prisma Access GlobalProtect is our always-on VPN. We use it for URL filtering, to make sure people don't go to websites that are not permissible according to our security policy, such as gambling and pornography sites. We also implement Data Loss Prevention and decrypt the packets so that we can analyze the inside and make sure that nobody is trying to exfiltrate data. It's always on and it doesn't matter if you're in an office or at home or in a coffee shop or a hotel. 

We also use their service connections to access our internal services through them.

How has it helped my organization?

Since everybody is on the network all the time, it's allowing us to eliminate the step of having to connect to a VPN. That's the whole premise of an always-on VPN. Nobody has to think, "Oh, I need to get on VPN before I can connect to that server," or, "Oh, my VPN timed out because I've been on for 12 hours." The whole premise is that you're constantly on a VPN and it's constantly securing the system. That has helped from an end-user perspective. It hasn't come without its challenge, but that is one thing that is definitely a benefit.

In terms of security, it's definitely better than what we had because a user could just disconnect from the VPN before. They couldn't shut off the cloud proxy, but the cloud proxy only handled web-based traffic. If they wanted to FTP to a server, when they were connected to the VPN, it would get blocked. But they could just disconnect from VPN and then connect to FTP. Now, it goes through more security controls. So we are definitely more secure because of it. But it's just a completely different technology; it's more because of that than the product itself.

It's also somewhat of an alternative to SD-WAN. We had been looking at SD-WAN solutions and, realistically, the way the users are connecting now with Prisma Access, there's really no need for it.

What is most valuable?

It's an always-on solution and it supports both Mac and Windows. We have one configuration globally, and the only area where we had to do something differently is China.

Prisma Access protects all app traffic, so that users can gain access to all apps and that's very important because we need to be able to access everything. 

It also allows us to access non-web apps; anything internal that we need access to, we can access. Because we're using it as a VPN solution, our users are always on the internal network, regardless of where they are. They can't do anything because we lock them down so that if GlobalProtect doesn't connect, they can't get out to the internet. It's helped in that there were things that people would work around in other ways with our old model, things that they can't work around with the new model.

Also, having a single cloud-delivered platform, a global solution, was a key requirement for us.

We use the solution's threat prevention, URL filtering, and segmentation and they're all extremely important, based on what we're doing with the product. It's also very important to the business that Prisma Access provides millions of security updates per day.

What needs improvement?

We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this. We've had some very pointed discussions with the support organization and the development teams on those issues and on doing what we can to help remediate them as well. They have been more responsive now towards our needs but it's a work in progress. 

They're going from being an organization that supported physical hardware, the Palo Alto firewall, into the realm of a SaaS-based solution. As a result, they need to change their operating model, support model, and release model to support that SaaS-based solution. That is related to support, related to operational efficiency, and deployments of code. Those are the areas where they need to improve.

For how long have I used the solution?

I've been using Prisma Access by Palo Alto for about a year.

What do I think about the scalability of the solution?

I don't see issues yet in terms of its scalability. We have more capacity than we need, so I think it's fine. We have firewalls in every region and in every country that Palo Alto has available. It's fairly scalable.

Which solution did I use previously and why did I switch?

We previously used Cisco AnyConnect for VPN and a cloud proxy solution for web-based security. We went from two products to one. The main purpose was to find a replacement for the cloud proxy solution. VPN just wound up being a good and positive outcome, in addition to it.

How was the initial setup?

The initial setup was complex. It has taken us almost a year, but we have about 7,000 users. We're just finishing up the main deployment of 5,000-plus users. We had an acquisition earlier this year and that will add another couple of thousand users. There have been a lot of hurdles with the bugs that we hit in the product. The stability of the software has been our biggest challenge.

What about the implementation team?

We did the deployment ourselves. In terms of maintenance, I manage the network engineering team globally, and our team is responsible for it.

Which other solutions did I evaluate?

We did look at other vendors when we were deciding on our VPN software and we went with Palo Alto for security reasons. 

What other advice do I have?

My advice would be to wait until they fix the bugs. We've been on a pretty stable version for the past several months and haven't had any issues. But other users who are on the same version have hit bugs on a regular basis, and it has been a nightmare to try to support. We're waiting on the final update of version 5.2.9 to get some of these issues fixed, and we're also waiting on 5.2.10 to support Windows 11 and the new version of Mac.

It's a balancing act in terms of security and nothing is perfect. We do have Palo Alto hardware as well as the Prisma Access solution, so we're reliant on Palo Alto's security for a lot of our security needs. I think the security is adequate.

I like the product in principle and I would rate it pretty high, but the bugs that we've hit pull the score down a bit. And then there are the operational support issues that we've had with Palo Alto, in general, that contribute to the score of six out of 10, as well.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Saman Gupta
Professional Services Consultant at Infinity Labs India
Consultant
Eliminates the need for managing and paying for data center resources
Pros and Cons
  • "The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well."
  • "The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon."

What is our primary use case?

The use case for our clients is that they have branch office locations all over the world. Users can connect over the internet and inspection of their traffic will happen on the Prisma infrastructure. Remote users can also connect to the VPN through Prisma infrastructure, and they can connect their data center with the Prisma infrastructure as well.

It's a cloud solution from Palo Alto Networks. Customers just need to establish an IPSec tunnel from their on-prem device with Palo Alto's closest location, which they have all over the world—100-plus locations.

How has it helped my organization?

The benefit of using Prisma Access is that the customer doesn't need to have their own data center. They just need to purchase a Prisma Access license. The customer will save on the labor cost associated with the data center, on the electricity cost, and they will save on the land cost as well. The data center infrastructure is provided by Palo Alto Networks.

Prisma Access is a big change for our customers. Not having to have data centers, and not having to deploy a firewall at each location, makes things simpler.

The solution also enables customers to deliver better applications. It helps them save on costs. It is easy to manage with fewer resources.

What is most valuable?

It's easy to manage. Our customers do not need to worry about what is happening in the data center. With legacy networks, they have to worry about things like the firewall being down and having to go to the data center to replace it. With Prisma Access, they do not need to worry about that. Palo Alto takes care of it. If something goes down in the infrastructure, the Palo Alto team will take care of it.

Prisma Access protects all app traffic, so that users can gain access to all apps. It is important for our clients that all traffic coming through the firewall is inspected. Prisma inspects all the traffic, and if a customer wants to make an exception for certain traffic, that is also possible.

It also inspects both web-based apps and non web-based apps.

In addition, it's really easy to manage. If customers have Panorama they can use it to manage Prisma Access. There is also a cloud application which provides a single console to manage it. Changes can be made on that console and pushed to the customer's environment, which is another way they make it easy to manage. The customer can opt for Panorama or the cloud management application. The latter is free.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation, as well as vulnerability protection, DLP, anti-spyware, antivirus, URL filtering, and file blocking. It provides everything. This combination is very important. When a customer wants to block certain URL categories, they can block them. If they want to exclude any entertainment websites from their environment, they can block them. What we implement depends totally on the customer's environment and what they need. We can play with it and modify things.

Another benefit is that if any vulnerability is detected, such as a Zero-day attack, Palo Alto provides an update dynamically. The patch is installed so that the network is not exploited.

The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well. The ADEM analysis of various tests will give the user feedback such as, "Okay, I'm seeing latency here." We or the customer can then improve on that. If something is blocked that shouldn't be, we can make a change in the policy. It's a good tool to have. It makes the user experience better.

What needs improvement?

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

For how long have I used the solution?

I have been using Palo Alto Networks Prisma Access for around one year, as a consultant. I have deployed the solution for clients all over the world.

What do I think about the stability of the solution?

The availability of Prisma Access is good. I haven't seen any major issues yet.

What do I think about the scalability of the solution?

It is scalable. We scale the solution based on the customer's requirements, after getting their technical design and discussing how they want to deploy it.

How are customer service and support?

I would rate their customer support at nine out of 10. The one point I have deducted is because it is very hard to get support sometimes. There are times when the customer has to wait a long time in the queue. But once they get an engineer, they get the proper support. The Palo Alto engineers are good. It's just that it's very hard to get the engineer on time, sometimes. I believe this is because the solution has expanded a lot. Users are purchasing it but the support is not keeping pace. They are working on that and the support is going to be increased in the future.

How would you rate customer service and support?

Positive

How was the initial setup?

The deployment is simple.

The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.

What's my experience with pricing, setup cost, and licensing?

I'm not involved on the financial side, but I believe the solution is costly.

What other advice do I have?

In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama.

Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: January 2022.
564,322 professionals have used our research since 2012.
Manager Network Engineering at a computer software company with 5,001-10,000 employees
Real User
Centralized operations and management enable us to be more efficient, but configuration is difficult
Pros and Cons
  • "The solution also provides traffic analysis, threat prevention, URL filtering, and segmentation. That combination is important because it enhances the protection and makes the traffic more secure. It also keeps things more up-to-date, enabling us to deal with more of the current threats."
  • "It's not very easy to use. Sometimes it's buggy and there are problems when doing updates. The user interface is okay, but some configuration items are difficult. I would like it to be less buggy and easier to configure, to better streamline the user experience."

What is our primary use case?

We use it for remote access VPN. When our users are working remotely, from home, they can use it to connect to our IT environment.

How has it helped my organization?

An important aspect is that Prisma Access provides all its capabilities in a single cloud-delivered platform. It would be very inconvenient for us if we had to go to multiple places. It gives us centralized operations, and centralized configuration and management that enable us to be more efficient. We don't have to reference or go to multiple places or systems to maintain things and operate.

It has also improved our remote access. We deployed it to replace an older remote-access VPN that we had been using. That is where the usefulness of the product is for us. It provides security and allows our remote users to connect to our environments.

What is most valuable?

Remote access is the most valuable feature, giving remote users secure access to our IT environment. That is the specific feature that we are using it for. Prisma Access provides secure access to the environment, including apps, and some non-apps systems, such as system administration. This ability is very important, almost a mandatory requirement for some of our systems.

It not only protects web-based apps, but non-web-based apps as well. Again, that's important, because for this kind of access, the traffic has to be protected and secure. The fact that it secures not just web-based apps but non-web apps indirectly reduces the risk of a data breach. If all the traffic can be seen it should help keep things from getting into the hands of hackers, helping prevent data from being compromised and preventing access to systems as well. We don't want our systems to be compromised, as they are critical to our services and to our customers.

The solution also provides traffic analysis, threat prevention, URL filtering, and segmentation. That combination is important because it enhances the protection and makes the traffic more secure. It also keeps things more up-to-date, enabling us to deal with more of the current threats.

In addition, Prisma Access provides security updates for threat prevention. Those updates are important in general, of course, for security reasons. The more up-to-date you are, the better you are protected.

What needs improvement?

It's not very easy to use. Sometimes it's buggy and there are problems when doing updates. The user interface is okay, but some configuration items are difficult. I would like it to be less buggy and easier to configure, to better streamline the user experience.

For how long have I used the solution?

I have been using Prisma Access by Palo Alto Networks for a little more than one and half years.

What do I think about the stability of the solution?

The stability is pretty good. There are certain portions that are not very stable, but the core is pretty good.

What do I think about the scalability of the solution?

I think the scalability is pretty good too, although we are a small company so I don't know how big we can scale, but for us, it's pretty good.

We have about a dozen users on it and most of them are technical staff, such as engineers and software engineers. Outside of the IT personnel, even finance people use it because they need access to the systems and applications. We are using it for one part of our environment, but we plan to expand it from 1,000 users to about 5,000 users.

How are customer service and support?

The technical support is pretty good, as is the post-sales support. They are both very good and very attentive. Although the software is buggy, and sometimes it's hard to fix, they do provide the appropriate support levels to help us through.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We have used Cisco VPN, and I have used Juniper and Meraki. We switched because we are standardized on Palo Alto firewalls, so we wanted to use the same vendor for more interoperability.

How was the initial setup?

The initial setup of the solution was complex. The configuration is not easy to understand and requires a lot of expertise from the Palo Alto side. The terms that they use in the product require quite a bit of explanation and clarification.

We used a phased approach. The first deployment we did, as a milestone, took us at least six months. For the deployment, we needed at least two to three engineers: someone from security, someone from networking, and someone from the end-user side. All parties had to be involved.

What about the implementation team?

We used a contractor to help us.

What was our ROI?

The return on investment is that it allows our remote users to access our environment.

What's my experience with pricing, setup cost, and licensing?

The licensing model for this product is complicated and changes all the time, making it very hard for the user to comprehend the configuration.

What other advice do I have?

My advice would be to directly test it before you purchase it to see if the user experience and the complexity of the networking component are things you are able to handle.

The biggest lesson we learned from using the solution is not specific to the solution: We needed to do more proper planning in the beginning. Because the process is complicated, without good planning, it becomes more difficult during the process. The configuration involves many templates. Without planning ahead, they are created in a messy and disorganized way, and that causes further problems when we need to grow and do more setups. Now, we have to go back and correct those messy configurations, and that is something we are still doing.

Overall, the security provided by Prisma Access is very good. It provides the authentication, protection, and encryption that we are looking for for our remote users.

Disclosure: PeerSpot contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Flag as inappropriate
Network Security Engineer at a tech services company with 10,001+ employees
Real User
Gives us centralized control of mobile users, helping us secure and manage their access
Pros and Cons
  • "Prisma Access gives us security from a single point. It controls mobile users and determines how secure their networks will be, including from where they will get internet access. We can optimize things and add security profiles centrally."
  • "I haven't seen any SD-WAN configuration capability. If Prisma Access would support SD-WAN, that would help... SD-WAN devices should be able to reach Prisma Access, and Palo Alto should support different, vendor-specific devices, not just Palo Alto devices, for SD-WAN configuration."

What is our primary use case?

In this pandemic, users want to work remotely and that means we need centralized control of remote users, our branch offices, and the head office. Prisma Access collects everything together and provides us with centralized management, enabling us to manage all our locations and users globally.

It manages on-premises networks, but it has its own infra in the cloud.

How has it helped my organization?

The ability to manage networks reduces costs for our organization. Suppose I have four offices and all four have a firewall device. All of those firewalls will have separate licenses, and each office will have a separate internet connection. The Prisma Access solution means we only need one router at each office and all the internet connectivity will go through the solution. That definitely cuts our internet costs.

It is also very important that Prisma Access provides all its capabilities in a single, cloud-delivered platform. For mobile users, without Prisma Access, I would have to control their traffic through on-premises networks and give them on-premises internet. Suppose that one of those users does not connect through the on-premises VPN. That user would then have access to and control of whatever he wants. The system might be compromised through unauthorized access. That's why, from a security perspective, it is very important to control this type of situation. We could control the system without Prisma Access, but that would require additional solutions. We would have to add another security client to the user's system. With Prisma Access, instead of having two solutions, we have one solution.

What is most valuable?

Prisma Access gives us security from a single point. It controls mobile users and determines how secure their networks will be, including from where they will get internet access. We can optimize things and add security profiles centrally.

Another valuable feature for mobile users is the GP VPN access. It provides security and a firewall as a service, including threat and vulnerability protection. From a security perspective, it is very good.

What needs improvement?

I haven't seen any SD-WAN configuration capability. If Prisma Access would support SD-WAN, that would help. There are some trending technologies in networking with SD-WAN. SD-WAN is nothing more than optimizing your WAN. SD-WAN devices should be able to reach Prisma Access, and Palo Alto should support different, vendor-specific devices, not just Palo Alto devices, for SD-WAN configuration.

Also, Palo Alto only provides corporate licenses. If they would give a license to a non-corporate email ID, for testing and a pre-trial, that would be really great for users to practice with it. Everybody could explore it. Or, for people who are not working in a corporate environment and who want to explore this kind of setup, it would enable that type of test access on a personal email account.

For how long have I used the solution?

I have been working in networking and security for eight-plus years. I work on various infra including routers, switches, firewalls, and different cloud services. I work on various vendors' solutions, such as Fortinet, SonicWall, Sophos, and for the last four years, on Palo Alto.

Prisma Access is a subset of Palo Alto Networks and is a product they recently introduced. We just recently heard that our organization was planning to use the Prisma Access solution.

What do I think about the stability of the solution?

I cannot evaluate the stability based on my limited experience, but I recently called a colleague in a different organization who has been running Prisma Access, and he said it is going well and that he has seen good stability.

What do I think about the scalability of the solution?

We have more than 10,000 users and 40 Palo Alto firewalls, located in different regions. They were involved in the PoC. In the future, we are planning on having Prisma in production.

How are customer service and support?

Palo Alto support is very responsive. They respond immediately and they are very kind and very knowledgeable. They work on cases by priority. In general, when we call them, we are able to talk with them without much delay and they provide solutions that have met our expectations. 

I would rate their support at eight out of 10. I deducted two points because sometimes they do have a very busy schedule and every engineer is busy. Once we reach them, everything works fine.

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

This is a new implementation for SASE in our organization.

How was the initial setup?

The license activation process is very straightforward. When we purchased Prisma Access, they provided a link and, from there, we had to add the serial number of our existing Panorama. After that, everything happened automatically. Once that management setup was done, we were easily able to add a rule and do other configurations.

Our deployment did not take a long time. However, our infra is very big. While the initial setup was done in four to five hours, finishing everything took us one week.

What other advice do I have?

If you are planning on using the SASE model for your organization, I would recommend Palo Alto Prisma Access. It works well, based on my experience.

I have come across many firewalls and I have hands-on experience with various devices, but Palo Alto is the best for everything. It is the best device for infra security. It not only has security, but it works well when it comes to routing and switching.

Overall I would rate Prisma Access at 8 out of 10. It gives us centralized management and reliability, scalability, and ease of configuration.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Clement Johnson
Chief Executive Officer at Clemtech LLC
Real User
Top 5Leaderboard
Helps us keep up with security violations or phishing attacks by bad state actors
Pros and Cons
  • "We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions."
  • "Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance."

What is our primary use case?

My customers are military and federal government agencies. They're really interested in Secure Access Service Edge technology for their endpoints. Palo Alto Prisma is one of the solutions we use to make the SASE solution work for endpoints. For our customers, we normally do SD-WAN, Zero Trust, SWG, and SWaaS. Nobody has really asked for ADEM yet.

How has it helped my organization?

Prisma Access lets us compete in the cloud space.

What is most valuable?

Prisma isn't hard for the average system admin to use, and our customers are interested in Prisma's SD-WAN and Zero Trust capabilities. Government customers are particularly interested in the CASB capability. Prisma protects all app traffic, so our customers can access all of our apps, which is essential. That's one of the main reasons my business and customers use this technology, especially in the COVID-19 environment.

My military customers have users who need secure access to their information from all over the world. If they're using Microsoft Office products or some other app that isn't web-based, they can still access them through the web whether they're using their corporate devices or working on their personal devices using corporate information. Prisma will still protect that from phishing or other attacks.

Having all of these capabilities on a single cloud-delivered platform was extremely important to us. We also liked how well Prisma integrates with other solutions. Other solutions offer the same functionalities Prisma does when it comes to Zero Trust, CASB, and SD-WAN within the Microsoft Cloud. Prisma helps us protect our customers when a user isn't going to the Microsoft Cloud. 

Prisma also helps with traffic analysis, and that is controlled through the Manager. We can see what websites individuals within organizations are going to. For example, we can do cybersecurity analysis, such as phishing and so forth, to determine the cybersecurity risk of a particular site. While Prisma is doing that, we're also sending those Prisma files to our security operations, and they're also doing the analysis. In addition to threat detection, we're doing threat prevention. URL filtering fits into that category because we can determine what website an individual was able to access.

Prisma does segmentation either through the management of user groups or according to network access. Prisma provides millions of security updates per day, which is crucial for my government customers and business partners. It helps us keep up with security violations or phishing attacks by bad state actors. These threats are dynamic.

What needs improvement?

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

For how long have I used the solution?

We've been using Prisma Access for about a year.

What do I think about the stability of the solution?

Prisma is stable. It works as advertised.

What do I think about the scalability of the solution?

Prisma is highly scalable and global.

How are customer service and support?

I rate Palo Alto's tech support 10 out of 10. It's outstanding. But I'd like to highlight the difference between technical support and government technical support because it's two different beasts. I'm talking about Palo Alto's government technical support. They have a separate set of personnel inside the organization that handles government customers.

How would you rate customer service and support?

Positive

How was the initial setup?

Setting up Prisma is pretty straightforward. It takes around an hour to get it up and running. The amount of time needed to fully deploy Prisma depends on the size of the enterprise and the number of units, groups, endpoints, etc. Pre-deployment preparation also varies according to the size of the enterprise. It takes about a couple of days for a medium-size organization. You have to set up the architecture, determine who the users are, set up the IP schema, establish your Zero Trust scheme, set up network access, and send your log files over to the site. All of that takes about three days. Two network engineers can handle setup and deployment. After that, Prisma can be maintained by normal networking staff and at least one engineer.

What about the implementation team?

Integrators from our partners at Tech Data help us deploy. We also get help integrating from my engineers over at TOSIBOX, our proprietary VPN solution.

What was our ROI?

We're now able to go after contracts that require a Zero Trust solution and Prisma's other technology solutions. 

Which other solutions did I evaluate?

We looked at other competitors, including Aruba, HP, Cisco, and Microsoft Enterprise solutions. 

What other advice do I have?

I rate Prisma Access nine out of 10. It has been constantly changing since it was released. Palo Alto is the leader in all these technologies on the Gartner Magic Quadrant. 

I would advise anyone considering Prisma to look at their endpoint protection and evaluate how it fits in the overall enterprise solution, including integration with operational technology.

Which deployment model are you using for this solution?

Hybrid Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Gregory Anderson
Endpoint Security Manager at Catholic Health Initiatives
Real User
Top 10
Stable with good posture checking and relatively easy to set up
Pros and Cons
  • "It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in."
  • "The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes."

What is our primary use case?

We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.

What is most valuable?

Overall, it's a great solution that works quite well.

The solution's most valuable feature is the posture checking. 

It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.

What needs improvement?

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

For how long have I used the solution?

I've probably been using the solution for four years at this point.

What do I think about the stability of the solution?

The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.

What do I think about the scalability of the solution?

The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult. 

You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.

On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users. 

How are customer service and technical support?

I can't speak to the acceptability of technical support. I've never had to contact them.

Which solution did I use previously and why did I switch?

We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.

How was the initial setup?

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

What's my experience with pricing, setup cost, and licensing?

I don't deal with licensing in the company. I'm not sure what the pricing is.

My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.

What other advice do I have?

We're just a customer. We don't have a business relationship with the company.

I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.

Overall, I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PRAPHULLA DESHPANDE
Sr. Security Analyst at Atos
MSP
Top 5
Plenty of features, secure, and simple installation
Pros and Cons
  • "There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI."
  • "There can be some latency issues with the solution that should be improved."

What is our primary use case?

We use the solution to secure and monitor our traffic to the cloud. We are able to route traffic where we need it to go and It provides us with secure direct connectivity to our cloud application console.

What is most valuable?

There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI. The cloud server provides maximum uptime, controls, and overall strong security. 

I have received a lot of good client user experience from the solution.

What needs improvement?

There can be some latency issues with the solution that should be improved.

What do I think about the stability of the solution?

I have found when comparing this solution to others it is very stable.

What do I think about the scalability of the solution?

The solution is scalable. We definitely plan to increase usage, many people are working from home and this solution makes sense being in the cloud. We encourage our organization to utilize the solution to its maximum potential.

How are customer service and technical support?

Whenever we had to use the technical support they have been very knowledgeable about the issue we were facing.

Which solution did I use previously and why did I switch?

I have used other solutions in the past and this solution has better security and conductivity in the cloud environment.

How was the initial setup?

The initial setup is straightforward.

What about the implementation team?

We did the implementation ourselves. The full implementation can take a while, it typically does not take more than a few days. However, the time is dependant on the environment in which the solution is being implemented. It should not take more than 20 days. 

Since this is a cloud base solution it does not require a lot of maintenance. The updates are done from the company side.

What's my experience with pricing, setup cost, and licensing?

The solution requires a license and the technical support has extra costs. The licensing model could improve.

What other advice do I have?

I have learned that moving operations to the cloud is a good thing. 

I rate Prisma Access by Palo Alto Networks a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Head of Pre-Sales at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
It provides secure access for cloud data centers or cloud platforms and is stable and scalable
Pros and Cons
  • "The users can securely access any cloud data centers or cloud platforms. In terms of the features, it has all the features that Palo Alto Next-Generation Firewall has. It is also very stable and scalable."
  • "When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP sub-links to different user groups. It would be much better if we are able to assign the current IP blocks for the sub-links based on the user groups."

What is our primary use case?

We use it to securely access cloud data centers or cloud platforms. If a customer has a lot of workload in the cloud, then from the Prisma Access cloud, they can create secure access to all cloud platforms.

What is most valuable?

The users can securely access any cloud data centers or cloud platforms. In terms of the features, it has all the features that Palo Alto Next-Generation Firewall has. It is also very stable and scalable.

What needs improvement?

When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.

For how long have I used the solution?

We got its distribution about eight months ago.

What do I think about the stability of the solution?

It is very stable.

What do I think about the scalability of the solution?

It is very scalable. The scalability can be based on the number of users or the number of networks. You can expand it the way you want. In Sri Lanka, we have about 3,000 users.

How are customer service and technical support?

Palo Alto's technical support is good because they have multiple methods and licenses. Their premier support seems better.

How was the initial setup?

The initial setup is straightforward in a way, but there are certain things that may require Panorama, which is a centralized management platform. The management of certain things can only be done through Panorama. For the initial integration, a few steps have to be followed, but after that, it is easy to configure and use.

For the console-side deployment, one or two engineers would be enough. A complete user deployment may take a few weeks to complete.

What's my experience with pricing, setup cost, and licensing?

Prisma Access is a little bit expensive.

What other advice do I have?

I would recommend this solution to others. I would rate Prisma Access a nine out of ten.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor
Buyer's Guide
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions.