Prisma Access by Palo Alto Networks Reviews

We have about 2,000 users, and everybody started working from home when COVID hit, so they needed to use Prisma Access to do their work securely. They told us that this was the best thing we'd ever used. Employees said Prisma was a lot better than Juniper and the previous mode access solution we had. 

We implemented it so that it's always on. A user doesn't need to do anything. It connects. Whether you're home or at the office, it cranks up, and you don't have to do anything.

The always-on feature is fantastic for the users. They don't have to think about it. When they go to a coffee shop to do work, there's no need to remember to toggle the VPN on. We'll protect them. URL filtering is the same at home as it is in the office. We can apply policies for URLs wherever our employees work. We see all their traffic and log everything they do as if they were in the office. 

When COVID hit, we suddenly had 2,000 users that all needed to use a VPN solution. We had to abandon our previous VPN solution because Pulse couldn't accommodate such a large volume of users at one time. We stood up this cloud environment and switched everybody over to the Palo Alto Prisma Access, GlobalConnect, and GlobalProtect.

The user experience was so much better. Our executives were impressed. We got many compliments. Our senior team tends to worry about security, but they didn't need to fret over our VPN. 

It's a full firewall, so I can apply firewall policies just as well for web-based apps as I can for offline apps. I definitely think that reduces the risk because I can write any policy I want.

Palo Alto has several other advanced threat protection features. In addition to the normal application and threat protection, it has DNS security, IPS, IDS, etc. I run their traffic through all of the impressions. It's not just URL filtering and decryption. Prisma Access offers a full firewall feature, and I take advantage of it.

Prisma Access is a Palo Alto firewall in the Cloud that works just like an on-prem firewall. I can manage it from the same platform I use to manage all my other firewalls. I write a policy in one place, and it goes into effect everywhere. It's extremely simple.

The security updates are definitely in there as well. I set it up to dynamically download and store the updates as soon as they're available. When Palo comes out with an extremely hot threat, I'm automatically blocking and protecting against it—not just on our internal corporate network, but for all remote VPN users.

That is an extremely important feature to have. You pay for those subscriptions, so why would you not take advantage of the people writing protections for you? Why aren't you installing them automatically? 

I actually worked for a company that did not automatically install things. They thought we might break something. All the places where I had worked in the past automatically installed updates, and we never broke anything. It just worked. Palo Alto is really good about doing it right and protecting the customer.

Palo Alto Prisma 10 came out over a year ago. Palo Alto added this identity management feature. The legacy way Palo Alto selected which user is sitting on an IP address it passes through has been clunky.

Prisma Access still cannot use that feature, and it's been out for a year. Until they upgrade the Prisma Access backbone to 10.1, that integration will not be there. It's a powerful feature, and it's much more than collecting user IDs. Hopefully, they will add it this month.

I have been using Palo Alto firewalls for about 10 years now.

In the past two years, we've had no issues with the reliability of their cloud environment.

It scales up to thousands of users with no problem. We plan to go from 2,000 to 20,000 users. I don't need to do anything to scale up except buy more licenses. 

I rate Palo Alto support a nine out of ten. The presales and support teams are fantastic. They have a technologically proficient person to help you through issues. They can bring someone else in if they don't. We changed support groups. Initially, we were a mid-tier group, but they switched us to the large enterprise team.

Positive

We used a Pulse VPN solution, and I also worked with Cisco AnyConnect in the past. In fact, that's probably what we're going to kick out the door in favor of GlobalProtect.

Pulse VPN used on-prem boxes. Our devices had reached the end of their usable lives, and I couldn't support them. It was going to cost a lot to buy new boxes. For that same amount of money, I could move everything to a virtual cloud environment. I don't need to maintain the hardware anymore. Instead of one box here in the United States, one in Europe, and one in China, I have 100 boxes worldwide.

Setting up Prisma Access is somewhat complex. You must configure many little pieces ahead of time to build the entire portal and LAN. It's slightly painful to ensure everything is working correctly. Do you wrap the comprehensive policy around everything you're trying to do? Configuration is not straightforward.

The solution doesn't need care and feeding once it's set up. It is just like another firewall. Adding rules isn't any different from setting restrictions on a local on-prem firewall.

I set up Prisma Access by myself with the help of Palo Alto's tech support and presales staff.

Prisma Access is worth what we pay for it, but it's hard to quantify. All of our senior staff would say it's worth the cost because it gives us peace of mind. They don't need to worry about security while they're on the road. We can protect all our remote users as well as our in-office users.

Palo Alto is the Cadillac solution, so their products are pretty expensive. That's just the way it is. Their solution surpasses anything else. Cisco AnyConnect, Zscaler, and all of the other products don't compare. Palo Alto is the market leader with the most features. It saves you work, and you don't have to worry about it.

The only license is GlobalProtect. That's the only part that you need to buy. The other features are all included. 

I was already set on Palo Alto. We were doing a PoC with Palo Alto when COVID hit, and the codes did it for me. We had to get something stood up. Our hands were tied with Pulse because we couldn't support 2,000 users rushing in the door. The box would just tip over to that.

I rate Prisma Access a nine out of ten. There are definitely things they need to fix. Most people are familiar with VPN technologies. You ensure that it's connected and running the antivirus, etc. All those vendors do pretty much the same thing in that regard.

You can force Cisco into always-on mode as well. It's just different. Palo Alto is integrated into one Palo Alto management platform. There's no need to switch between various consoles to manage remote access. Everything logs to the same place as well. It's a single pane of glass for my corporate and my remote user logs.

We use the solution for VPN connection for remote work.

The most important feature of the solution is that it works transparently, and you don't need to enter a new password after restarting the PC. Prisma Access by Palo Alto Networks is a seamless solution. People don't need to know how the infrastructure is working. It just seamlessly works for them.

The most valuable features of the solution are encryption, compliance, and stability.

The solution’s stability could be improved.

I have been using Prisma Access by Palo Alto Networks for one month.

I rate the solution a nine out of ten for stability.

Prisma Access by Palo Alto Networks is a scalable solution.

I rate the solution a nine out of ten for scalability.

The solution's initial setup is pretty straightforward. The solution is easy to implement.

The solution's deployment took two weeks. Compared to other products, the solution has a pretty fast deployment.

We have seen a positive return on investment with the solution because remote work is very important for us.

I would recommend Prisma Access by Palo Alto Networks to other users.

Overall, I rate the solution a nine out of ten.

We use this solution for container security. We use it in an environment with 200 developers.

We use its latest version and the version prior to the latest one.

It helps with container security. Month by month, developer accounts in the company are increasing. Prisma Access supported and helped us very effectively in securing their workstations and working environment.

Prisma Access is good for securing access and privileges. Our developers have a security background, and they have knowledge of cybersecurity. It gives us assurance that they would not be able to do anything as an insider cyber attacker. They would not be able to use their environment to jump to other servers because such functions are prevented by this solution.

Prisma Access can protect all app traffic, but we classify the apps inside the company and choose the critical and the medium-risk level apps. This protection is important security-wise. On the IT side, it is important. It is also important on the business side, but they are only concerned about the price. We tried to connect with Palo Alto to get a discount on the first and second years to make the company get the maximum benefit and see the benefit of this solution. After that, they can remove the discounts, and it will be the decision of the company whether to continue with this solution or not.

Prisma Access secures not just web-based apps but non-web apps as well. However, about 70% of our applications are web-based applications. If they do not get the discounts, we will only use them for critical web-based applications. Based on my experience, Prisma Access is good not only for web-based but also for non-web applications. It is effective.

Prisma Access provides traffic analysis. We are also using Cortex XDR. It is Palo Alto's XDR solution that also supports us for traffic analysis. By using both of them in one environment, we have an end-to-end, more holistic, and zero-trust approach.

Prisma Access provides millions of security updates per day. We are also from the cybersecurity side, so we understand that it is a new product. It has only been around for two or three years. In every new product, such updates are welcomed, but we hope that in the next few years, there will be fewer such updates and more targeted updates.

Prisma Access enables us to deliver better applications on the security side but not the business and IT side. We are now more confident that our applications are secure.

Its front end is user-friendly. It is easy to use for us. We are familiar with other Palo Alto products. Its interface is similar to other products of Palo Alto, so it is familiar and easy to use for us.

My experience with Prisma Access has been perfect. It is good considering the fact that our networks are mainly based on Palo Alto products. We are using Palo Alto's next-generation firewalls and Cortex XDR, so it is good to have Prisma Access in the infrastructure to get a fast network environment.

Its integration with non-Palo Alto products can be improved. Currently, it is easy to integrate it with other Palo Alto products such as Cortex XDR. It integrates well with other Palo Alto products. A major part of our network is based on Palo Alto products, but for those companies that use multi-vendor products in their infrastructure, Palo Alto should optimize the integration of Prisma Access with the network devices from other vendors.

They should also increase their support team. There is scope to optimize their support.

We have been using this solution for about eight months.

Stability depends on the company that has developed a solution. As a vendor, we see Palo Alto as a stable company. Their stock value has increased year by year. Based on our communication with the headquarters of Palo Alto, we see that they are investing more and more in their cybersecurity solutions in terms of financials, features, and talent. Therefore, it is one of the stable solutions.

It is scalable for now. It has only been eight months since we have applied this solution in our environment.

On the client side, there are about 200 users. Overall, there are 500 users on the client side and our side. Most of them are developers and network security and IT security people. In our SOC center, they are monitoring this solution too.

It is being used on a daily basis. We have integrated this solution with the SIEM solution, and when an incident or a request comes, we focus on this. On a daily basis, we have some alerts and incidents coming.

Their technical support is good, but in some cases, when we asked them some questions, they took several days or hours to discuss that internally and come up with the answers from their side. However, it is acceptable because we know that it is a new product.

We did not have any solution for providing a secure environment on the developer's side. It is our first year, and it has been surprising and effective for us. 

The deployment of the key features of the product took about three months, but that was because of the delays from our side and the client's side. 

It was a standard deployment. We took sample applications and tested it on them as a PoC. We became familiar with the security function of the product, and we realized its benefits. We then applied it part by part to other web applications and non-web applications.

It is deployed on the cloud. We use Google and other clouds.

For the initial setup, we got support from the Palo Alto support team, so it was good. We are satisfied with them.

In our cyber team, we have around 40 experts. As a project team, they also engage. We use their support too.

For its deployment and maintenance, we have about 12 people who are actively engaged, but overall, there are 30 people engaged with this project.

In terms of pricing, considering that it is a two or three years old solution, they should apply big discounts for the next two or three years. This approach will be better for them to capture the market.

There are no additional costs. After purchasing and acquiring this solution, we also got support. 

We evaluated Cato Networks, Check Point, and Prisma Access. We went for Prisma Access because of its features and its integration with other cybersecurity solutions. Its integration is easy, and it takes less time to integrate it with other cybersecurity solutions. 

There are also open-source applications. They are also good, but they need more tuning and more time to get to the level of solutions like Prisma Access. A benefit of these open-source solutions is that you can tune them according to your environment. They are also free, so there is a cost-benefit.

It is one of the top solutions in the market. I hope that they will continue to tune and optimize their product based on the feedback that they get from the users. This way, it will keep its place among the top ten solutions in the global market.

Overall, I would rate Prisma Access an eight out of ten. It is good, but they should improve their support and its integration with non-Palo Alto solutions.

I recently worked on a huge project for a new entity of a major semiconductor company. We had a greenfield deployment where we were building everything from scratch. The primary use case was to build a solution that meets the following requirements:

• Provides Zero Trust Network Access for all remote users.
  
• Provides seamless performance.
• Avoids all bottlenecks that the traditional VPN concentrators have with regards to being a single point of failure by putting the entire global traffic to a particular VPN concentrator. 

On the secondary front, we did a couple of integrations with Cisco Viptela. It is an SD-WAN solution for ensuring traffic optimization, traffic steering, branch-to-branch connectivity, and branch cloud connectivity. We had to ensure adequate performance and zero trust and have metrics and security compliance with all standard regulatory frameworks such as GDPR for the European region. This was a huge deployment with a budget of close to 2 million dollars.

The plugin version is 2.1.086 innovation, and the platform version is 2.1.

It protects all app traffic so that users can gain access to all apps. There are definitely a lot of integrations. Prisma Access also derives the App-ID capability from the Palo Alto Next-Gen firewalls, which is a USP of Palo Alto. So, it inherently has the capability to see and monitor all the traffic and understand all applications. If an application is being tunneled through different ports or protocols just to masquerade the traffic to bypass the traditional security controls, it won't work. Technically, you cannot bypass any of the security controls that Palo Alto has.

The Single Pass Parallel Processing (SP3) still works with Prisma Access. So, you can have all the integration that you want. It also integrates very well with Prisma SaaS, which is a new solution from Palo Alto.

It can build IPS tunnels with all vendors that you have. It could be a very small router or a firewall from any vendor. With regards to protocols, traditional IPS used to have a couple of restrictions in terms of inspection and other things, but Prisma Access understands every application and every packet. It can see the higher progress of a session. It is a great product to work with.

It secures both web-based and non-web-based apps. Traditionally, I used to have problems with web-based and non-web-based traffic. Prisma Access is a full tunnel, and it is fairly agnostic to the type of traffic. It recognizes everything such as a torrent, FTP, or UDP session. It recognizes web applications, non-web applications, or custom applications. We have a couple of applications that are Java-based, custom developed, and custom managed. It is capable of recognizing every application.

It understands all applications and all standard and custom signatures that you can configure. With regards to the data leaks, it has a network DLP functionality. So, you can potentially configure regex or something else to inspect the traffic and look for patterns, such as credit card numbers and social security numbers. You can define the patterns and put a monitor for notification.

It provides all capabilities in a single, cloud-delivered platform.

It provides traffic analysis, threat prevention, URL filtering, and segmentation. Its usage for segmentation is less because we are also using their firewalls. On the transport side, we are using SD-WAN. We cannot do away with any of these features simply because we expect this platform to provide Next-Gen filtering capabilities. URL filtering is definitely important because we don't want to buy another dedicated solution. Threat prevention is like antivirus and anti-spyware, and all IPS functionalities are absolutely mandatory for us. Technically, it does everything that a typical Next-Gen firewall is supposed to do, but it does that in the cloud. So, you get all the scalability and visibility. We absolutely want all these features, and that perhaps was one of the reasons why we went for Prisma Access instead of another product.

It provides millions of security updates per day, which is important to us. There is something called AutoFocus, which is their threat intel platform. We also get a lot of updates from Unit 42, which is their threat intel feed. We have incorporated that with our platform. It is absolutely essential for us to at least know all known threats so that we can take steps to fix them well in advance. There were recent attacks with regards to SolarWinds and other solutions, and we were able to get timely feeds and notifications from Palo Alto automatically through the signature updates. We also got proactive updates from the Palo Alto technical support. This is absolutely necessary for us, and it keeps all known threats at bay.

Our implementation is still in progress, and we use its Autonomous Digital Experience Management (ADEM) features for performance-based monitoring, checking the latency, and checking the end-user experience not only based upon a couple of traditional metrics but also based on the actual ones. We don't have a standard benchmark to compare it with, but we definitely have complete visibility of who is doing what and who is getting what type of end-user experience. If someone is working from Seattle and needs to connect to Oregon, we definitely don't want to have the traffic all the way to some data center and then take a zig-zag route. We want it to follow an optimal path. It does provide us actionable insights into what's happening, and we can take corrective measures in the long run.

ADEM provides real and synthetic traffic analysis. We do have a security operations team that tests and ingests into SIEM/SOAR platforms that do automatic remediation. This is quite crucial because if there is suboptimal routing, it totally destroys the end-user experience. We check for the concentration of the users. Especially at this time when most of the users are working from home or remotely, we need to have such insights so that we can enable all points of presence within Prisma Access to ensure a better end-user experience.

The model itself is great. It is a managed firewall. If you look at it purely from a technical standpoint, it is a globally distributed and managed firewall platform that sits on top of Google Cloud and AWS. It has a global presence, and that is one of the most important things because this particular client for whom I was building this design has a presence across the globe, including China, where there are few constraints. Its presence and performance are super awesome. 

It is a natural transition from Palo Alto Next-Gen firewalls. Of course, people who would be managing this platform need some knowledge transfer and training, but it is not a huge leap. That's the beauty of it.

It is geographically dispersed, and it sits on top of Google and AWS platforms. Therefore, you don't face the standard issues, such as latency or bandwidth issues, that you usually face in the case of on-prem data centers.

It is fairly simple in terms of administration. It is derived from Palo Alto Next-Gen firewalls that have been in the market for more than a decade. It has evolved from Palo Alto Next-Gen firewalls, and there is only the difference of naming convention. The web interface and the way of managing things are fairly easy.  

It does whatever they're promising about this particular product. It has all the features that they say. We are leveraging quite a few features, and there are not many features that we are not using. All the features work the way they say. 

Whatever we've configured is working as promised in terms of security, and I'm fairly certain about the security that it provides. From the security aspect, I would rate it a 10 out of 10.

It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work. 

I've been using this solution for about one and a half to two years. I've been extensively designing, implementing, troubleshooting, and working with Palo Alto for feature edits and update suggestions.

The solution itself is fairly stable. We never faced any outages because of the underlying platform. So, its stability has been good, but I would like more visibility into what is going on inside Palo Alto's infrastructure. 

They have also been fine in terms of the maintenance that they have been doing outside the maintenance window.

It is scalable. It sits on top of Google Cloud and Amazon AWS, so it is geographically distributed. The only place where we have connection issues is in China, but this is not because of Prisma Access. It is more related to the data privacy and regulatory restrictions that China has. 

When we started, which was two months ago, we had about 5,500 users. We probably have more than 1,000 concurrent users. We have 15 or 16 sites. We're going up at quite a good pace, and we would have somewhere close to 30 sites.

We have a premium/enterprise license. We never had any problems with getting support, especially on weekdays. Having a premium/enterprise license definitely adds a few points. I would rate them somewhere between a seven and an eight. That's because there is a lack of visibility into what happens inside the infrastructure, and because we can't pinpoint a specific area to them, they need some time to look at where things are wrong.

With regards to backend maintenance, they have their own schedule of maintenance for their infrastructure. They keep us updated about that well in advance. The preventative maintenance and the communication from them have been fairly smooth, and we never had any issues. 

It was fairly straightforward. We started with a couple of proof of concepts, and we've been adding things. We are gradually getting new locations, new sites, and new deployments, and we never faced any challenges in terms of the capabilities of the platform. It has been fairly smooth.

This was a huge implementation with a couple of dozen sites, and it involved designing, bill of materials, procurement, and implementation. The designing phase took about two months. The implementation took about a month.

The beauty of it is that we just have a team of five people managing the entire implementation. When it goes to the operation stage, we would definitely need more people because there are different pieces to it, but for the design implementation, we just have five people to manage everything.

We implemented it ourselves. 

This was a greenfield deployment, and we built it from scratch. So, there isn't much of a comparison between what used to happen in the past and what is happening now. However, because it is an OpEx-based or typical cloud-based model where you get charged for whatever you are using, it would potentially bring down the cost of consumption in terms of bandwidth. For example, if we have currently enabled all features, and tomorrow, we find a feature to be redundant and we don't want to use it for a particular location or data stream, we can do away with a couple of controls. We will only get charged for what we are using. It is security as a service and network as a service. As of now, I don't have the exact numbers for the savings that we are looking at, but down the line, it would definitely translate to huge savings in terms of OpEx and CapEx.

All such platforms require skilled professionals, and because it is derived from traditional Palo Alto firewalls, it is easy to learn. You don't need to spend a lot on training, and as of now, that's definitely a very important factor for us.

We created a bill of materials and passed it on to a third party. It probably was WWT, but it was sourced by the client itself.

Based on what I have heard from others, it is a pricey solution as compared to its peers, but I am not sure. However, considering the features that it offers, it is a break-even point. You get whatever they are promising.

We had used Zscaler for a proof of concept, but we wanted segmentation capabilities within the data center as well as for on-prem locations. We wanted to have local segmentation capabilities. We wanted a solution that scales inside the cloud but also on-prem. Zscaler didn't have that model in the past, so we went ahead with Prisma Access. That was the only PoC that we did in addition to Prisma Access.

With regards to other integrations, the integrations with Cisco SD-WAN still exist, but these are not a competitor of Prisma Access. These are just integrations.

If it is a natural transition from a purely on-premises model to a hybrid model where you have a significant number of sites or you are moving towards Zero Trust Network Access for providing a decentralized VPN solution, you should definitely go for it. It provides the entire security stack, so you don't have to keep on adding different solutions and then try permutations to make them work together. Prisma Access does everything beautifully. You don't need a lot of training or develop a lot of skills to manage the solution because it has evolved from Palo Alto Next-Gen firewalls.

For DLP, we are not using Prisma Access because it is a network DLP. Being a semiconductor company, we needed a couple of controls to ensure that the entire flow of the communication is very well defined. Therefore, we are using different tools that auto-discover, and then we put controls. For example, we have endpoint DLP, network DLP, and email DLP. We don't want to rely on Prisma Access because it sits outside of our perimeter. We want to have as much close control over the source as we can.

It didn't enable us to deliver better applications because this implementation was done in a silo. This project was not done very sequentially. It has been quite sporadic. The way the solution was built, applications were not at the center. We built it with a top-down approach. It was our first cloud-deployment model, and we haven't faced any problems with any of the standard applications. All the custom apps that we are bringing from the original plan are working the way they're supposed to. So, we never faced any challenges with regards to the performance or the security after deploying these applications. The entire setup is fairly agnostic to the types of applications that we already have, and a couple of them are not standard applications like Office 365, Workday, etc. They are fairly custom apps that you use in your lab environment or manufacturing utilities, and it works with them.

I would rate it a nine out of 10. Except for the visibility part, it is great. I am taking a few other client projects that are for Fortune 100 companies, and I am doing a lot of refreshes for them. Prisma Access is definitely going to be at the top of my list. It is not because I know this product inside out; it is because of the experience that our clients are getting with it, the security it provides, and the proactive updates that Palo Alto is pushing for Prisma Access.

Our primary use case of Prisma Access is to provide secure Internet access for users regardless of their location. 

It is also used for secure access to internal applications and secure SaaS applications, ensuring the same level of security whether users are working from home, the office, or any other location.

Prisma Access has allowed us to reduce the number of agents from multiple to just one single agent. It integrates several components, such as IPS, DLP, remote VPN, and SWG, into a single console, which has helped reduce costs and improve the return on investment.

The most valuable feature of Prisma Access is its ability to provide enterprise-class security for both Internet and internal application access. Unlike other OEMs that can only secure Internet access, Prisma Access can secure both internal and Internet-based application access.

The Prisma Access could improve in terms of adding more machine learning and AI capabilities to automate tasks such as incident response. This would enhance the overall security posture by enabling better and faster management of security threats.

I have been working with Prisma Access for the last five-plus years.

In terms of scalability, Prisma Access has adapted well to our organization's growth needs. Most customers are either planning to move to SASE solutions or have already moved, making Prisma Access an excellent choice for scalability.

I would rate their technical support a nine out of ten.

Positive

Before using Prisma Access, we used multiple products for remote VPN, SWG from vendors like McAfee and Forcepoint Proxy, and other VPN clients from vendors like Pulse Secure VPN, Fortinet, and Palo Alto. We switched to Prisma Access for its integrated approach.

Prisma Access has significantly improved our ROI by combining multiple technologies into one single solution. It reduces the need for multiple agents and products, which brings down the overall cost for our customers.

The licensing cost of Prisma Access is calculated per unique user, with each user being able to connect up to eight devices. If a user is no longer active after thirty days, that license becomes free. There is flexibility in terms of exceeding the license count, as it operates on a trust-based license model.

Prisma Access is best suited for enterprise and mid-level customers. It may not be the best fit for the SMB market due to higher pricing. I'd rate the solution nine out of ten.

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

Our use case started with the pandemic. Before the pandemic, our users worked in our office, but when the pandemic started our users were at home. They wanted to have the same kind of access that they had on-premises. We deployed a network and mobile services for them so that they could have the same experience sitting at home and access all the infra in the office. We use mobile access to connect to Prisma Access, and from Prisma Access we built a site-to-site VPN to connect to the office network so that they would have the same kind of access.

It is very helpful because it is protecting the applications that are behind it. It has so many components that we can use to secure our applications.

Prisma Access has all the features from Palo Alto. But the visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used. It gives a great view of what is happening, of everyone who is connected. That is one of the things I like.

It provides traffic analysis, threat prevention, and URL filtering, although I'm not sure if it provides segmentation. These features are very important. We wanted to filter traffic according to our standards. The URL filtering helps to filter the traffic so that we only send the traffic we want to on-premises or the internet. Without this, it would be very tough.

Also, it protects all your app traffic. It's like a next-generation firewall. It does everything.

For a non-technical guy, the reporting of Prisma Access is very easy. You need to know the navigation tabs, but it only has so many of them and you can do many things in the tabs. It is pretty easy because there aren't that many pages or options.

And the updates, like URL updates, IPS, IDS, and any WildFire subscription updates are very helpful for protecting our infra.

There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin. An administrator should be able to look at it from a configuration perspective and not the management and maintenance perspectives.

We started using Prisma Access by Palo Alto Networks with the pandemic in 2019, so I have been using it for over three years.

Initially, they were coming up with a new plugin every one or two months, and you would have to download it. But now, I don't see that. Their team continues to work on it, but as a customer, I see it as stable. 

They're using the resources of GCP so if GCP in a specific region has some issues, it will impact Prisma Access. They have to look at some kind of backup.

I don't see it as a scalable solution because it is running on top of VMs. They say it is scalable, but we didn't see it working that way for one or two incidents that we had. But later, they had more firewalls in the cloud and kept them on standby. Since then, I haven't seen that issue.

I have implemented the solution for 100,000-plus users, and most of them are connecting from home. It reduces the load on our on-premises firewall, handling posturing and VPN. It is a dedicated project, meaning everyone, all of our employees, uses the same solution to connect to the infra.

When I started working with their support, the product was new for them as well so they were not all that familiar with it. They need to improve the technical support staff.

Positive

We were using Cisco AnyConnect but we replaced it, in part, with Zscaler and mostly with Prisma Access.

Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.

When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.

The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.

Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.

We evaluated Zscaler Private Access and multiple other cloud solutions.

Compared to Zscaler and other services, the advantage of Prisma Access is that it supports both data and voice. The other vendors don't support voice. With Prisma Access, we don't need to look for any other services or solutions. It supports your data and voice services as well and that is one of our most important requirements.

At the end of the day, Prisma Access is nothing but a firewall that is hosted in the cloud. It depends on your capacity, the users that are connecting, and the VM you are running in the backend. It has all the capabilities and subscriptions that we were using on-premises. I don't see any challenges in terms of security. It is secure. They haven't compromised on anything with Prisma Access. It tries to protect us as much as possible.

It's crucial for us and is helping us a lot if you look at it from a business perspective.

We can do a lot with it and use it for eight to nine use cases. It supports your data and voice and, as I noted, I haven't seen any other product support both. Prisma Access is the best product. It depends on what you're looking for. But if you have a lot of requirements, you should go with Prisma Access.

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

It's reliable.

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

Positive

We used a traditional VPN solution, but nothing like Prisma Access.

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.