Prisma Access by Palo Alto Networks Reviews

We could write a book about our use cases. It provides best-of-breed optimization in CASB and SASE together. Our primary use case is enabling users from all walks of life, and all over the planet, to have remote access in the most optimized way.

Prisma Access is a SASE-oriented solution, making it a hybrid and SaaS. Of course, it's built on Google's high-capacity backbone, but it is provider-neutral.

With the centralized remote access solution we had before, F5, we used to see a lot of latency and a lot of intermittent disconnects. But our people have reported that they like Prisma Access so much better in terms of speed and how it operates. The user experience is so much better in terms of throughput. They don't see as much lag. Of course, there are users who don't have the most stable internet connection, but even for those users, by optimizing data reduction, it works better. We can't really help users who have some sort of wireless connection, because if their underpinning link is not good, this overlay won't do much. But for users who are using a satisfactory type of connectivity, even for people who are on 10 Mbps, it works well.

In addition, from an application accessibility standpoint, the integrated features that come with the QoS mean you can choose what types of applications get higher priority than others. It optimizes applications for QoS prioritization.

At the end of the day, the most valuable feature of Prisma Access is user accessibility and performance. For us, it all comes down to how well this product performs.

In addition to that, we feel that the security is absolutely spot-on, really top-notch. It's the result of all the components that come together, such as the HIP [Host Information Profile] and components like Forcepoint, providing end-user content inspection, and antivirus. It incorporates DLP features and that's fantastic because Prisma Access makes sure that all of the essential prerequisites are in place before a user can log in or can be tunneled into. Until these requirements are met at a satisfactory level, it doesn't let you in. Once users are onboarded, they are going through Palo Alto's firewall inspection. Users' traffic is encapsulated and inspected well. It gives us the flexibility to apply various policies and inspections. All of these come into play and give us peace of mind that this platform is best-in-class in terms of security features and tool integration.

The architecture is essentially a fabric-type SASE-based architecture. From a technical leadership standpoint, we are very pleased and satisfied with how efficient the product is, especially, again, when it comes to security.

One of the features that we really like in Prisma Access is its integration capabilities with Palo Alto's other platforms such as Cortex Data Lake. The best thing about it is that it gives us visibility and clarity. We can say, "This is what our threat metrics framework looks like. Yesterday we had this many potential threats, and out of that, this many have been fended off or mitigated." It gives us a really good single pane of glass that tells us what our attack surface looks like and how things have been mitigated." It gives us data that we can utilize for the benefit of our users and our senior executives.

From a user standpoint, it's very easy and very usable. Our users have used F5's products and it's not much different. There can be intricacies in that you have to have your laptops' antivirus protection updated, but that's not a big deal. Those are the types of things that users have to comply with anyway.

Traffic analysis, threat prevention, URL filtering, and segmentation are some of the features that come with Palo Alto itself. On the cloud controller platforms you have the ability to enforce controls, including things like the application layer inspection, granular policy constructs, as well as app-ID-based and application layer inspection. The inspection engines, such as the antivirus, malware, spyware, and vulnerability protection, are integrated into Palo Alto's cloud services platform. These features are quintessential to our entire cloud services security fabric. Users are users. You never know what's going to happen to a user. If somebody goes to Madagascar or to Bali and gets compromised, it is our job to protect that user and the organization. All of these interrelated features come into play for those purposes.

The challenges we have faced are not connected with Prisma's core fabric, but more with the end-user. To use the GlobalProtect client and meet all the requirements, your laptop or your end-user system has to be at a point where things are up to date. It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there.

It's always a challenge when people at the executive level start complaining because they're using the latest version of the MacBook Pro and it's not playing very well with Prisma.

I used the predecessor to Prisma Access, which was GlobalProtect Cloud Services and I have been using Prisma Access for a good two years.

I wouldn't call their technical support a pain point, but they need to improve it. That is one of the biggest drawbacks.

It was pretty straightforward at the PoC level. But the rollout of something like this across an enterprise is never like a one-shot thing. We went through some bumps and bruises and roadblocks along the way, but, overall, it was a pretty straightforward path.

The entire onboarding took around four months for our approximately 20,000 users.

On a day-to-day basis, we have security engineers and SMEs managing the platform. But there are not as many intricacies and challenges as there are in some of the other products that we deal with. From administrative, operational, and management standpoints, the way Prisma has let us do it, things are pretty efficient.

We used Palo Alto's professional services.

It's pricey, it's not cheap. But you get what you pay for.

My most crucial advice to colleagues who are looking to purchase this product would be to look at it from a 50,000-foot point of view, and then narrow it down to 40,000, 30,000, 20,000, and 10,000. The reason I say that is because, at the 50,000-foot view, the executives care about the pricing and the costing model; it's all about budget and how they can save the organization money.

If you are in a high-end organization, this is the product you had better get, hands-down. If you are an executive at a highly visible bank, please get your head out of the sand and see what is best for your organization. If you are a manufacturing company that doesn't need this level of integrative security, go get something else, something cheaper, because you don't need this extensive level of security controls and throughput. But if you want to get the best-of-breed, then Palo Alto's product is what you should definitely get.

Our journey with Prisma Access started out with a battlecard comparison of what Prisma Access had to offer versus what ZPA [Zscaler Private Access], Symantec, and F5 had to offer. In doing all of these comparisons, we realized that Palo Alto had built a cloud services fabric that is user-first and security-first.

If I compare Zscaler and Prisma Access, not all of the security controls that are in place with Zscaler are inherent to their own fabric. Zscaler has done a fantastic job with ZPA in terms of putting the components together. But when it comes to security enforcement, they are lagging behind on some things. One of them is the native security control component enforcement on their fabric. We feel like that is not done as efficiently as Prisma access does.

In a simple scenario when doing a side-by-side comparison, if we were onboarding and providing access to an end-user using ZPA, they would be able to get on and do their job fine. But when it comes to interoperability, cross-platform integration, and security enforcement, we feel that ZPA lacks some of the next-gen, advanced features that Prisma Access has to offer. Prisma Access provides us with cross-platform integration with things like Palo Alto AutoFocus and Cortex Data Lake, which is great. ZPA does not provide all of these extensive security features that we need. In a side-by-side comparison, this is where Prisma Access outshines its competitors.

With all of that in mind, the big question in our minds was, "Well, can you prove it?" PoCs are just PoCs. Where the rubber meets the road is when you can prove your claims. Palo Alto said, "Okay, sure. Let us show you how you can integrate with your existing antivirus platform, your existing content filtering platform, and your existing DLP platforms." We gave it a try. And then, we did various types of pen testing ourselves to see if it was really working the way they said it would. For example, could you take an encrypted file and try to bypass the DLP features? The answer was no. Prisma Access made sure that all of the compensating controls were not only in place but also being enforced. "In place" means you have a security guard, but you have told him to just keep a watch on things. If you have a robbery going on, just watch and don't do anything. Let the robbers do whatever they want. Don't even call the police. Prisma Access doesn't just watch, it calls the police.

There are some encrypted traffic flows that you're not supposed to decrypt and intercept, but even for those we have constructs that give us at least some level of inspection. Once tunnels are established, we have policies to inspect them to a certain extent. We try to make sure that pretty much everything that needs to be inspected is inspected. All of this comes down to accountability and to protecting our users.

Organizations with a worldwide footprint and distributed-services architecture require best-in-class security. Health organizations and pharmaceutical companies also do, because they are dealing with highly sensitive patient data or customer data. Organizations like these that have public, internet-facing web applications, need top-of-the-line security. Prisma Access, from an interoperability standpoint, addresses the big question of how well their web-facing applications are protected from potential malicious attacks. And the answer is that it is all integrative, all a part of a fabric with interrelated components. It protects the users who are accessing the corporate network and the corporate network from any potential risk from those users. Prisma Access gives us the ability to design architectural artifacts, like zones and segments, that really make for effective protection for web-facing components and internal applications.

In terms of Prisma Access providing all its capabilities in a single, cloud-delivered platform, not everything gets on the cloud. You cannot take a mainframe and put it on the cloud. You have to understand the difference between Prisma Access and Prisma Cloud. Prisma Access is all about user accessibility to enterprise networks in the most secure way possible. Prisma Cloud is the platform to integrate various cloud environments into a unified fabric.

As for Prisma Access providing millions of security updates per day, I don't know if there are millions, but it is important. We take advantage of some of the automated features that Palo Alto has provided us. We try not to get into the granular level too much because it increases the administrative overhead. We don't have the time or the manpower to drill into millions of updates.

We use the product to access resources from outside networks.

They could add more flexibility and improve product performance.

I've been using Prisma Access by Palo Alto Networks for about one or two years.

The technical support services are good, and they provide faster responses. However, there is room for improvement regarding the support for local languages.

Neutral

Competitors' advantages for the product lie in their ability to cover different security aspects, such as DDoS protection, DNS security, and WAF.

The setup is relatively straightforward. Typically, distributors or partners handle the implementation process.

Palo Alto products are expensive, but they offer efficient features. We have to pay additional costs for maintenance and support services.

I typically recommend Prisma Access to private companies, especially small or medium-sized ones.

Integrating the product with other tools is easy as it offers APIs. I rate it a seven out of ten.

I use the solution in my company to work with the remote access VPN. With the tool, users connect their office network and data center networks with the infrastructure from outside places, like home and other sites, so our company can use the remote access of the tool.

The most valuable features of the solution are in the areas of the secure remote access it provides while also being user-friendly.

From any improvement perspective, the product's compatibility issues with Linux need to be resolved.

The response from the support team needs to be made faster.

I have been using Prisma Access by Palo Alto Networks for three years. In my previous organization, I used the solution for two years.

The stability of the product is good. Stability-wise, I rate the solution a nine out of ten.

The scalability features of the product are available in a package. GlobalProtect will serve even if you purchase a device with a capacity of two hundred users. You can't increase the capacity above two hundred users. Basically, with the device capabilities, you can include 200 users in GlobalProtect, so it all depends on your hardware model.

In my previous company, there were around 150 users of the tool with Linux. I feel that there were almost 200 users of the product.

The technical support for the solution is good, but it is not like Cisco's support services. Sometimes, there is a delay in response from the support team's end, but during emergency cases, it is okay.

The product's initial setup phase is neither straightforward nor complex, making it a process that lies in the middle. I will say that it is very easy to deploy.

The tool's configuration can be done in one day. In my previous organization, my colleague and I were the two people who deployed the product, tested it, and found the results, and then we delivered it to our clients.

As per my previous experience, after I gave the solution to the company's customer, I took care of one custom configuration for a particular purpose. I read the tool's documentation to see how to configure it and how to set up GlobalProtect on the client machines, after which I made a documentation explaining the way to deploy it and install GlobalProtect.

For deployment and maintenance purposes, one or two people are enough.

In terms of the ROI, the tool is secure for official data. If someone wants security, GlobalProtect SSL VPN is something that I would recommend. With the tool, it is not possible to count how much revenue it helped generate since it basically protects your data from home to your office network and communicates with lots of data. The tool is secure. From a security perspective, GlobalProtect is good.

In comparison with GlobalProtect, there could be FortiClient. If some users cannot afford Palo Alto Networks, then they can choose FortiClient.

My company didn't receive any support from Palo Alto to connect securely to our organization's branch offices. The tool is very easy to deploy. Another co-engineer and I in my company completed the deployment task for the solution. The deployment is not very difficult, especially if you have Palo Alto's Next-Generation Firewalls since with it, you can really get the VPN connection for Windows and other operating systems, but my company had faced some challenges with Linux, so we had to purchase another license only for it. For Windows and Mac devices, the tool is free. If I purchase Palo Alto's Next-Generation Firewalls, it is free for Windows and Mac, but a license is required to use Prisma Access on Linux.

I haven't used the cloud-based nature of Palo Alto Networks to simplify our company's network security management. I have only used the on-premises version in our company's infrastructure for GlobalProtect. I don't have any idea about the cloud Security in the product.

The performance and reliability of the product are good.

For the integration process, you first have to configure the firewall with the default management port IP, or alternatively, users can configure it through the console, which includes the CLI mode and GUI mode. Okay. After logging into the firewall from the CLI or GUI, you can configure GlobalProtect by taking into consideration the outside and inside zones, which we want to give access to via the tool. I am experienced with the tool's GUI mode. I configured it through the GUI mode. The first thing you have to learn about Palo Alto GUI mode is how to configure GlobalProtect.

In general, I rate the tool an eight and a half to nine out of ten.

I use the solution in my company for our remote workers and branch access.

The product's price is an area of concern where improvements are required. The solution's price should be lowered.

Our company faces some issues during the product's configuration phase. The product's configuration part is slow and not very effective. In my company, we have to change the configuration multiple times to make it effective. The configuration part of the product can be improved.

The product's support team needs to improve the quality of services offered.

I have been using Prisma Access by Palo Alto Networks for a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a ten out of ten.

The product is suitable for medium to large-sized companies.

I have experience with the solution's technical support. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet FortiEDR.

The product's initial setup phase is simple.

The solution is deployed on the cloud.

The solution can be deployed in a couple of hours.

Zscaler is a good product. In terms of features, Prisma Access by Palo Alto Networks and Zscaler are at the same level. Prisma Access by Palo Alto Networks may have an advantage over Zscaler in terms of security. Palo Alto Networks comes from security vendors, and Zscaler is available from cloud vendors. When it comes to simplicity and connectivity, Zscaler is better than Prisma Access by Palo Alto Networks.

The product is secure for remote workers since it has many cloud-based facilities that can offer protection.

The product can provide improved access to those clients who do not directly go to SaaS applications but prefer to use such applications via Prisma Access since it provides security policies to help secure the network traffic.

For security needs, the product's security profile is good.

I have experience with the product's GlobalProtect VPN feature, and I feel that it works fine. The feature also allows the customer or client to go through a tunnel to Prisma Access.

The integration of Prisma Access with Palo Alto Networks can provide a better security posture. The integration of Prisma Access with Palo Alto Cortex XDR is the best, especially when our company sends the logs from Prisma Access to Cortex Data Lake. My company gets a full view of the attack part, consolidation, and timeline of the attacks in Palo Alto Cortex XDR.

I recommend the product to those who plan to use it.

I rate the tool an eight out of ten.

The solution is not very complex and is easy to manage for people who may or may not have knowledge about Palo Alto Networks. 

The initial support team is not very good. Most of the time, I have found that they are one to three years experienced only. They don't have network expertise. They know about Palo Alto products but don't know how to troubleshoot the issues. We have to guide them most of the time to troubleshoot correctly since their approach is not developed. 

I have been working with the solution for a few months. 

The solution is very stable. 

We are a large team and work for multiple customers. 

The senior engineers are very good and you need to escalate your issues to them. 

The tool is very easy to set up. It will take some time since you need to plan all the things. You also need to think about the migration of the existing infrastructure. It is not like you can complete the installation in a week. We will collect information first on users and categorize them from a user perspective like the applications and services which will be connected to the product. We will make a plan once we understand the user requirements. It is a long process and we will ensure that everything is secure. A document will be created with the data flow. We will ensure 100 percent that everything is working fine. 

Prisma Access is a good product and I would rate it a nine out of ten. 

Our use case started with the pandemic. Before the pandemic, our users worked in our office, but when the pandemic started our users were at home. They wanted to have the same kind of access that they had on-premises. We deployed a network and mobile services for them so that they could have the same experience sitting at home and access all the infra in the office. We use mobile access to connect to Prisma Access, and from Prisma Access we built a site-to-site VPN to connect to the office network so that they would have the same kind of access.

It is very helpful because it is protecting the applications that are behind it. It has so many components that we can use to secure our applications.

Prisma Access has all the features from Palo Alto. But the visibility perspective is pretty cool. If I want to know how much data is being used for a specific project, I can look at how much data has been used, from which region, and which users have been connected. That visibility is very good so that I can see how many licenses we have and how many are used. It gives a great view of what is happening, of everyone who is connected. That is one of the things I like.

It provides traffic analysis, threat prevention, and URL filtering, although I'm not sure if it provides segmentation. These features are very important. We wanted to filter traffic according to our standards. The URL filtering helps to filter the traffic so that we only send the traffic we want to on-premises or the internet. Without this, it would be very tough.

Also, it protects all your app traffic. It's like a next-generation firewall. It does everything.

For a non-technical guy, the reporting of Prisma Access is very easy. You need to know the navigation tabs, but it only has so many of them and you can do many things in the tabs. It is pretty easy because there aren't that many pages or options.

And the updates, like URL updates, IPS, IDS, and any WildFire subscription updates are very helpful for protecting our infra.

There should be a dedicated portal or SASE-based solution. They're trying to add a plugin but it needs a dedicated portal because it is now an enterprise solution for multiple organizations. People should be able to directly log in to a dedicated page for Prisma Access, rather than going into a Panorama plugin, and always having to update the plugin. An administrator should be able to look at it from a configuration perspective and not the management and maintenance perspectives.

We started using Prisma Access by Palo Alto Networks with the pandemic in 2019, so I have been using it for over three years.

Initially, they were coming up with a new plugin every one or two months, and you would have to download it. But now, I don't see that. Their team continues to work on it, but as a customer, I see it as stable. 

They're using the resources of GCP so if GCP in a specific region has some issues, it will impact Prisma Access. They have to look at some kind of backup.

I don't see it as a scalable solution because it is running on top of VMs. They say it is scalable, but we didn't see it working that way for one or two incidents that we had. But later, they had more firewalls in the cloud and kept them on standby. Since then, I haven't seen that issue.

I have implemented the solution for 100,000-plus users, and most of them are connecting from home. It reduces the load on our on-premises firewall, handling posturing and VPN. It is a dedicated project, meaning everyone, all of our employees, uses the same solution to connect to the infra.

When I started working with their support, the product was new for them as well so they were not all that familiar with it. They need to improve the technical support staff.

Positive

We were using Cisco AnyConnect but we replaced it, in part, with Zscaler and mostly with Prisma Access.

Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.

When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.

The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.

Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.

We evaluated Zscaler Private Access and multiple other cloud solutions.

Compared to Zscaler and other services, the advantage of Prisma Access is that it supports both data and voice. The other vendors don't support voice. With Prisma Access, we don't need to look for any other services or solutions. It supports your data and voice services as well and that is one of our most important requirements.

At the end of the day, Prisma Access is nothing but a firewall that is hosted in the cloud. It depends on your capacity, the users that are connecting, and the VM you are running in the backend. It has all the capabilities and subscriptions that we were using on-premises. I don't see any challenges in terms of security. It is secure. They haven't compromised on anything with Prisma Access. It tries to protect us as much as possible.

It's crucial for us and is helping us a lot if you look at it from a business perspective.

We can do a lot with it and use it for eight to nine use cases. It supports your data and voice and, as I noted, I haven't seen any other product support both. Prisma Access is the best product. It depends on what you're looking for. But if you have a lot of requirements, you should go with Prisma Access.

In my first company, we encountered some problems with endpoints because we had colleagues working out of country and we didn't know what happened to their clients. We used Prisma Access for information regarding the client status and the client programs because it can check and control client operations.

In that company, before Prisma Access, we used public access and we encountered many attacks from outside. Our DevOps and software engineers always connected from outside. When I came to that company I changed things, but without Prisma Access but it was very difficult. I had to do IAM per user. But when we integrated Prisma Access we could grant access by integrating the identity storage. I could grant access very quickly and see the behavior of my developers and software engineers. Sometimes they would come with new requests and Prisma Access provided quick policy deployment.

The solution helped us immediately solve the problem with our colleagues' endpoints when we encountered it.

When we integrated with Palo Alto's Cortex application in the cloud, it provided threat analysis and we didn't worry about malware or malicious traffic from Prisma Access. It was analyzing and blocking things after the Prisma Access analysis. When we used traditional VPN applications, there was no threat analysis and we counted on that from the firewall. But with Prisma Access working as a firewall and VPN, the security engineer could see everything in one portal. That meant we could analyze and block things immediately.

For my company, the features and remote accessibility were an improvement over the more traditional VPN applications. With Prisma Access we could grant more security than our public access allowed. We had more tracking of the client side. We could see and calculate their work shift time. We didn't have these features in traditional VPN tools.

We had new vulnerabilities or threats coming up daily. Using a traditional firewall or VPN, updates depended on a schedule, but Prisma Access updated itself by checking the threat database and protected us that way.

The biggest thing I learned from using Prisma Access was that, compared to conventional VPN applications, where we didn't know how users were behaving or when they were connecting, we could see how they were behaving and when they were connected. We could see what they encountered, the problems, before they complained.

The cloud VPN features mean we can connect everywhere and track where all our users are connecting. It's a helpful feature for us. We used to use traditional VPN tools, not cloud-based VPN, but Prisma Access came out with new, innovative features, including client-tracking, which was more valuable for our company. It was very impressive for us. The solution's VPN connection provided a lot of protection and was proactive. It was a better option for us. 

Also, we can split our web application and client internet traffic with Prisma Access so that it is protecting both web applications and our specific, non-web applications. The protection for web-based applications was helpful for my colleagues who didn't want a particular application on their devices. And the non-web access protection was more for our developers because they were writing and building code on their computers. Prisma Access was able to protect them.

Sometimes, we encountered a portal crash. When we told Palo Alto they said it might be the browser or cache, but I think they need to improve it on their side.

I have been using Prisma Access by Palo Alto for four years. I integrated it for my first company and I implemented it for a proof of concept for another company and they love it.

In my current company, we are not using it because this company is working on-prem, but we have a digital transformation plan for next year.

It's reliable.

It provides scalability in terms of the features and they are giving a bonus depending on the number of users. In my previous company we had 2,000 users.

I am always tracking the new technologies and features. I see there are many AI and digital technologies and I believe Prisma Access will use these more effectively. It may integrate with AI technologies and some of the analysis, as well as policies and access, will be done automatically by Prisma Access.

They have a separate technical team for Prisma Access. Normally, Palo Alto has TAC engineers working on their different products, but they have a specific Prisma Access support team in my country. When we called or created tickets they supported us immensely. I expected to hear from them within one hour.

Positive

We used a traditional VPN solution, but nothing like Prisma Access.

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

The implementation strategy was designed by Palo Alto engineers. They have good tech support guys who assisted us and explained all steps. They gave us some options and helped us choose the most effective way.

When they configured it from our requirements it worked the first time. Normally things didn't work like that before, but with Prisma Access it was integrated on the first try.

Where I'm working now we have FortiGate but at my old company, we didn't prefer that. When Palo Alto did the presentation at my old company, we understood they were professionals and that their features were more valuable than FortiGate.

You don't need to worry because it will be integrated very quickly when you work with the Prisma Access support team. Be sure to ask many questions to understand the Prisma Access features and you will be able to use it very effectively.

The use case for our clients is that they have branch office locations all over the world. Users can connect over the internet and inspection of their traffic will happen on the Prisma infrastructure. Remote users can also connect to the VPN through Prisma infrastructure, and they can connect their data center with the Prisma infrastructure as well.

It's a cloud solution from Palo Alto Networks. Customers just need to establish an IPSec tunnel from their on-prem device with Palo Alto's closest location, which they have all over the world—100-plus locations.

The benefit of using Prisma Access is that the customer doesn't need to have their own data center. They just need to purchase a Prisma Access license. The customer will save on the labor cost associated with the data center, on the electricity cost, and they will save on the land cost as well. The data center infrastructure is provided by Palo Alto Networks.

Prisma Access is a big change for our customers. Not having to have data centers, and not having to deploy a firewall at each location, makes things simpler.

The solution also enables customers to deliver better applications. It helps them save on costs. It is easy to manage with fewer resources.

It's easy to manage. Our customers do not need to worry about what is happening in the data center. With legacy networks, they have to worry about things like the firewall being down and having to go to the data center to replace it. With Prisma Access, they do not need to worry about that. Palo Alto takes care of it. If something goes down in the infrastructure, the Palo Alto team will take care of it.

Prisma Access protects all app traffic, so that users can gain access to all apps. It is important for our clients that all traffic coming through the firewall is inspected. Prisma inspects all the traffic, and if a customer wants to make an exception for certain traffic, that is also possible.

It also inspects both web-based apps and non web-based apps.

In addition, it's really easy to manage. If customers have Panorama they can use it to manage Prisma Access. There is also a cloud application which provides a single console to manage it. Changes can be made on that console and pushed to the customer's environment, which is another way they make it easy to manage. The customer can opt for Panorama or the cloud management application. The latter is free.

Prisma Access provides traffic analysis, threat prevention, URL filtering, and segmentation, as well as vulnerability protection, DLP, anti-spyware, antivirus, URL filtering, and file blocking. It provides everything. This combination is very important. When a customer wants to block certain URL categories, they can block them. If they want to exclude any entertainment websites from their environment, they can block them. What we implement depends totally on the customer's environment and what they need. We can play with it and modify things.

Another benefit is that if any vulnerability is detected, such as a Zero-day attack, Palo Alto provides an update dynamically. The patch is installed so that the network is not exploited.

The Autonomous Digital Experience Management (ADEM) offered by Palo Alto is a good reporting tool. It gives insights into how things are going within the network. It takes all the data from the users' endpoints and does an analysis, and it suggests changes as well. The ADEM analysis of various tests will give the user feedback such as, "Okay, I'm seeing latency here." We or the customer can then improve on that. If something is blocked that shouldn't be, we can make a change in the policy. It's a good tool to have. It makes the user experience better.

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

I have been using Palo Alto Networks Prisma Access for around one year, as a consultant. I have deployed the solution for clients all over the world.

The availability of Prisma Access is good. I haven't seen any major issues yet.

It is scalable. We scale the solution based on the customer's requirements, after getting their technical design and discussing how they want to deploy it.

I would rate their customer support at nine out of 10. The one point I have deducted is because it is very hard to get support sometimes. There are times when the customer has to wait a long time in the queue. But once they get an engineer, they get the proper support. The Palo Alto engineers are good. It's just that it's very hard to get the engineer on time, sometimes. I believe this is because the solution has expanded a lot. Users are purchasing it but the support is not keeping pace. They are working on that and the support is going to be increased in the future.

Positive

The deployment is simple.

The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.

I'm not involved on the financial side, but I believe the solution is costly.

In the same way a customer manages their on-prem firewalls that are not on Prisma Access, they can manage Prisma Access infrastructure through Panorama. That makes it easy for them. The customer is already familiar with how to manage things with Panorama, so there isn't much that is new. There are little changes but that's it. If a customer is already using Palo Alto, we recommend going with Panorama.

Overall, the security provided by Prisma Access is top-notch. It is the same firewall that Palo Alto provides for a local setup. It's the best firewall, per the industry review ratings.