Prisma Access by Palo Alto Networks Reviews

One of the main advantages we have found of Prisma Access is that it has gateways across multiple continents. Due to that, many users can connect from different parts of the world will be able to access everything very fast. Also, internet access through VPN has become much simpler in getting the traffic to our on-prem data center.

The main example is my particular client that has employees working from different parts of the world - Malaysia, Singapore, India, Europe, and even the Middle East. The use of multiple continental gateways has helped us a lot. The users who are working in different parts of India can connect to different gateways. There are four gateways, including in India itself, the Middle East, and Europe as well.

The WildFire Analysis is one of the good features we observed. Due to the fact that the traffic from the user to the internet is not passing under our on-prem, there is generally less control over it. With the help of WildFire Analysis, we are able to make sure the users are not downloading or accessing any malicious sites or any malware or anything.

The use of Microsoft Teams from a VPN used to give some issues earlier, however, with the Prisma Cloud, that has improved quite a lot. Even if you're tunneling the traffic of MS Teams through this Prisma terminal, there has been no issues yet. The VPN access it allows for is great.

The stability of the solution is very good.

The scalability of the solution is excellent.

Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well.

We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR.

The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server.

Technical support could be a lot better.

We have deployed the Prisma solution and environment almost six months ago and we have been using it for the last six months.

The solution is very stable. It doesn't have bugs and glitches. It doesn't crash or freeze.

So far, we haven't observed any such issues. We have been closely monitoring for the last six months but there have been no issues with latency or anything. The only thing we are worried about is that what if something goes from the cloud if the cloud set up as an issue. So far, we haven't encountered such an issue yet, however, the client is always worried about that point as all these things are happening externally to our own firm. That said, so far it hasn't given any trouble.

Scalability-wise it's a very good solution as we will be able to increase the number of users or decrease the number of users or even the bandwidth. Scalability-wise it's a perfect solution.

This solution is used by little over 8,000 users in our intranet and the user roles span from high-level management up to the contacts and their employees who are supporting the calls and the suppliers for the telecom. It is being used by a lot of different variety of users, management, IT, admin, business users, call center users, everyone.

When we decode, we decode it for 10,000 users. So far, we haven't increased it yet. In the future, if our number of user accounts increases or if the Work from Home situation due to COVID continues, then maybe our client will think about increasing it.

Technical support for this solution is via one of our third-party vendors. One problem is that the third-party vendor is not able to resolve all the issues. They will have to go to Palo Alto technical support via their exclusive support. One problem is ASP. Palo Alto is taking a lot of time for coming online and supporting that could be for a minor issue or a major issue. The time taken by Palo Alto Support to get online and support us has been a pain area. We're not really that satisfied.

Before Prisma, we were using the Palo Alto on-prem solution, Global Protect Solution. We had Palo Alto firewalls in our on-prem which we were using for VPN and before that, we used a few VPN solutions.

The initial setup was a mix of difficult and straightforward. We did the deployment in phases for users across different continents. By the time we finished the deployment, which took nearly six months, it was in our case a stable solution and simple to use as well. However, it took a while as we were working on different continents and moving from one to the other in a particular order.

The team was a combination. The team was a combination of one of the vendors in Malaysia and my team, who's from a client end. So there was a total of seven members in the team.

Our implementation strategy was as follows: we already had one Palo Alto Global Protect Retail Solution, so it was not big trouble for us to migrate it to a cloud. We started implementing, planning the redundancy for such two different sites. We established the IP set terminals with our two different sites, which will terminate from the cloud to Palo Alto VPN Box on our on-prem. Then, we gradually migrated the users from on-prem to the cloud.

In terms of maintenance, first of all, we have to keep on monitoring it. If there is something wrong with the cloud, we will have to get the alert and act accordingly. Maintenance-wise so far we have increased the bandwidth for internet links. At that time we had set up redundancy and there was no trouble with that. Apart from that, so far, no other maintenance has been done.

We had a vendor assist us a bit during the implementation.

I can't speak to the licensing costs. We had a two-year license, which we are still on.

We're just customers and end-users.

We are using a SaaS version of the solution.

I will definitely recommend implementing this product as it has a very good scalable solution. Considering this work from home scenario in COVID, it is one of the best solutions one can implement. However, my advice would be to make sure you have enough internet bandwidth while implementing and also make sure there is site-level redundancy at your end. If you are a client then you won't implement it. Make sure there are two separate IP set terminals published from the client to your end. That way, if something goes wrong, your internet goes down or something, the VPN will be accessible.

One good lesson I have learned is that earlier in my thought process related to VPN was very narrow. I never thought that you can put it across multiple continental gateways and allow users to access it so fast. 

I'd rate the solution nine out of ten.

We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.

Overall, it's a great solution that works quite well.

The solution's most valuable feature is the posture checking. 

It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

I've probably been using the solution for four years at this point.

The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.

The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult. 

You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.

On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users. 

I can't speak to the acceptability of technical support. I've never had to contact them.

We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

I don't deal with licensing in the company. I'm not sure what the pricing is.

My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.

We're just a customer. We don't have a business relationship with the company.

I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.

Overall, I'd rate the solution eight out of ten.

It can be used for remote access to web applications and to grant secure access to users.

I've mainly used their solutions for VPN connections from mobile devices. 

It's quite reliable and performs well for users.

It wasn't so satisfying to work with it. There is room for improvement in the policy management. It is difficult to cover the entire scenery through Palo Alto products. 

In future releases, more focus on integrations would be beneficial, along with improvements in policy management.

I am familiar with this product. 

It seemed quite a stable product. 

We have a couple of customers using this solution. 

The initial setup was relatively easy, but there were complexities due to the policies we had to generate. 

I was more of a user than an administrator. However, the deployment process seemed quick.

Primarily setting up the software. The team involved in the setup handled the rest.

One person is enough for the deployment. 

From the management side, I'm sure there are several people involved. From an end-user perspective, it's very simple. It likely doesn't need more than one person to manage it.

Overall, I would rate the solution a seven out of ten.

I am an integrator. Prisma SaaS is the most preferred solution among our customers — my customers really like it. Currently, I have three customers that are using this solution. 

Many of my customers work in the financial sector. Prisma SaaS is a top-choice solution for customers who are looking for more flexibility and secure edge points. Prisma Saas has taken big steps to please its customers. It's a cloud-based solution and cloud security is at the edge of the market. The Coronavirus and the pandemic pushed the market to the cloud.

Prisma SaaS is very easy to use; it's common sense — it's the best-in-class.  

Palo Alto is always up to the challenge. It works great with the Oracle Cloud; other SaaS solutions don't always work with various clouds. Prisma Cloud is the best. My customers love it; they all use it in various ways.

I have been using Prisma SaaS for roughly two years. 

Prisma SaaS is very stable. Palo Alto is leading the market in terms of security solutions. Other security providers are slow and a year behind Palo Alto. By the time they catch up, Palo Alto will already be working on new questions. 

This solution is very scalable. I can't think of another solution that functions better. It's very flexible — that's one of the reasons why it's more expensive than similar solutions. 

Palo Alto offers great support to their partners — we're a partner. Their support team is very knowledgeable. 

I am Russian and Ukrainian. Palo Alto provides me with support in English. My customers are not English speakers, therefore, I act as a translator for them when I communicate with support — from English to Russian and then back. 

Installation is simple. There are a few steps involved but with help from customer service and some simple troubleshooting, it's not too bad.  

I have fully installed this solution for three customers. Depending on the project, you'll need anywhere from one to three engineers. Installation and configuration also depend on the cloud that the customer uses. 

Prisma SaaS is more expensive than similar solutions but I think it's worth it. 

If I were to choose a low-cost solution for another vendor, it wouldn't be as effective. With low cost comes low usability and low effectiveness. 

I would highly recommend Prisma SaaS to others. Speaking as an ambassador for Palo Alto and Prisma access, it's the best solution on the market. Overall, on a scale from one to ten, I would give Prisma SaaS a rating of ten. 

The price is my only concern, otherwise, Palo Alto is the best. Still, every year, Palo Alto lowers the price of its solutions. 

Prisma SaaS can be used to secure sanction applications that people use on enterprises. You can integrate the solution using ATI to sanction applications such as Office 365, Google, and Salesforce. You can apply controls to protect from data leakage and then apply cloud-based DLP policies.

The valuable features are that it is easy to use, easy to integrate, and is stable. It's scalable as well.

When it comes to integration mechanisms, Prisma SaaS does not support reverse proxy type of integrations. For example, a product like Netskope has a lot more integration mechanisms than does Prisma.

I've been using it for about one year.

It's a stable product.

It's scalable. We have about 500 users.

The technical support has been good.

Prisma SaaS requires a small implementation. Two engineers would be sufficient for the deployment process.

We implemented it ourselves.

I would rate Prisma SaaS at seven on a scale from one to ten. It is easy to integrate and is stable and scalable, but it needs to support reverse proxy integrations.

We are basically using it for cloud governance. We have AWS as our public cloud service, and we have multiple cloud accounts that we manage. We're using Prisma SaaS for the cloud governance of these accounts. 

It has been very useful so far. We are a part of a small team, and we have almost 20 accounts. Therefore, it is difficult for us to log in to each account and look at cloud trail and other things. It is not possible to log in manually and check each of the vulnerabilities. Prisma has helped us a lot. It shows the alerts in real-time, and we are pretty happy with the service it offers. We now know how to categorize alerts, which ones need immediate attention, and on which ones can we act a bit later.

It has predefined or preconfigured rules, which are getting periodically updated. They are providing continuous improvements and periodically updating all search queries that they are looking for. That is one thing that helps us to stay vigilant and focused. If we query our AWS account for any breaches or vulnerabilities with any of the cloud tests, and it alerts us based on these predefined rules. It also provides an option to configure our own rules, and based on these rules, it can query the cloud trail logs, pull the information, and trigger alerts in real-time. I haven't explored this feature much because there are multiple accounts, and we don't have enough time to explore this feature. 

It also provides multiple integrations. When vulnerabilities or breaches are happening, you should be aware of them immediately. It provides integration with tools such as Slack, PagerDuty so that you can get alerted as soon as the high severity stuff comes up. For example, you have a security group that has allowed public traffic on port 22. As TechOps, you should be aware of this immediately. You cannot scan each machine or look into all security groups to identify it. So, Prisma helps us and alerts us when this kind of high-priority stuff comes up. 

It has different statistics, analytics, and graphs for data. The description of alerts is also pretty good. They describe what are the possible causes for this and what are the solutions. From Prisma Cloud, you can directly go to the AWS account. When you click on an alert, a resource, or a resource ID, it takes you to the AWS console where you need to log in. If you are already logged in, it will take you to that instance directly, and you can fix the issue there. I have found this feature very useful.

We are using the SaaS offering. We use our applications for microservices. We use Twistlock to scan containers, and it displays these results in Prisma, which is a good feature because we can see vulnerabilities with respect to these containers. We can see everything in a very detailed manner. However, when you have different environments for a single application, such as DEV, QA, PROD, and TEST, all these environments run multiple containers, which can lead to a very high number of containers. In such a scenario, it shows you the alerts for all those containers that have vulnerabilities. If you show the results of all the containers that share the same image, it is not going to add any value. Therefore, they should narrow down the alerts based on a container. It should show information for a single container. Otherwise, the person who is looking at the results gets the impression that he has to fix all these issues. This is something that they can improve.

I have been using this solution for two years.

Its stability has been great. 

I have used different tools previously. I have used Evident. Prisma is much better than Evident in terms of the information it provides for alerts. In Evident, they provide a little bit of information about the triggered alert, whereas Prisma provides in-depth details.

It is pretty straightforward. It is a two-step procedure. You need to create the roles and mention the role in the Prisma config. You have to create a role in the corresponding AWS account or Azure account and give that role information while configuring Prisma. So, you need to provide the account ID number, the role that you have created, and a short description of the account that you're using. You also need to enable a couple of other things, such as VPC flow logs and cloud trail for Prisma. If these are not configured, Prisma will still get configured, but it will alert you that you have not configured the flow logs, cloud trail, and all other events. After that, Prisma will immediately start scanning the account. 

It also has a provision for grouping your accounts into a particular group. If you have a project that has multiple accounts, you can group them together as a central group. If all those accounts are managed by a single team, you can enable alert notifications for that single team instead of each account. Everything is pretty good in terms of management activities.

Deployment hardly takes five to ten minutes. It is a SaaS offering. It is a managed service by Palo Alto. You don't have to configure anything at your site for Prisma. You don't have to create any sort of instances or deploy it. You just need to onboard the accounts.

It doesn't require any maintenance. It is managed by our corporate IT team. They have onboarded all the AWS accounts with respect to my organization. These AWS accounts belong to multiple groups of people. 

My department has around 30 people who use this solution as DevOps, and we have the access to the portal. We have enabled read-only access for certain groups so that they can go and look into the alerts and do the necessary things. We have created multiple read-only groups, and we have assigned a set of users to each read-only group.

It has definitely provided an ROI.

We looked into multiple options, and we chose Prisma considering the price and the features it offered.

We started off with AWS three years ago. As the number of accounts grew, we felt the need to use some sort of cloud governance tool because it is not possible for us to log in to each account and look for issues that may impact the organization. That's why we started to use Prisma. We are using multiple solutions from Palo Alto. We use Twistlock for container scanning and things like that.

I have positive feedback about this product. We are happy with this product and the features it offers for the price. 

I would rate Prisma SaaS an eight out of ten.

We use it to securely access cloud data centers or cloud platforms. If a customer has a lot of workload in the cloud, then from the Prisma Access cloud, they can create secure access to all cloud platforms.

The users can securely access any cloud data centers or cloud platforms. In terms of the features, it has all the features that Palo Alto Next-Generation Firewall has. It is also very stable and scalable.

When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.

We got its distribution about eight months ago.

It is very stable.

It is very scalable. The scalability can be based on the number of users or the number of networks. You can expand it the way you want. In Sri Lanka, we have about 3,000 users.

Palo Alto's technical support is good because they have multiple methods and licenses. Their premier support seems better.

The initial setup is straightforward in a way, but there are certain things that may require Panorama, which is a centralized management platform. The management of certain things can only be done through Panorama. For the initial integration, a few steps have to be followed, but after that, it is easy to configure and use.

For the console-side deployment, one or two engineers would be enough. A complete user deployment may take a few weeks to complete.

Prisma Access is a little bit expensive.

I would recommend this solution to others. I would rate Prisma Access a nine out of ten.

We are a system integrator and Prisma Access is one of the security products that we implement for our clients. We handle all products, from high-level to low-level, and we propose an end-to-end solution for each customer. I am a pre-sales architect and engineer.

Prisma Access is the name of the GlobalProtect Cloud Service.

Normally, it is sold to users who want to use a VPN agent.

The most valuable feature is the ability to join your network and provide access through the VPN.

It is integrated with the MDM solution but it is not a VPN, so this is something that can be improved. Better integration with the MDM solution would be useful.

We don't hear from customers for a long time when they have this solution, so I think that it is stable.

Scaling is easy because it is just a license that you extend.

Our clients for this solution are typically small to medium-sized companies.

We work with similar solutions from a number of vendors including Fortinet, F5, Trend Micro, and others.

We have an in-house team that is responsible for implementing products for our clients.

We also perform the required maintenance, as well as technical support.

This is not an expensive product and everything is included with one license. We normally sell GlobalProtect bundled with a firewall if the customer wants an endpoint solution.

We have to pitch it to smaller customers. When it comes to medium-sized organizations, they are almost dedicated to a VPN solution. This is a good solution and I can recommend it, although it would be improved with better MDM integration.

I would rate this solution a seven out of ten.