IT Central Station is now PeerSpot: Here's why

Prisma Access by Palo Alto Networks Room for Improvement

Partha Dash - PeerSpot reviewer
Global Network Tech Lead at a computer software company with 10,001+ employees

There are definitely a number of things that could be improved. 

One of them is geographic coverage. China is still an issue because the solution does not operate there properly due to government regulations. I believe Palo Alto is trying pretty hard to get into partnerships with Alibaba and other cloud providers, but they do not have the same compelling offering in China that they have in the rest of the world. Businesses that are operating within China have to be very sure to evaluate the solution before making a buying decision. It is not an issue with Palo Alto, rather it is predominantly the result of government rules, but it's something that Palo Alto needs to work on.

There is also room for improvement when it comes to latency in a couple of regions, including India and South America. They might have to increase their presence in those locations and come up with more modern cloud architectures.

The third area is that, while Palo Alto has understood the essence of building capabilities around cloud technology and have come up with a CASB offering, that is a very new product. There are other companies that have better offerings for understanding cloud applications and have more graceful controls. That's something that Palo Alto needs to work on.

View full review »
TejasJain - PeerSpot reviewer
Sr. Cloud Security Architect at a computer software company with 10,001+ employees

It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work. 

View full review »
Max Islam - PeerSpot reviewer
Associate Director at Cognizant

The challenges we have faced are not connected with Prisma's core fabric, but more with the end-user. To use the GlobalProtect client and meet all the requirements, your laptop or your end-user system has to be at a point where things are up to date. It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there.

It's always a challenge when people at the executive level start complaining because they're using the latest version of the MacBook Pro and it's not playing very well with Prisma.

View full review »
Buyer's Guide
Prisma Access by Palo Alto Networks
June 2022
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,812 professionals have used our research since 2012.
Senior Network / ITOps Engineer at a leisure / travel company with 201-500 employees

The only drawback at the moment is that a “Cloud” solution like Prisma Access requires Palo Alto Panorama, which is normally a VM that sits in your DataCenter. Panorama is used for monitoring and mainly for configuring the different components of Prisma Access.

For the configuration part, Palo Alto has recently introduced an equivalent cloud application, but not all features are available yet. Also at this moment if you enable Prisma Access with Panorama you cannot migrate to the Cloud version.

View full review »
Senior Network Consultant at a financial services firm with 10,001+ employees

I can't think of many things that need real improvement. But one thing that comes to mind is that when we deploy firewall rules via Panorama, we find it's a little bit slow. We have a global environment and might have 100 gateways or VPNs in the cloud. When we deploy something, it tries to deploy it one-by-one, and that can be slow. For example, one time we pushed a firewall change and the changes took about 10 minutes to finish up. If they could optimize the whole process to speed up that kind of deployment, that would be especially helpful.

View full review »
Naresh Pratap - PeerSpot reviewer
Senior Network Security Lead at a tech services company with 10,001+ employees

Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well.

We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR.

The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server.

Technical support could be a lot better.

View full review »

If you compare Prisma SaaS against other products, such as Cloud Log, it's a little bit tricky to understand, but it offers different functionality that other products don't have. From a user usability point of view, you need some training for this product, as an admin, you need a couple of demos.

The reports and setting the policies could improve, they are important. Their UI is a little bit confusing when you create the policy section. There are times when it looks like you are in one section, but you're technically in another section and you're saving something else. The need to make it more clear in the UI for policy creation and setup.

View full review »
Global Leader Network Engineering at a financial services firm with 5,001-10,000 employees

We've run into some challenges, having hit a lot of bugs over the past year in the deployment of GlobalProtect. We've had our fair share of issues that I haven't been happy with. We're working with the support organization to remediate them and waiting for updated releases. The response on getting the bugs fixed has not been what I would consider adequate for a product like this. We've had some very pointed discussions with the support organization and the development teams on those issues and on doing what we can to help remediate them as well. They have been more responsive now towards our needs but it's a work in progress. 

They're going from being an organization that supported physical hardware, the Palo Alto firewall, into the realm of a SaaS-based solution. As a result, they need to change their operating model, support model, and release model to support that SaaS-based solution. That is related to support, related to operational efficiency, and deployments of code. Those are the areas where they need to improve.

View full review »
Saman Gupta - PeerSpot reviewer
Professional Services Consultant at Infinity Labs India

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

View full review »
Manager Network Engineering at a computer software company with 5,001-10,000 employees

It's not very easy to use. Sometimes it's buggy and there are problems when doing updates. The user interface is okay, but some configuration items are difficult. I would like it to be less buggy and easier to configure, to better streamline the user experience.

View full review »
Network Security Engineer at a tech services company with 10,001+ employees

I haven't seen any SD-WAN configuration capability. If Prisma Access would support SD-WAN, that would help. There are some trending technologies in networking with SD-WAN. SD-WAN is nothing more than optimizing your WAN. SD-WAN devices should be able to reach Prisma Access, and Palo Alto should support different, vendor-specific devices, not just Palo Alto devices, for SD-WAN configuration.

Also, Palo Alto only provides corporate licenses. If they would give a license to a non-corporate email ID, for testing and a pre-trial, that would be really great for users to practice with it. Everybody could explore it. Or, for people who are not working in a corporate environment and who want to explore this kind of setup, it would enable that type of test access on a personal email account.

View full review »
Clement Johnson - PeerSpot reviewer
Chief Executive Officer at Clemtech LLC

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

View full review »
Gregory Anderson - PeerSpot reviewer
Endpoint Security Manager at Catholic Health Initiatives

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

View full review »
Sr. Security Analyst at Atos

There can be some latency issues with the solution that should be improved.

View full review »
Head of Pre-Sales at a tech services company with 51-200 employees

When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.

View full review »
Senior Security Architecture Specialist at a computer software company with 201-500 employees

It is integrated with the MDM solution but it is not a VPN, so this is something that can be improved. Better integration with the MDM solution would be useful.

View full review »
Buyer's Guide
Prisma Access by Palo Alto Networks
June 2022
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
610,812 professionals have used our research since 2012.