Prisma SD-WAN Reviews

We can integrate Prisma SD-WAN with Zscaler, a third-party application, as well as with Prisma Access from Palo Alto. These are the endpoints. That means we are controlling the internet traffic. These days, with so many people working from home due to Corona, we have to control the internet traffic. That is one of the main use cases for Prisma SD-WAN.

Another use case is because in Europe there are multiple languages. Some of our customers complain that when they are browsing the internet, they are not getting their local language, or they're not getting English. The reason is that we have established Zscaler connectivity. The low latency endpoint, because Zscaler is in the cloud, is communicating to the branch and, as a result, they're getting a different language. In such a case, we build a static tunnel to the static Zscaler and a static tunnel to the node. We can establish that connectivity in Prisma SD-WAN and it will connect smoothly, without any issues.

Prisma SD-WAN is an SD-WAN optimization product, where we don't require any kind of MPLS circuit. If such a circuit is there, it is no problem, but in general we are able to eliminate MPLS circuits and establish a site-to-site tunnel. That is one of Prisma's benefits. Some of our customers are still using MPLS circuits, but I am working with my customers to eliminate them. In place of that, we are allocating high-bandwidth internet to the site.

It also helps reduce costs. If you have one data center connected to another data center, or a branch connected to a DC, you have a P2P circuit. That is too costly and we can eliminate it. So it is very helpful, cost-wise, for our customers.

The solution is also very flexible when it comes to policies, so that you can redirect the traffic. Suppose the quality of one of your circuits is bad. It will automatically shift traffic to the second circuit, which has better quality. We don't need to make any alterations. In a legacy environment, we would have to do a lot of traffic-routing and change everything. But here, it is automatic. No human interaction is needed.

In addition, administration using Prisma SD-WAN is very flexible. Devices, policies— everything—is in a single portal. If you think about a legacy network, you would have to go to a data center, you have to go to a server or log in to the data center router, and do routing P2P. With this solution, that is not at all required. Everything is in the UI. With 10 days of training you can administer a customer. I was not a network guy, previously. I started my career as a system support engineer and I don't have a networking background. But it is very easy. With some training and knowledge of networks, it is easy to manage.

In terms of automation, we can connect this solution to our ticketing tool, which is ServiceNow. (We can also integrate Prisma SD-WAN with other third-party applications like Zscaler, AWS, and Azure, among others). Whenever there is an alert, it will send a message to ServiceNow and that solution will automatically create a ticket and send it to the concerned team. If we have 10 customers, we can monitor all the infra at the same time. Whenever an issue is resolved, one more message is sent automatically to ServiceNow saying, "Okay, this issue is resolved," and ServiceNow will automatically resolve the issue without human interaction. This kind of automation simplifies things because there is a single portal for administration.

Troubleshooting is very easy compared to other SD-WANs and legacy environments. We can filter by source and destination IP and check, if the traffic is failing, what is happening to it. We also have the advantage of being able to look at which application is involved, and that is not something we could not do on a legacy system. We can filter by application and see if the traffic behavior is normal or failing.

We can also see

• application health - if it is good, it shows as green, if not it will be red
• application response - whether the application is responding or not properly
• current, new and concurrent flows.

Everything is viewed in a single page. We don't need to go to a CLI. We can filter everything. Even the L1 team can monitor things and talk to the customer, rather than issues having to go to L3 or L4. That is the beauty of the solution. It is very easy. Previously, the L1 team could only create a ticket and didn't have access to the router to do troubleshooting. They would have to wait for L2 or L3. Now, we can give them basic, read-only access so that they can also view the network and see what the traffic is like, whether a device is up or down, its power status, et cetera. These kinds of things are no longer dependent on the L2 team. Tickets are mostly handled by the L1 team.

Another benefit is that it helps reduce network troubleshooting time, by a lot.

Previously, we were getting multiple alerts, even from one site going down. There are interface-down alerts, device-down alerts, internet-down alerts. All these are really a single alert that means "site down." That type of correlation was implemented about six months ago by the Prisma SD-WAN engineering team and it is working successfully. It makes things much easier when we are only getting a single alert. Otherwise what happens is that we have multiple tickets created in ServiceNow. A single site down could create 50 alerts, but now it's a single "site down" incident.

The product has a controller which is hosted on the AWS cloud, and we have three cloud data centers. From the main controller, we can administer the customer's devices, QoS, network, and traffic. We can monitor it and we can change and create policies as well as upgrade the software. We can totally control a customer's network from one site, the Prisma SD-WAN portal.

Prisma SD-WAN has a lot of advanced features, one of which is Zero Touch Provisioning. If you want to migrate to the cloud, or you want to migrate your office to a high-end router or an edge router, it is too difficult. It would require a lot of planning, a lot of implementation, and a lot of headaches and operational burdens. But with Prisma SD-WAN's Zero Touch Provisioning, we can collect the customer's infra and analyze it. According to that, we can prepare a diagram and implement high availability with two devices. That way, if one of the devices is down, the other will take an active role with the forwarded traffic.

And whenever we are required to make any changes, we can make them to multiple devices at the same time. Suppose we want to change the IP address, or create a static cloud. We can create a template and can use it for multiple uses.

If we want to upgrade software, in GitHub there is a lot of code uploaded by Prisma SD-WAN developers that we can download to schedule the upgrade onsite, and it will automatically upgrade the software and reboot the devices. If there is only a single device involved, traffic will definitely be cut off for some time, but if you have implemented high-availability, with two devices onsite, there is no traffic interruption during a software upgrade. It will be shifted to the second device while rebooting the first device.

Other features include event, security, network, and path policies. Regarding path policies, suppose you have two internet circuits and you want one circuit to be the primary and the second circuit to be the backup. Using an SD circuit would be too costly in a normal situation. But whenever the primary circuit is down, since the office should definitely not have an outage, we have to ship the traffic to the SD circuit. In that scenario, we can create a path policy, so that whenever the primary circuit is down, this traffic will forward automatically to the other circuit.

Also, suppose I have very critical business applications hosted on the cloud and I want to prioritize these applications. For example, if there are two people working with SAP while other people are just casually browsing the internet, using Facebook or Gmail. I want to give priority to the SAP customers. I can set this kind of priority with four levels of traffic or QoS, platinum, gold, silver, and bronze. I can put the SAP traffic in the platinum level and it will get more bandwidth and the application will perform fast. Its traffic is prioritized immediately, over the other levels. And if you have two internet circuits and you want to direct your SAP traffic to the fastest primary circuit and your Gmail and Facebook traffic to the secondary circuit, that is also possible with Prisma SD-WAN.

In Prisma SD-WAN there are three modes: Control, Analytics, and Disabled. If you disable the site the site is completely down and inactive. If you are in Analytics mode, that means the site is being monitored. But mostly, we are using that for DC sites to get the traffic metrics. In Control mode, the site is fully functional.

And WAN management is very flexible. We can create multiple WANs in a site and we can customize a WAN. We can move traffic around, depending on the customer's requirements and internet availability.

In some areas, compared to other SD-WANs, Prisma SD-WAN has fewer features. 

First of all, sometimes, if one device is down, the other device will not come up. When there are two devices and we have created HA, that means one device gets a priority of 100 and the other is given 90. The 100 priority is active and the 90 is the backup. In some cases, the primary device is down, but the secondary device is not becoming active. In that case, we have to reboot the devices, causing an outage.

I would also like to see improvement in the product training for customers. Palo Alto has not initiated very much training but they have to do so because this is a new product. If you have experience in a legacy environment, and you are moving to Prisma SD-WAN, you don't have a training framework. That is one of the disadvantages. Although they have a training portal, it is a read-only platform. They need training for engineers so that engineers can work very quickly and properly.

And with software upgrades, sometimes the device does not come up and we have to do a manual restart. It doesn't happen every time, maybe one or two times out of 100. It's minimal but it does happen.

I started working with Prisma SD-WAN in January, so I have been using it for about 10 months. I have multiple customers around the world. I support them in operations, QoS shaping, implementation, and many other requirements.

Prisma SD-WAN is stable.

Initially, the SD-WAN product was handled by cloud teams. In 2020, it was acquired by Palo Alto and then there were a lot of changes. Massive changes happened at the SD-WAN level.

Now, it's stable. If you go to the Prisma SD-WAN portal you can see any downtime. It is completely okay. I haven't seen any downtime for the traffic. There has been some downtime for the administration portal due to maintenance.

It is scalable. I have not faced any problems with the scalability.

In our company, there are approximately 100 people supporting many customers. In my scope I work with more than 10 customers. They're not very big customers. They are generally small enterprises with 20 or 30 sites, and some customers have only five or six sites. Some have branches in the UK, the US, India, Japan, or China.

Everything is done through a single support portal. Whether you are using Prisma SD-WAN or a Palo Alto firewall, you can create a ticket there. A Palo Alto engineer will call or email you with an update.

If you need help creating a policy, you can create a ticket and they will schedule a call via a Zoom meeting. You can then explain your requirements.

Most of the time they give good support.

Positive

It is straightforward to set up. It is very easy if you have a basic knowledge of networking. I didn't have much experience in networking and I'm not a super master of SD-WAN. But for most of the use cases based on our customers' requirements, I was able to do things myself.

In some critical situations, I have made use of assistance from the Palo Alto engineering team to resolve some issues. In some cases I didn't have access and they have super access. For example, if you want to see actual bandwidth, you have to go to the kernel level of the devices, and that access was restricted for me. This was handled by the Palo Alto team.

Generally, it doesn't take much time to deploy the product. Whenever a customer has a new branch, we create a customer inventory and order the hardware for them, depending on their requirements. We use 7K or 9K in data centers, and 2K or 3K for a branch. Once it is delivered, the customer will order the internet circuit. At that stage, we will work with the customer to create a diagram and, according to that, the customer will prepare their infrastructure network. We will then configure the SD-WAN devices per the requirements, such as software version and policies. Once it is deployed, the site will go live.

If you have knowledge of the Prisma SD-WAN product, you can do the setup without assistance from Palo Alto.

It is a growing product and Palo Alto gives you training for it. I have attended many programs from Palo Alto.

I would definitely recommend Prisma SD-WAN. It is a growing product, first of all and the Prisma SD-WAN team is doing a very good job of upgrading the platform. The product is very flexible and understandable. Everybody can work on it. The GUI is very friendly. You also have CLI access if you want. Our customers who use it don't require a top network administrator to work on their networks. Even an IT admin can work with the Prisma SD-WAN and modify things.

Overall, it makes things easy and it is cost-effective. There's no complexity in the network. Everything is in the portal and is available. You can administer devices and traffic in this single portal.

The security offered by the solution is pretty good.

Prisma SD-WAN should provide more flexibility and scalability on the hardware. The solution's conversions and failover need to be improved.

I have been using Prisma SD-WAN for two years.

Prisma SD-WAN is a stable solution.

I rate the solution’s stability an eight out of ten.

Our clients for Prisma SD-WAN are medium-sized businesses.

I rate the solution a four out of ten for scalability.

On a scale from one to ten, where one is difficult and ten is easy, I rate the solution's initial setup a five out of ten.

The solution’s deployment took a while.

On a scale from one to ten, where one is cheap and ten is expensive, I rate the solution's pricing an eight out of ten.

The solution's security framework has enhanced our data protection. The solution offers really good security. We faced some challenges while integrating Prisma SD-WAN into our existing infrastructure. The key is to presage the SD-WAN ION boxes prior so you can do a simple cutover. Do as much groundwork as possible, and then you can cutover to the new boxes.

Prisma SD-WAN is aiding our AI-driven initiatives because we can push our policy updates across the board. Earlier, if you needed to provision a new IT service, you'd need several resources to implement via the command line interface to individual boxes. Now, it happens with the push of a button, and it works its magic. We're standardizing the networks first, building automation, and then looking at AI.

Overall, I rate the solution a seven out of ten.

We are doing a proof of concept for Prisma SD-WAN and considering whether to migrate from our existing solution. We are attempting to replicate our existing technology and duplicate that traffic.

In POC testing, we're able to communicate from one site to another perfectly.

Prisma supports all of the applications we're currently using. 

Prisma could be a little cheaper. 

We are currently evaluating Prisma SD-WAN and haven't implemented it yet.

I rate Prisma SD-WAN nine out of 10 for stability.

I rate Prisma SD-WAN eight out of 10 for scalability. 

I rate Palo Alto support eight out of 10.

Positive

We are using an HP solution. Prisma SD-WAN is easier to manage and has more features. 

It's very easy to set up Prisma SD-WAN. 

Prisma SD-WAN is a good investment. 

I rate Prisma SD-WAN 10 out of 10. 

We use this solution to enable better connectivity for utilizing the more available Internet broadband lines instead of the expensive MPLS lines.

The solution is deployed on the cloud. I'm using version 5.4.

There are 15 people using this solution in my organization, including network and security engineers. We currently don't have any plans to increase usage.

The reliability of the solution has improved our organization. We don't have any downtime unless there is a power outage. The network is more resilient and faster. It delivers applications in a timely manner. The performance has greatly improved due to the expansion of bandwidth and a reduction in costs. 

MPLS lines are the most expensive lines. After changing to a broadband line, the monthly cost of running the network is completely different.

Prisma SD-WAN also provides Panorama integration, although we haven't used it.

We use Prisma SD-WAN's event correlation and analysis capabilities to help minimize the number of alarms from a single event, but this is all done from the dashboard. This feature has made our network operations much more clear and more concise. Sifting through numerous alarms, especially if they're for related incidents, makes it cumbersome to focus on the problem that needs our attention.

Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud. It provides seamless integration with the Prisma core networks and traffic web filtering. This simplifies our WAN management. 

We're able to have one place where we can configure pretty much all of the features of our network. We can designate a device to use a certain set of features, policies, etc. It's just a matter of doing its local configuration and it's instantly on. We don't have to configure each device from scratch. We set the policy, upload the configuration, and that's it.

The move to Prisma SD-WAN definitely resulted in a reduction in outages because we usually have one WAN link. Regardless of whether the internet access is used from the hub site, ideally, Prisma Access allows us to have local internet access through the branch side. The benefits are numerous in that respect.

I like that the integration with Palo Alto is easy.

The dashboard is okay. The dashboard gives us enough flexibility to get the information needed so that we can act upon any issues or data that is represented. It serves our purpose for our use case. Like with any other product, it takes time to get acquainted with it.

The only con is the pricing because it's more premium. 

I have used this solution for less than a year.

It's a solid product.

Scalability is not an issue. We can have defined policies, defined routing, etc. Onboarding new sites isn't a problem.

I haven't needed to contact technical support in the past year. The product is performing well. From what I know from my colleagues, the support from Palo Alto is usually great.

I wasn't involved in deployment, but I was told that it was pretty straightforward. It became complex because they did a full-blown deployment and configured everything. Palo Alto did the POC.

If you're already invested in a Palo Alto product, it would be logical to use this solution. If not, there might be some other solutions that are more viable in terms of pricing.

I would rate this solution a nine out of ten. 

My advice is that everybody should do a proof of concept. First, read the basic white papers on Palo Alto. If the product seems to suit your needs, contact them and see what the POC will be and what the pricing will be like. The pricing is different for different companies. Larger enterprises get larger discounts. This also depends on how many sites will be incorporated. There are many factors. It's not a simple decision, but at least you know the product is good. It's on the premium end, but that's what Palo Alto is all about. If you want a top-notch solution, then Prisma is for you.

Our security team evaluated the solution and couldn't find any lacking features. I think it's suitable for large and complex enterprises.

We are using Prisma SD-WAN for testing and training purposes on our side. We deploy it for customers.

Our customers using Prisma SD-WAN have seen multiple unique benefits, including a complete application SLA. They can track application traffic flow and route traffic based on application slowness or round trip time, providing complete security and the best network optimization.

The most valuable features of Prisma SD-WAN are its ability to utilize Internet plus MPLS optimization path to route traffic as per the SLA, and its seamless integration with other security stacks.

The pricing model could be improved to make it more affordable for smaller companies.

The implementation of the solution is easy.

We usually help customers to implement the Palo Alto solutions.

Customers have seen significant ROI benefits.

Pricing can be an issue. Some customers may find it unaffordable due to their budget constraints.

We have another vendor providing an SD-WAN box within a price range of 10,000 to  20,000 thousand INR, suitable for budget-limited customers.

Integrating Prisma SD-WAN with third-party solutions is definitely required and it is recommended to utilize its AI capabilities.

Prisma SD-WAN is cost-effective and easy to manage. We have replaced all our MPLS connections with dial-up internet links. This will reduce our costs in place of ISP and is easy to manage. We can route the traffic based on the application. Sometimes, we used to route the package based on the user because some users want to use the internet. We are effectively using the solution for path manipulation for the users. We also have multiple tunnels whenever there is an issue or drop with one of the ISP tunnels.

We have a single dashboard to view all kinds of analytics. If we make Prisma SD-WAN as analytics, we can only see what kind of traffic is going and how much bandwidth it is utilizing. We can also see if there is high utilization from any particular link or application. Otherwise, we can configure Prisma SD-WAN as a control mode to use it as a routing protocol and for analytics. It gives you more insights about what kind of traffic is going, how much the consumption was, how we can reduce that consumption, and how we can apply that quality of service. If one of the sites is accessing more teams, our bandwidth will be utilized as a platinum application so that most of the bandwidth will be utilized for the team. Unlike traditional networks, it is very flexible, and based on the kind of application we are using, our bandwidth will be utilized.

It is flexible to use the internet connection via local breakouts without going to data centers. We don't need to install firewalls within the site to inspect the traffic. It will forward the traffic directly to the cloud so that the inspection will happen there for any unknown or unwanted traffic. This will also reduce the cost because we are not managing side-by-side firewalls. Your traffic will not go to data centers to inspect the outgoing traffic.

Prisma SD-WAN's technical support should be improved. When we have some issues, the technical support should be available on time, and the engineer should join to help us. It can increase the bandwidth capacity for some of the small branches. A warning message comes to us to notify us that something is going wrong, but we cannot understand that information.

Prisma SD-WAN can be automated so that our network will be faster and our work will be reduced.

My team has been using Prisma SD-WAN for the last two years, but I joined this project for the last six months.

Prisma SD-WAN is a stable solution.

I rate Prisma SD-WAN a seven or eight out of ten for scalability.

Prisma SD-WAN's support is good, but the engagement of the engineers gets delayed, or the right person might not join the call. The information should be made available on time. So we require very knowledgeable people in technical support to improve the customer environment and the network performance, as well as the operation team's knowledge.

Neutral

Prisma SD-WAN’s initial setup is very straightforward.

Prisma SD-WAN's deployment is completely based on the process. For example, one box running with a little older version was migrated from one of the sites to our site. So, it is running with a very older version, and our devices are running with a very higher version. Sometimes, the internet connectivity will not come up, and we have to connect to that Prisma cloud to get the diverse version to upgrade it.

Sometimes, the upgrade might take some time due to the heavy load on the cloud or a congested ISP. Generally, if you go for a simple configuration, it won't take much time. You simply configure basic ISP settings, and it will get the internet connection. It might not take more than 45 minutes.

You need console access. It's based on the ISP. If you have a dynamic ISP, you connect that ISP to one of the WAN links, and it'll get the IP address. So if you get the IP address, it automatically shows it online in the system in your domain. If that ISP is not dynamic and we have to manually configure the IT address, we have to take the console access. We need help from site IDs. It is not a drawback of the project, but it is something dependent on the ISP.

We used to open tickets because it was a completely new environment for every engineer and because it was hosted for the last two years. Whenever we had such challenges in the network at the architect level, we used to open a ticket. So we request the engineer to join and discuss our plans for what we want to achieve. They will help us with most things. Sometimes we might see some failure of changes as well, but most of the time, we succeed when we involve this Prisma SD-WAN tactic.

Prisma SD-WAN has layer seven capability to check how the traffic is going, but unfortunately, I do not have in-depth knowledge of that process. We have a workflow at the layer seven level. They have all kinds of analytics at layers three, four, five, and seven.

Prisma SD-WAN can automate many things, but we also need to have that kind of testing environment. We never use it in our environment because of our daily activities.

Network automation is the biggest thing in current evaluation in the network world. We have thousands of switches and network devices where we need to configure multiple configurations. So if you have automation in place, it will reduce the timeline, and we won't miss anything. If we do it manually, some people might properly follow the process, and others might not. So if the automation comes in place, only one person can push all the configurations to the respective devices so that we follow the standards.

We never tried using automation for network troubleshooting, but we tried much automation while provisioning some networks, like new installations. Troubleshooting will come with the packet capture directly. We do some packet captures, but as of now, we didn't automate those. We are looking for automation for provisioning things when new sites come into the picture. We want to automate without doing manual configurations.

The alarms make sure that we are checking everything on time and give us some flexibility to ensure that the device will not go down. So, the alarms might not reduce in the future, but they will give us a trigger point so that we check immediately what is missing. Those are mandatory alarms for CPU alerts. Every time there is a high utilization on the box, it will show some trigger. We'll understand why the CPU utilization was happening. They will show some information on the network regarding why the CPU is being utilized. We can ensure not to repeat that kind of scenario in the future. Sometimes, if the bandwidth utilization from the users is high, we cannot control those alerts. But when such kind of traffic utilization is high, we can increase the bandwidth so that we can reduce those alerts. If you take those steps effectively, then it will definitely reduce your alerts.

Prisma SD-WAN incorporates policy control for event correlation and analysis, which affects our admins' control over events generated on our network.

We have many path policies and QOS policies. It will show which is the better path that needs to be selected while the traffic was going. It also shows the next backup path, if one of the paths fails. We have to configure manually with the path policies, what kind of application requires minimum amounts of bandwidth. Those path policies need to be applied to the iron box. Whenever a user sends traffic via the iron box, it will select those path policies to make an effective decision.

Prisma SD-WAN's policy control for event correlation and analysis helps admins pinpoint issues. Whenever we log in and check, users complain about issues related to packet loss, and we have to load share the network manually. These automated path policies affect configurations. Sometimes, if the internet link keeps on disconnecting, we can see something on the analytics screen that packet drops are high.

Unlike traditional networks, you don't have any kind of analytics. The customer might not take third-party analytics because of the cost. So we don't know the visibility of checking those WAN links, and we simply rely on the ISPs to understand how the WAN link is working. They tell that there is no issue with the WAN links and everything is fine.

There might be some milli-seconds of packet loss which cannot be shown on the ping reserves. So this analytics gives a lot of information to the administrator to understand the issue. We can ask those people to understand this issue, and they can resolve those things by seeing those analytics. Prisma SD-WAN is the web solution that helps the administrator to understand the issue and resolve it.

Prisma SD-WAN enables branch services such as networking and security to be delivered from the cloud. They also have virtual solutions that they can provide, but we never use those virtual solutions.

Prisma SD-WAN is a very good product. It gives lots of benefits to the enterprise network by deactivating the costliest MPRS networks. Even non-technical people can understand the packet flow and easily see what is happening by seeing the analytics of the link.

Overall, I rate Prisma SD-WAN an eight out of ten.

The solution is used for multi-cloud and remote access for workers. On top of that is the CASB use case. We are going for zero-trust. If you want to implement zero-trust, this approach is very successful.

The mix between the normal gateway of my firewall and the other branches or the head office firewall is great. The gateway is available on the cloud which allows you to gain access from anywhere and still connect to your home gateway. 

Also, if I want to access a resource on the cloud, it can be accessed from the nearest EU tower data center right from London, not from here where I am.

Its connectivity and security are great.

The initial setup is easy.

I'm happy with it as it is. Maybe they could introduce some new features that make things easier. That said, for me, I didn't find it lacking in any major way. It gives me all that I really need. 

I'd like to see them move more towards CASB.

The solution does do a lot of frequent updating. 

I've used the solution for about two years now. Since they started, I've been using it.

The solution is both stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

We mostly deal with medium and large-sized organizations, specifically in retail and multi-national branches. It works well and can scale to meet the needs of businesses of that size. 

It should scale well. We don't have a large implementation - which I would consider as 100 branches or more. Until now, we've been able to handle 35 to 36 branches without issue.  It should scale. I haven't had issues yet in this regard.

Palo Alto support is good. We are an old Palo Alto partner. We're not a customer, however, instead, we have our own setup with Palo Alto. It's not a limitation. They're good. Technical support has been amazing for us. 

I have used both Prisma SD-WAN and Juniper Contrail SD-WAN.

We found the initial setup to be very simple and straightforward. it wasn't overly complex or difficult. 

That said, it depends on how many sites it allows and what the complications related to that might be. If your setup is not ready, and you need to work on it, normalize it, and baseline it, it could take longer. That's it.

For us, for 20 sites, it took us two days to complete with just one resource.

In terms of maintenance, we receive the updates automatically. This is scheduled for the weekends. It's non-disruptive. The updates are frequent. They happen frequently and mostly on the firewall, or the ION itself.

The solution is expensive. Its competitor, Zscaler, is far less expensive. It's half the price. I haven't however, tried it to compare them. 

It's sort of like iPhone versus Android. They are both phones, yes, however, I don't care about the money, I care about the product. I'll choose an iPhone even if it is more expensive due to the fact that I love the experience I get from Apple. The same is true with Prisma. It's not cheap, however, I really appreciate the service they offer. 

There are different ways they can deliver their services, and these have different costs associated. There's Prisma Access, Prisma SaaS, and Prisma Cloud.

We are a Palo Alto partner. 

We are a system integrator and not a customer. We're selling to customers right now.

We are using the solution with a SASE subscription, Prisma Access.

I've used both on-premises and cloud deployments. 

I'd recommend the solution to the users and companies. It comes with all the security and the good direct point to the cloud application as well.

I would rate the solution at a ten out of ten. It's a really great product.

Prisma SD-WAN is intuitive. We have a better idea of the different tools we can use and jump between the menus quickly. 

The tool needs to work on price and complexity. 

I have been working with the product for about two weeks. 

I rate the product a seven out of ten.