The question is very broad and it is difficult to answer it like that.
The best approach for benchmarking is of course to first describe your needs ad your limitations! The best solution for the one is not the best for another...
how many segments do you want to deploy now and what is the forecast?
Is there an installed-based (FW for example) that you can use in the solution?
Do you need some application signatures recognition?
What are the security features I want to implement?
What are the licensing mode and its impact on your budget are basic questions you need to answer.
What if the licensing is bandwidth-based and that you know you will need to upgrade your links? Is your budget still ok?
Also at the operational level, what team do you have, do they have the skills to manage or do you need to outsource? All the elements of SD-WAN and security must also be perfectly integrated. I personally would rather have a single pane of glass than a lot of systems to manage.
I hope this answer can help you to find the solution that matches your needs.
Best Regards
Search for a product comparison in Software Defined WAN (SD-WAN) Solutions
Product Management - Enterprises Managed Services at a comms service provider with 501-1,000 employees
Real User
Dec 12, 2021
Hi Matilde,
You may first install an EP client solution at your remote users' endpoints with a combination of SSL-VPN with auto-connect control after the first login, which is supporting your central physical DC firewall and you may route their access to cloud apps through central firewall only (including the internet for allowed sites at the firewall). Make sure your central DC router/firewall is UTM-enabled.
ENTERPRISE MANAGEMENT SERVICE with SSL-VPN can be used to split DC, cloud traffic to reduce traffic load on DC bandwidth and secure access through ZTNA.
Multifactor authentication (integrated with AD, RADIUS SERVER) can be added for add-on Security authentication for critical internal apps.
Alternatively, if it is a pure cloud solution, you may go for SASE (Secure Web Gateway) solution. All traffic is authorized at SWG as per policy. It is maturing now and costlier than the previous solution with less control in your hand than the previous solution.
The client remains the same, license and implementation are different.
Find out what your peers are saying about Fortinet, Cisco, Palo Alto Networks and others in Software Defined WAN (SD-WAN) Solutions. Updated: April 2026.
Software Defined WAN (SD-WAN) Solutions are advanced networking tools designed to optimize and manage wide area networks by utilizing software-defined technology. They prioritize application traffic, enhance performance, and increase security for enterprises.
These solutions are rapidly transforming how organizations manage their network infrastructure by simplifying the complexity of a traditional WAN setup. SD-WAN enhances the user experience by providing seamless connectivity...
Hi,
The question is very broad and it is difficult to answer it like that.
The best approach for benchmarking is of course to first describe your needs ad your limitations! The best solution for the one is not the best for another...
how many segments do you want to deploy now and what is the forecast?
Is there an installed-based (FW for example) that you can use in the solution?
Do you need some application signatures recognition?
What are the security features I want to implement?
What are the licensing mode and its impact on your budget are basic questions you need to answer.
What if the licensing is bandwidth-based and that you know you will need to upgrade your links? Is your budget still ok?
Also at the operational level, what team do you have, do they have the skills to manage or do you need to outsource?
All the elements of SD-WAN and security must also be perfectly integrated. I personally would rather have a single pane of glass than a lot of systems to manage.
I hope this answer can help you to find the solution that matches your needs.
Best Regards
Hi Matilde,
You may first install an EP client solution at your remote users' endpoints with a combination of SSL-VPN with auto-connect control after the first login, which is supporting your central physical DC firewall and you may route their access to cloud apps through central firewall only (including the internet for allowed sites at the firewall). Make sure your central DC router/firewall is UTM-enabled.
ENTERPRISE MANAGEMENT SERVICE with SSL-VPN can be used to split DC, cloud traffic to reduce traffic load on DC bandwidth and secure access through ZTNA.
Multifactor authentication (integrated with AD, RADIUS SERVER) can be added for add-on Security authentication for critical internal apps.
Alternatively, if it is a pure cloud solution, you may go for SASE (Secure Web Gateway) solution. All traffic is authorized at SWG as per policy. It is maturing now and costlier than the previous solution with less control in your hand than the previous solution.
The client remains the same, license and implementation are different.