Coming October 25: PeerSpot Awards will be announced! Learn more
2019-06-24T12:13:00Z
Julia Frohwein - PeerSpot reviewer
Senior Director of Delivery at PeerSpot (formerly IT Central Station)
  • 0
  • 124

What needs improvement with Prisma Access by Palo Alto Networks?

Please share with the community what you think needs improvement with Prisma Access by Palo Alto Networks.

What are its weaknesses? What would you like to see changed in a future version?

14
PeerSpot user
14 Answers
DB
Network Security Engineer at a tech services company with 10,001+ employees
Real User
2021-12-21T12:40:00Z
21 December 21

I haven't seen any SD-WAN configuration capability. If Prisma Access would support SD-WAN, that would help. There are some trending technologies in networking with SD-WAN. SD-WAN is nothing more than optimizing your WAN. SD-WAN devices should be able to reach Prisma Access, and Palo Alto should support different, vendor-specific devices, not just Palo Alto devices, for SD-WAN configuration. Also, Palo Alto only provides corporate licenses. If they would give a license to a non-corporate email ID, for testing and a pre-trial, that would be really great for users to practice with it. Everybody could explore it. Or, for people who are not working in a corporate environment and who want to explore this kind of setup, it would enable that type of test access on a personal email account.

Saman Gupta - PeerSpot reviewer
Professional Services Consultant at Infinity Labs India
Real User
Top 20
2021-12-15T20:27:00Z
15 December 21

The Cloud Management application has room for improvement. There are a lot of things on the roadmap for that application; things are going to happen soon.

TejasJain - PeerSpot reviewer
Sr. Cloud Security Architect at Deloitte
Real User
Top 10
2021-12-05T23:23:00Z
05 December 21

It is a managed firewall. When you run into issues and have to troubleshoot, there is a fair amount of restriction. You run into a couple of restrictions where you don't have any visibility on what is happening on the Palo Alto managed infrastructure, and you need to get on a call to get technical assistance from Palo Alto's technical support. You have to get them to work with you to fix the problem. I would definitely like them to work on the visibility into what happens inside Palo Alto's infrastructure. It is not about getting our hands onto their infrastructure to do troubleshooting or fixing problems; it is just about getting more visibility. This will help us in guiding technical support folks to the area where they need to work.

Clement Johnson - PeerSpot reviewer
Chief Executive Officer at Clemtech LLC
Real User
Top 5Leaderboard
2021-11-03T14:01:00Z
03 November 21

Prisma should implement industry updates in near real-time. Also, Prisma's integration between operational technology and IT should be more seamless. Right now, it requires additional setup and maintenance.

Max Islam - PeerSpot reviewer
Associate Director at Cognizant
Real User
Top 20
2021-09-24T08:14:00Z
24 September 21

The challenges we have faced are not connected with Prisma's core fabric, but more with the end-user. To use the GlobalProtect client and meet all the requirements, your laptop or your end-user system has to be at a point where things are up to date. It's not really Prisma's fault, but when you try to create exceptions you don't really have those abilities. You cannot say, on the management platform, "Hey, for these users I want to create these exceptions." That is one thing that I have gotten some complaints about, and we have faced some challenges there. It's always a challenge when people at the executive level start complaining because they're using the latest version of the MacBook Pro and it's not playing very well with Prisma.

PRAPHULLA DESHPANDE - PeerSpot reviewer
Sr. Security Analyst at Atos
MSP
Top 5
2021-04-03T15:37:28Z
03 April 21

There can be some latency issues with the solution that should be improved.

Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
634,325 professionals have used our research since 2012.
Naresh Pratap - PeerSpot reviewer
Senior Network Security Lead at a tech services company with 10,001+ employees
Real User
Top 20
2021-03-29T19:07:59Z
29 March 21

Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well. We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR. The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server. Technical support could be a lot better.

EW
Head of Pre-Sales at a tech services company with 51-200 employees
Real User
Top 5Leaderboard
2020-12-30T14:20:10Z
30 December 20

When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.

Gregory Anderson - PeerSpot reviewer
Endpoint Security Manager at Catholic Health Initiatives
Real User
Top 10
2020-10-06T06:57:36Z
06 October 20

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes. The scaling can be a bit tricky, depending on the setup.

AA
Senior Security Architecture Specialist at a computer software company with 201-500 employees
Reseller
Top 20
2020-09-27T04:10:13Z
27 September 20

It is integrated with the MDM solution but it is not a VPN, so this is something that can be improved. Better integration with the MDM solution would be useful.

PS
General Manager - CyberSecurity Practice at a aerospace/defense firm with 1,001-5,000 employees
Real User
2020-06-25T10:49:26Z
25 June 20

I would like to see an increase in third-party integration, in terms of identity and access management, or strong authentication.

CR
IT Security at a real estate/law firm with 1,001-5,000 employees
Real User
2019-07-17T07:31:00Z
17 July 19

I would like to see better pricing and an easier logging process. Also, if there was a way to log a global log, everything could go onto the system. It would be better if there was a third log, otherwise one would have to do everything manually.

PT
Consultant at a political organization with 201-500 employees
Consultant
2019-06-26T05:25:00Z
26 June 19

The dependencies of applications sometimes are a bit confusing. All the dependencies you have between applications can be confusing when you fill in things. It's mostly the configuration with the different applications. Extra guidance in using applications and things like that might be helpful. In terms of features, at the moment, the features we use are all in there. But we don't even use the full feature set at the moment. So I don't really have any need for anything else. For now, there's not really anything missing.

MM
Director at a tech services company with 51-200 employees
Real User
2019-06-24T12:13:00Z
24 June 19

They could improve the proactive service on this application and application tracking in their next release. Their next release should provide solutions for the mobile environment.

Related Questions
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Oct 17, 2021
Why?
See 1 answer
17 October 21
We looked into Prisma Access before choosing Zscaler Private Access (ZPA). Palo Alto’s Prisma Access is a secure access service edge (SASE) designed to deliver network security in a cloud-delivered infrastructure. One of the advantages of Prisma Access is its vast network, with over 100 locations worldwide. We liked that it is customizable, and you can manage your security policies with dedicated cloud instances. Prisma Access’s features stack is similar to other perimeter firewalls, including SSL encryption/decryption, data loss prevention security, and sandbox. It simplifies work between branches via the Prisma Cloud, so it’s better suited for large enterprises. It also provides encrypted traffic flow between branches. However, it won’t work well with remote workforces because it creates network latency. ZScaler (ZPA) was a better fit for us because of its zero-trust approach. ZPA is user- and application-centric and creates a segment for each user. Therefore, only authorized users have access to private applications. We like that it is easy to use - for example, connecting to the Internet via a VPN. It secures the data, restricts access to non-secure websites, and adds a layer of security when connecting to the internet. It works well for a small company or remote workforces. The downside is that ZPA doesn’t let you see private IPs, which is more difficult for IT admins. Also, sometimes it can block third-party services. Conclusions ZScaler Private Access is a good solution for companies that want to deploy zero-trust architecture. It is better suited for companies that have adopted a remote workforce model, and for small and medium businesses. Prisma Access, in my opinion, works better for large companies and enterprises.
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Dec 15, 2021
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 11 answers
MM
Director at a tech services company with 51-200 employees
24 June 19
Palo Alto is not a cheap product. It's expensive because they provide very good technology.
PT
Consultant at a political organization with 201-500 employees
26 June 19
I think that the Palo Alto solution is very good. The licensing in comparison to other competitors is not really an issue. The price is not low but you can't compare with all the premium firewalls in its range. The licensing cost is about 18,000 euros.
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 26, 2022
PeerSpot’s popular crowdsourced user review platform helps technology decision-makers around the world to better collaborate with peers and other independent technical experts to provide advice, share knowledge and expertise without vendor bias.Our users have ranked numerous popular solutions according to their valuable features, and have also made suggestions on where they see room for improve...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Hi community members, As usual, this new Community Spotlight shares with you the latest articles, questions and trending discussions from your peers. Trending See what is trending at the moment and chime in to discuss! Top 8 Extended Detection and Response (XDR) Tools 2022 Would you recommend replacing Cisco ASA Firewall with Fortinet FortiGate FG 100F due to cost reasons? What is the...
See 2 comments
Ravi Suvvari - PeerSpot reviewer
Performance and Fault-tolerance Architect with 1,001-5,000 employees
30 May 22
Good very informative
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
11 July 22
Analyze the wave of product at Gartner Hype Cycle. EDR was good in the past. After that, MDR joined the hype and now, XDR is the trend. Wait for more in a couple of months and (sic) know the ZDR!
Related Articles
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Apr 26, 2022
Top 5 Enterprise Infrastructure VPN Solutions 2022
PeerSpot’s popular crowdsourced user review platform helps technology decision-makers around the ...
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jul 11, 2022
Community Spotlight #14 - Top XDR Tools and More
Hi community members, As usual, this new Community Spotlight shares with you the latest articles...
Download Free Report
Download our free Prisma Access by Palo Alto Networks Report and get advice and tips from experienced pros sharing their opinions. Updated: September 2022.
DOWNLOAD NOW
634,325 professionals have used our research since 2012.