Prisma Access by Palo Alto Networks Reviews

We are a small team of ITOps Engineers. With Prisma, we can manage all our Edge Network Infrastructure (Mobile Users, Remote Networks, and Data Centers) in one location.

We also decommissioned our  legacy MPLS connections and moved to VPN. If we need to expand to more offices, different countries, and different regions, it would be much simpler to do it with Prisma Access because the only things required are an internet connection and a pair of firewalls. 

On our IT team, we now have a single interface (using Palo Alto Panorama) where we can monitor our whole infrastructure. The office and Data Center Firewalls, as well as, the Remote User VPN, forward all the traffic to the Prisma Access Infrastructure. There we can apply deep packet inspection and allow or deny traffic, and also apply additional security features like threat prevention, DNS security, malware and anti-virus protection etc.

For remote users, the VPN connection is more secure and much faster than the legacy solutions. Some of our users are located in different European countries. Now they can pick their closest location and connect to a VPN "concentrator" near their region. Whereas before, they needed to connect with one of our data centers in the UK. 

Since everything is connected to Prisma, now we are able to be more proactive, detect end-user or site connectivity issues much faster. Before we were running multiple applications (NMS, Syslog, Netflow) that required a lot of engineering overhead to manage those, but also to extract the information needed. Now a lot of those tasks can be picked by the Service Desk team. 

In addition, similarly to any other Cloud "Platform" the administrative tasks have been dramatically decreased. The upgrade process is very simple compared with any on-premise solution.

I don't think we have actually fully utilised all the functions of Prisma yet. The main concept of Prisma Access is what really help us to transition our infrastructure from a legacy and complex approach to a more simple and easy to manage and maintain one.

Prisma Access has three major components / connections: 

- Remote connections: The links to the Remote Offices 

- Mobile Users 

- Service Connections : The links to the Data Centers. 

You connect everything by establishing VPN tunnels with the Prisma Access Infrastructure. Prisma is now the “brain” of the infrastructure. All edge devices send all traffic to Prisma and Prisma has the knowledge to route the traffic to the correct destination. In addition you can also apply all the additional security features a NGFW can offer. 

Since this is a cloud platform you can easily scale up adding more mobile users or new remote offices. Prisma will simple auto-run (if needed) additional instances in the cloud to support your load 

Also,  because everything's on the cloud, we don't have to worry about patching; we get all the new features as they come in. One of the biggest problems for us used to be to upgrade our VPN application. Now, it can be done with a click of a button. The administrative overhead has been reduced, and we are able to focus on things that actually matter.

The only drawback at the moment is that a “Cloud” solution like Prisma Access requires Palo Alto Panorama, which is normally a VM that sits in your DataCenter. Panorama is used for monitoring and mainly for configuring the different components of Prisma Access.

For the configuration part, Palo Alto has recently introduced an equivalent cloud application, but not all features are available yet. Also at this moment if you enable Prisma Access with Panorama you cannot migrate to the Cloud version.

I've been working with the Palo Alto team since the beginning of the year (2021), when we started the initial setup. It took us around 2 months (multiple weekly sessions) to complete the setup. And the last 2 months we are fully utilising the Prisma components (Remote Networks, Service Connections and Mobile Users)

We have utilised Prisma Access for the late couple of months. Now we are in the process of migrating all our Remote users from the on premise Firewalls to the Prisma Access VPN as a Service solution. 

Over this period we haven't faced any connectivity issues. Prisma Access underlying infrastructure is high available and scalable. 

As any major Cloud Vendors line Google or AWS we may face outages in the future, but we havent experience any problems yet. 

As with any infrastructure where the managent plane is in the cloud, we can know schedule an upgrade and the Prisma will take care the rest. No more complicated upgrade processes that could lead to outages and downtimes. 

A few days ago the Prisma Access dataplane was upgraded. We had zero downtime and the auto-procwss went smoothly (as expected).

As for scalability, you can easily bring more users to the platform; you would just need to buy additional licenses.

There is no need for purchasing new and more powerful hardware. Palo Alto will scale your platform up to support your infrastructure.

Simple integration with LDAP, SAML can help us to provision 100s of users quickly and onboard more users are the company is getting out of the pandemic freeze period.

I think Palo Alto has great technical support in terms of the time of response and the efficiency of response.

Over the past few months we raised multiple tickets (P2-P4). On all of them the responses were quick within the SLA timelines. All the support Engineers had deep knowledge of the product, and always went above and beyond not only by fixing our issues, but also by trying to explain us why was misconfigured or what actually went wrong. Everyone had great communication skills, they were patient and listening our needs and requirements.

We used local Cisco ASA Firewalls that were located in our two UK offices.Normally we had around 10-15 % of our users working remotely. During the pandemic we had to setup around 500 users to connect to the VPN. Unfortunately our ASAs had limited capabilities (250 max users for the 5515-X and 100 for the 5508-X). Our temporary solution was to use the AWS VPN solution for the remaining users. 

At that point we realised that we need a flexible and scalable solution. In addition the company has embraced the cloud first approach a few years back by moving all our servers to the cloud, so utilising a VPN as a Service (offered by Prisma Access) was an expected next  step. 

In my team there are Cisco certified engineers and we have been using Cisco products for many years, but for my opinion when it comes to security and NGFWs, but they haven't reached the level of Prisma Access by Palo Alto Networks. I believe Palo Alto is the key player in the market. 

We had a mixture of different applications and vendors, and we wanted to merge everything under Prisma Access. The terminology is a bit different between Palo Alto and Cisco ASA, and between their local firewalls and the Prisma Access firewalls. It took us about a month to wrap our heads around it and understand how things worked. Once we did that, it was easy to implement. We have gradually migrated all our services. We did our MPLS and the connection to AWS, and now, we're slowly migrating the users. No one has noticed, so it has been seamless.

We don't have a big infrastructure and did the migration piece by piece, and it was really easy and seamless.

To set up the infrastructure with the team, it took us less than a week. The gradual migration took us three weeks, but the basic setup takes less than a week.

We used the Palo Alto professional services, which mainly help us though multiple Zoom sessions to understand all the Prisma components and also to configure the core Prisma setup. The fine tuning was done by the in-house team. 

We had a great experience. All the Palo Alto consultants had a great knowledge of the product and they were very helpful, making it very simple for us to understand this new Platform. They were never leaving any questions unanswered and they were always providing accurate documentation and references for my team to get the required knowledge and to understand / follow up during the Setup.

I think the ROI has been good. We no longer need people to maintain the whole infrastructure, and we do not need to spend money on different services that we no longer use like MPLS or other kinds of support.

Also, the fact that we can quickly scale up without worrying about buying additional licensing is great for us.

The price has been good for the ROI during these difficult times for the cruise industry. With Prisma, you need three types of licenses

- Palo Alto support

- Number of Remote Users that are connected to VPN (concurrent connections)

- Total Bandwidth between Remote Sites offices and Prisma. If you have three or fewer DCs then you don't have to purchase additional connections or bandwidth.

There are no hidden costs; what the product offers is what you get.

We didn't run any PoC with other vendors. Before we were introduced to Prisma Access we were thinking of moving also our Firewalls to Meraki (as we will do with our switches). I believe no other vendor can offer what Palo Alto with Prisma provides, at least at this moment.

In my experience, Prisma Access is a great platform. However, since SASE is a new fairly new concept, it was a bit confusing to understand all the  different components and how all of them work together. On top of that if you are not very familiar with Palo Alto firewalls and especially Palo Alto Panorama, additional training would be recommended. Of course the same concepts of a NGFW from any other vendor are applied. 

 Once you grasp how Prisma Access works, then it's really a piece of cake to set everything up.

For example, we are a small team of three people, and I'm the senior network engineer. My VPN knowledge was not good because we've mainly had MPLS. Still, it was very easy to set everything up.

You setup everything through the web GUI (Palo Alto Panorama). You don't need to know a lot about CLI. With Cisco devices, you have to be an expert in CLI to set up a few things.

On a scale from one to ten, I would rate Prisma Access by Palo Alto Networks at ten because it's an innovative product. They “invented” the whole concept (SASE), and they're way ahead of other competitors.

One of the main advantages we have found of Prisma Access is that it has gateways across multiple continents. Due to that, many users can connect from different parts of the world will be able to access everything very fast. Also, internet access through VPN has become much simpler in getting the traffic to our on-prem data center.

The main example is my particular client that has employees working from different parts of the world - Malaysia, Singapore, India, Europe, and even the Middle East. The use of multiple continental gateways has helped us a lot. The users who are working in different parts of India can connect to different gateways. There are four gateways, including in India itself, the Middle East, and Europe as well.

The WildFire Analysis is one of the good features we observed. Due to the fact that the traffic from the user to the internet is not passing under our on-prem, there is generally less control over it. With the help of WildFire Analysis, we are able to make sure the users are not downloading or accessing any malicious sites or any malware or anything.

The use of Microsoft Teams from a VPN used to give some issues earlier, however, with the Prisma Cloud, that has improved quite a lot. Even if you're tunneling the traffic of MS Teams through this Prisma terminal, there has been no issues yet. The VPN access it allows for is great.

The stability of the solution is very good.

The scalability of the solution is excellent.

Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well.

We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR.

The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server.

Technical support could be a lot better.

We have deployed the Prisma solution and environment almost six months ago and we have been using it for the last six months.

The solution is very stable. It doesn't have bugs and glitches. It doesn't crash or freeze.

So far, we haven't observed any such issues. We have been closely monitoring for the last six months but there have been no issues with latency or anything. The only thing we are worried about is that what if something goes from the cloud if the cloud set up as an issue. So far, we haven't encountered such an issue yet, however, the client is always worried about that point as all these things are happening externally to our own firm. That said, so far it hasn't given any trouble.

Scalability-wise it's a very good solution as we will be able to increase the number of users or decrease the number of users or even the bandwidth. Scalability-wise it's a perfect solution.

This solution is used by little over 8,000 users in our intranet and the user roles span from high-level management up to the contacts and their employees who are supporting the calls and the suppliers for the telecom. It is being used by a lot of different variety of users, management, IT, admin, business users, call center users, everyone.

When we decode, we decode it for 10,000 users. So far, we haven't increased it yet. In the future, if our number of user accounts increases or if the Work from Home situation due to COVID continues, then maybe our client will think about increasing it.

Technical support for this solution is via one of our third-party vendors. One problem is that the third-party vendor is not able to resolve all the issues. They will have to go to Palo Alto technical support via their exclusive support. One problem is ASP. Palo Alto is taking a lot of time for coming online and supporting that could be for a minor issue or a major issue. The time taken by Palo Alto Support to get online and support us has been a pain area. We're not really that satisfied.

Before Prisma, we were using the Palo Alto on-prem solution, Global Protect Solution. We had Palo Alto firewalls in our on-prem which we were using for VPN and before that, we used a few VPN solutions.

The initial setup was a mix of difficult and straightforward. We did the deployment in phases for users across different continents. By the time we finished the deployment, which took nearly six months, it was in our case a stable solution and simple to use as well. However, it took a while as we were working on different continents and moving from one to the other in a particular order.

The team was a combination. The team was a combination of one of the vendors in Malaysia and my team, who's from a client end. So there was a total of seven members in the team.

Our implementation strategy was as follows: we already had one Palo Alto Global Protect Retail Solution, so it was not big trouble for us to migrate it to a cloud. We started implementing, planning the redundancy for such two different sites. We established the IP set terminals with our two different sites, which will terminate from the cloud to Palo Alto VPN Box on our on-prem. Then, we gradually migrated the users from on-prem to the cloud.

In terms of maintenance, first of all, we have to keep on monitoring it. If there is something wrong with the cloud, we will have to get the alert and act accordingly. Maintenance-wise so far we have increased the bandwidth for internet links. At that time we had set up redundancy and there was no trouble with that. Apart from that, so far, no other maintenance has been done.

We had a vendor assist us a bit during the implementation.

I can't speak to the licensing costs. We had a two-year license, which we are still on.

We're just customers and end-users.

We are using a SaaS version of the solution.

I will definitely recommend implementing this product as it has a very good scalable solution. Considering this work from home scenario in COVID, it is one of the best solutions one can implement. However, my advice would be to make sure you have enough internet bandwidth while implementing and also make sure there is site-level redundancy at your end. If you are a client then you won't implement it. Make sure there are two separate IP set terminals published from the client to your end. That way, if something goes wrong, your internet goes down or something, the VPN will be accessible.

One good lesson I have learned is that earlier in my thought process related to VPN was very narrow. I never thought that you can put it across multiple continental gateways and allow users to access it so fast. 

I'd rate the solution nine out of ten.

We primarily use the solution for mobile users and mainly mobile laptops. In some cases, we use the solution for cloud tenant portals in Azure. We use it to connect those back into the network.

Overall, it's a great solution that works quite well.

The solution's most valuable feature is the posture checking. 

It's great that we can make sure a machine meets the minimum requirements before users are allowed to log in.

The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes.

The scaling can be a bit tricky, depending on the setup.

I've probably been using the solution for four years at this point.

The stability is quite good. We haven't had any issues in that sense. It's reliable. There aren't bugs or glitches. It doesn't fail.

The solution is scalable. However, it's more of kind-of piecemeal scalability. I didn't actually deploy it. I just know a lot about it. It depends on how your network is set up. If you have a single egress, it's easy. If you have 70 egresses, it can be very, very difficult. 

You may have those many email egresses because you're geologically spread out and you need people to connect with certain portals based on where they are. Of course, we want users to connect to their closest portal. There's complexity there and the cloud doesn't really solve it because the cloud still has to do load balancing and hand it off to the concentrator.

On average, we have about 8,000 users between IT, finance, HR, and, of course, house and home users. 

I can't speak to the acceptability of technical support. I've never had to contact them.

We were using AnyConnect. It was limited in terms of egresses, so we decided to switch.

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

I don't deal with licensing in the company. I'm not sure what the pricing is.

My understanding is that it's a bit more expensive only because it's part of the framework of the Palo Alto solution. It's more sensitive than if we just went and got some free VPN or some ad hoc solution, and so it's a bit more costly.

We're just a customer. We don't have a business relationship with the company.

I'd advise others that the solution is largely based on the complexity of your environment. It's not that deployment's difficult. It's just that you want to put it where it's most efficient. You've got to take the time to figure out where your users are and how they connect and where they're connecting from.

Overall, I'd rate the solution eight out of ten.

It can be used for remote access to web applications and to grant secure access to users.

I've mainly used their solutions for VPN connections from mobile devices. 

It's quite reliable and performs well for users.

It wasn't so satisfying to work with it. There is room for improvement in the policy management. It is difficult to cover the entire scenery through Palo Alto products. 

In future releases, more focus on integrations would be beneficial, along with improvements in policy management.

I am familiar with this product. 

It seemed quite a stable product. 

We have a couple of customers using this solution. 

The initial setup was relatively easy, but there were complexities due to the policies we had to generate. 

I was more of a user than an administrator. However, the deployment process seemed quick.

Primarily setting up the software. The team involved in the setup handled the rest.

One person is enough for the deployment. 

From the management side, I'm sure there are several people involved. From an end-user perspective, it's very simple. It likely doesn't need more than one person to manage it.

Overall, I would rate the solution a seven out of ten.

I use the solution in my company for our remote workers and branch access.

The product's price is an area of concern where improvements are required. The solution's price should be lowered.

Our company faces some issues during the product's configuration phase. The product's configuration part is slow and not very effective. In my company, we have to change the configuration multiple times to make it effective. The configuration part of the product can be improved.

The product's support team needs to improve the quality of services offered.

I have been using Prisma Access by Palo Alto Networks for a year.

Stability-wise, I rate the solution a seven out of ten.

Scalability-wise, I rate the solution a ten out of ten.

The product is suitable for medium to large-sized companies.

I have experience with the solution's technical support. I rate the technical support an eight out of ten.

Positive

I have experience with Fortinet FortiEDR.

The product's initial setup phase is simple.

The solution is deployed on the cloud.

The solution can be deployed in a couple of hours.

Zscaler is a good product. In terms of features, Prisma Access by Palo Alto Networks and Zscaler are at the same level. Prisma Access by Palo Alto Networks may have an advantage over Zscaler in terms of security. Palo Alto Networks comes from security vendors, and Zscaler is available from cloud vendors. When it comes to simplicity and connectivity, Zscaler is better than Prisma Access by Palo Alto Networks.

The product is secure for remote workers since it has many cloud-based facilities that can offer protection.

The product can provide improved access to those clients who do not directly go to SaaS applications but prefer to use such applications via Prisma Access since it provides security policies to help secure the network traffic.

For security needs, the product's security profile is good.

I have experience with the product's GlobalProtect VPN feature, and I feel that it works fine. The feature also allows the customer or client to go through a tunnel to Prisma Access.

The integration of Prisma Access with Palo Alto Networks can provide a better security posture. The integration of Prisma Access with Palo Alto Cortex XDR is the best, especially when our company sends the logs from Prisma Access to Cortex Data Lake. My company gets a full view of the attack part, consolidation, and timeline of the attacks in Palo Alto Cortex XDR.

I recommend the product to those who plan to use it.

I rate the tool an eight out of ten.

This solution helps us with visibility of the data stored in the cloud and it even scans our files. If a user is trying to upload any kind of malware file or a script, Prisma SaaS scans those files and helps us identify anything malicious. If it finds something, it directly cleans the file. We are partners with Prisma SaaS.

I've evaluated multiple solutions on the market but to quarantine and clean a malware file is something I haven't seen anywhere else. It's a great feature and provides a lot of security.  

I would like to see a hybrid model which has API plus in-line security, where the user's data is controlled via an API call and also controlled in-line. 

We been using this solution for over a year. 

We've never had any issues in terms of stability. 

In terms of scalability, we initially went with the out-of-the-box solution which was able to support around 40 to 50 users and it was fine. There was no need for any add-ons. We now have a license for 200 users and it scales well. 

Technical support is responsive. We contacted them a few times and they were helpful. 

The initial setup was straightforward. It was completely on cloud and easily activated, and we were up and running quite quickly.

The licensing of this solution is a little expensive and is paid on an annual basis. 

If a company is looking for an API-based technology to control their SaaS data uses and user access, then Prisma SaaS is a good product but if they're looking for a complete CASB solution, then this is not suitable. The solution provides a lot of security but when you look at it in terms of the high cost for licensing, then it is not cost effective to spend that amount just to protect the data stored by the user.

I rate this solution a six out of 10. 

I am an integrator. Prisma SaaS is the most preferred solution among our customers — my customers really like it. Currently, I have three customers that are using this solution. 

Many of my customers work in the financial sector. Prisma SaaS is a top-choice solution for customers who are looking for more flexibility and secure edge points. Prisma Saas has taken big steps to please its customers. It's a cloud-based solution and cloud security is at the edge of the market. The Coronavirus and the pandemic pushed the market to the cloud.

Prisma SaaS is very easy to use; it's common sense — it's the best-in-class.  

Palo Alto is always up to the challenge. It works great with the Oracle Cloud; other SaaS solutions don't always work with various clouds. Prisma Cloud is the best. My customers love it; they all use it in various ways.

I have been using Prisma SaaS for roughly two years. 

Prisma SaaS is very stable. Palo Alto is leading the market in terms of security solutions. Other security providers are slow and a year behind Palo Alto. By the time they catch up, Palo Alto will already be working on new questions. 

This solution is very scalable. I can't think of another solution that functions better. It's very flexible — that's one of the reasons why it's more expensive than similar solutions. 

Palo Alto offers great support to their partners — we're a partner. Their support team is very knowledgeable. 

I am Russian and Ukrainian. Palo Alto provides me with support in English. My customers are not English speakers, therefore, I act as a translator for them when I communicate with support — from English to Russian and then back. 

Installation is simple. There are a few steps involved but with help from customer service and some simple troubleshooting, it's not too bad.  

I have fully installed this solution for three customers. Depending on the project, you'll need anywhere from one to three engineers. Installation and configuration also depend on the cloud that the customer uses. 

Prisma SaaS is more expensive than similar solutions but I think it's worth it. 

If I were to choose a low-cost solution for another vendor, it wouldn't be as effective. With low cost comes low usability and low effectiveness. 

I would highly recommend Prisma SaaS to others. Speaking as an ambassador for Palo Alto and Prisma access, it's the best solution on the market. Overall, on a scale from one to ten, I would give Prisma SaaS a rating of ten. 

The price is my only concern, otherwise, Palo Alto is the best. Still, every year, Palo Alto lowers the price of its solutions. 

We use the solution to secure and monitor our traffic to the cloud. We are able to route traffic where we need it to go and It provides us with secure direct connectivity to our cloud application console.

There are plenty of features this solution provides and the most valuable would be the complete security protection we are receiving. We are provided with similar security that the Palo Alto AWS solution has. This includes features such as a firewall and machine learning AI. The cloud server provides maximum uptime, controls, and overall strong security. 

I have received a lot of good client user experience from the solution.

There can be some latency issues with the solution that should be improved.

I have found when comparing this solution to others it is very stable.

The solution is scalable. We definitely plan to increase usage, many people are working from home and this solution makes sense being in the cloud. We encourage our organization to utilize the solution to its maximum potential.

Whenever we had to use the technical support they have been very knowledgeable about the issue we were facing.

I have used other solutions in the past and this solution has better security and conductivity in the cloud environment.

The initial setup is straightforward.

We did the implementation ourselves. The full implementation can take a while, it typically does not take more than a few days. However, the time is dependant on the environment in which the solution is being implemented. It should not take more than 20 days. 

Since this is a cloud base solution it does not require a lot of maintenance. The updates are done from the company side.

The solution requires a license and the technical support has extra costs. The licensing model could improve.

I have learned that moving operations to the cloud is a good thing. 

I rate Prisma Access by Palo Alto Networks a nine out of ten.