How our Compare the Market Quiz can help you find the best fit SD-WAN Vendors
- Answer 10 questions to find out which SD-WAN solution fits your business
- Learn why each solution is a match for your business
- Used by companies including CDC, Permira, Square Enix, British Legion and more
- Totally free to use without commitment
Introduction
In recent years, traditional WAN architectures like MPLS haven't been able to keep up with systems becoming more distributed via the cloud. A flexible successor, SD-WAN is the cost effective, cloud-friendly solution. The market has progressed from not only providing multiple transport types, application-aware traffic steering and centralised orchestration but now encompasses advanced security integrations, SASE incorporation and artificial intelligence/ machine learning functionality.
Gartner's annual reporting via the form of the Magic Quadrant defines the scope of top SD-WAN vendors by comparing each vendor's completeness of vision against its ability to execute. By considering Gartner's Magic Quadrant, IT decision-makers can begin to identify the vendors best suited to their specific requirements.
Gartner's Evaluation Criteria for SD-WAN Vendors
The Gartner Magic Quadrant analysis is based upon several factors that SD-WAN vendors offer the market. These can be considered either a must-have or optional dependent on the feature's importance for different use cases.
Must Have Features
| Category | Capabilities | Description |
|---|---|---|
| Software | Replace a branch router | Support for protocols such as Border Gateway Protocol (BGP). |
| Software | Application-aware dynamic path selection | Traffic steering across multiple interfaces such as broadband or cellular networks. |
| Software | Virtual private network (VPN) | Secure tunnel into network. |
| Form Factor | Proprietary and Third Party deployment | Can be deployed on either same branded hardware appliances or third-party hardware. |
| Form Factor | Public cloud deployment | Integration with the cloud. |
| Orchestrator | Zero-touch | Remote configuration management availability after deployment. |
| Orchestrator | Management | Supports management of policies. |
| Orchestrator | Visibility/Analytics/Troubleshooting | Provides monitoring functionality. |
Optional Features
| Category | Capabilities | Description |
|---|---|---|
| Security Capabilities | Advanced on-premises security | Includes firewalls, URL/content filtering, antivirus, sandboxing. |
| Network Functionality | WAN backbone | Interconnects all parts of a network for enhanced internet functionality. |
| Network Functionality | Application performance optimisation | FEC, packet duplication, WAN optimisation, SaaS optimisation |
| Additional Capabilities | Extended orchestration | Beyond SD-WAN to include WLAN/LAN/security forming SD-branch |
| Additional Capabilities | AI networking support | For proactive incident detection and management |
| Additional Capabilities | Software-only solution | Deployable on any end-user device for remote users |
Leaders in the SD-WAN Market
The following vendors have been identified by Gartner as leaders in the SD-WAN market. This indicates that they have a high level of both completeness of vision and ability to execute.
Cisco SD WAN (powered by Meraki and Catalyst)
Offering both Meraki and Catalyst (formerly Viptela), Cisco cover a wide range of products. Meraki is a fantastic low-cost option for simpler requirements, covering MX appliances and software with orchestration, however often requires additional expense features for complex systems. Catalyst is used to cover Viptela OS, IOS XE software with vManage orchestration, however the Netify SD WAN comparison tool is not often used to compare Viptela solutions.
| Pros | Cons |
| Vision aligned with customer needs (AI networking, integrated security). | Gartner client interactions showed that Cisco customer experience was below average. |
| Extensive management portal allowing for a granular level of configuration. | Lacks some of the more innovative features of new SD-WAN players. |
| Enhanced cloud integration (such as AWS, Google Cloud, and Microsoft Azure, with a single SD-WAN fabric) | Cisco SD-WAN requires expertise to make the most of capability. |
Fortinet
Fortinet is a security led company with a strong reputation alongside other market leaders such as Checkpoint. Security has driven Fortinet to create their own ASIC (Application-Specific Integrated Circuit), which ensures hardened security architecture in respect of hardware and allows the devices to perform better as the circuits are optimised to the Fortinet overlay software. However, Fortinet does not have huge experience in complex networking
| Pros | Cons |
| Application-aware routing based on real-time network conditions. | Tied to Fortinet hardware. |
| Integrated features like NGFW, IPS, encryption, anti-virus and sandboxing. | Limited integrations with third-party SSE vendors. |
| Innovations in GenAI likely to improve on market capabilities. | Gartner client interactions suggest that customer experience is below average. |
HPE (Aruba & Silver Peak)
Aruba is capable of delivering seamless LAN, WLAN and WAN capability across SD-Branch, (with the Aruba Central Cloud Platform), Aruba Headend Gateways, Virtual Gateways, ClearPass Policy Manager and ClearPass Device Insight. However, HPE's failover and optimisation are not as sophisticated when compared to other vendor solutions.
| Pros | Cons |
| Includes zone-based firewall, role-based segmentation and seamless integration with cloud security providers. | Tied to Aruba hardware. |
| Gartner client interactions showed that customer experience is high. | Focuses heavily on WAN optimisation and may have excessive features for simpler requirements. |
| Centralised management through Aruba Orchestrator for consistent policies. | Requires expertise to deploy and manage. |
Palo Alto Networks (CloudGenix)
Palo Alto acquired CloudGenix to complement their security offering, which is highly advanced and capable of delivering SASE. As an SD WAN and SASE proposition, their solution is offered across most verticals and business sizes. Palo Alto are not such a good fit for retail or systems where there's a requirement to service multiple branch office locations. This is due to a lack of an all in one device to meet the needs of SD WAN and Security at a low cost.
| Pros | Cons |
| Gartner interactions suggest that the customer experience is above-average. | Pricing is more expensive than some other vendors. |
| Vision aligned with customer needs (AIOps, viability and granular control over policy). | Limited performance optimisations (TCP, FEC, packet duplication) |
| Has been in the Gartner Magic Quadrant for three consecutive years, indicating both vision and ability. | Tied to Palo Alto hardware. |
Versa Networks
Versa were known as an SD WAN vendor which typically supported large complex Enterprise requirements. However, with their release of Titan, Versa are now positioned to support both more straightforward SME requirements alongside large global Enterprise businesses via Versa VOS. The Titan product offers cloud-based orchestration with good analytics and SASE security. It should be noted that the product is often deployed by service providers and managed service providers.
| Pros | Cons |
| Vision aligned with customer needs (AI networking, observability and multi-cloud support). | Pricing is more expensive than some other vendors. |
| Offers flexible and open architecture supporting multiple deployment modes (cloud, hybrid, on-premises) | Considered more complex and difficult to manage than other vendors. |
| Utilises AI/ML-powered analytics for enhanced networking, security visibility and control. | Tied to Versa hardware. |
VeloCloud by VMware
VMware SD-WAN powered by VeloCloud has a considerable advantage due to their brand presence and existing customer base. SD-WAN edge (VCE) appliances, gateways (VCG) and an SD-WAN orchestrator (VCO) are currently implemented across thousands of customers generated by their highly effective channel sales teams. Although VeloCloud does offer SASE, their capability is viewed as limited when compared to other vendors.
| Pros | Cons |
| Vision aligned with customer needs (cloud transport and AI). | Slow to add integrations for third-party SSE vendors. |
| Integrates with cloud providers (AWS and Azure). | Tied to VMware hardware. |
| Gartner client interactions showed that customer experience is high. | On-premises security options limited in comparison to other vendors. |
Challengers and Visionaries
The following vendors have been identified by Gartner as either challengers or visionaries in the SD-WAN market. This indicates that they have either a high level of completeness of vision or ability to execute.
Huawei
Huawei is a challenger within the 2024 magic quadrant for SD-WAN, meaning they have a high level of ability to execute.
Huawei is focused on the growth of 5G which is designed to actually solve the issues faced by companies today, i.e. fast start, failover, remote users, IoT. This has helped them with strong growth within the AsiaPac region (China is a clear leading location) and LATAM, however this does also come with having weak coverage across the western world.
| Pros | Cons |
| Pricing is cheaper than some other vendors. | Unable to effectively target enterprises in certain major markets like the U.S., Canada, U.K., Australia and India due to geopolitical issues. |
| Gartner interactions suggest that the customer experience is above-average. | Lacking in features in comparison to other vendors. |
| Vision aligned with customer needs (integrated security, scalability and deployment flexibility). | Tied to Huawei hardware. |
Juniper Networks
Juniper networks is a visionary within the 2024 magic quadrant for SD-WAN, meaning that they have a high completeness of vision.
Juniper also has experience within the WAN edge market. Juniper follows their own unique take on SD WAN with their Mist Marvis AI/ML engine (conversational AI to networking). Medium and large Enterprise businesses procure the Juniper proposition due to strong SD WAN and security capability. However, it is not particularly strong in respect to Cloud access and WAN optimisation.
| Pros | Cons |
| Gartner interactions suggest that the customer experience is above-average. | Less readily accessible in comparison to other vendors. |
| Vision aligned with customer needs (single-vendor SASE and AI networking). | Slow to address key features such as cloud integrations. |
| Suitable for the majority of corporate use cases. | Requires expertise to deploy and manage. |
Niche Players
The following vendors have been identified by Gartner as niche players in the SD-WAN market. This indicates that they have a lesser level of completeness of vision and ability to execute.
Barracuda
Based in North America, Barracuda uses Microsoft Azure as its backbone and is designed for ease of use straight out of the box, however the Barracuda interface requires knowledge and experience to make the most of their service offering.
| Pros | Cons |
| Fully cloud-native with Azure, leveraging Microsoft's global network as a backbone. | Primarily North American-centric. |
| Incorporates multi-layered next-generation security features, including cloud-based full emulation sandboxing. | Planned innovations provided limited expansion for more complex use cases. |
| Designed for ease of use with out-of-the-box configurations and zero-touch deployment. | Interface requires knowledge and experience to make the most of their service offering. |
Cradlepoint
Cradlepoint is respected for their work across cellular services within verticals such as education. However, Cradlepoint is primarily focused on the North American market.
| Pros | Cons |
| Focus on cellular wireless for distributed sites, IoT devices and remote workers. | Not applicable to wired WANs systems. |
| Advanced routing based on latency, jitter and signal strength. | Not as fully featured as other solutions. |
| Includes end-to-end encryption, zero trust network access and secure web gateway. | Hardware-tied solution. |
Forcepoint
Forcepoint offer application-aware routing based on real-time network conditions and integrates NGFW, access control, web security and cloud monitoring. However offers limited performance optimisation and is tied to Forcepoint's security stack.
| Pros | Cons |
| Centralised, cloud-based management (for up to 6000 sites). | Limited performance optimisation and cloud integration. |
| Application-aware routing based on real-time network conditions. | While generally providing a positive experience, initial setup and configuration can be complex. |
| Integrates NGFW, access control, web security and cloud monitoring. | Tied to Forcepoint's security stack. |
Nuage Networks
Nuage primarily operates again through service provider channels using their X series and E series gateways. Netify note there is significant take-up of Nuage across large telcos as the platform is designed to integrate well from the perspective of service provider configuration and end-users with a great, simple to use management interface. The product capability lacks SaaS application optimisation which is viewed as very limited by reviews.
| Pros | Cons |
| Offers flexible and open architecture supporting multiple deployment modes (cloud, hybrid, on-premises) | Requires expertise to deploy and manage. |
| Above-average customer experience. | Lacks some key features that other SD-WAN solutions provide (limited cloud integration support, SaaS application optimisation). |
| Good third-party SSE integrations. | Tied to Nuage hardware. |
Peplink
Peplink offers their Balance and Max devices which is mainly sold by VARs (Value Added Resellers) and Managed Services Providers. The ruggedised SD WAN support has resulted in strong sales within the transportation, public safety and broadcasting sectors. Peplink does lack other product capabilities, specifically around SD WAN, which is viewed as basic, particularly around WAN optimisation features.
| Pros | Cons |
| Bonding of multiple low-cost links via SpeedFusion (DSL, 3G/4G/LTE) | Slow to develop SASE strategy or handle cloud integrations. |
| Customer reviews show that it is a very user-friendly solution. | Lacks some advanced security features offered by other vendors. |
| Well suited for use cases with 4G/5G requirements. | Tied to Peplink hardware. |
Sophos
Sophos primarily targets mid-market and smaller customers, therefore integrating on-premises security has been an important feature. Sophos does however lack a lot of the advanced features that other vendors offer and can be considered quite complex to learn to administrators without prior experience.
| Pros | Cons |
| Targets mid-market and smaller customers. | Lacks some advanced features that other vendors offer. |
| Offers zero-touch deployment via Sophos SD-RED devices. | Can be complex to learn for administrators. |
| Good on-premises security (designed for smaller customers) | Limited third-party SSE integrations and cloud onramp. |
Market Insights and Trends
Prior Trends
As cloud connectivity becomes more prominent, SD-WAN vendors have shifted to integrate cloud on ramping solution, moving away from more traditional, private data centres. The capabilities on offer for SD-WANs have also improved on from routing to also include advanced security functionality and WAN optimisation.
Anticipated Trends
Marketing insights from Gartner suggest that by 2026, 60% of SD-WAN purchases will be part of a single-vendor SASE offering (15% as of 2023). This indicates that the market is moving towards complete solutions where an entire system comes from one vendor.
Gartner's insights also show that embedded generative AI technologies will also be used for 20% of initial network configurations by 2026. This is currently used for as little as almost 0% of initial network configurations.
Vendor Selection Advice
| Vendor name | Best for |
| Barracuda | Applications with a focus on Microsoft Azure |
| Cisco SD WAN |
Meraki: Easy to manage solution |
| Cradlepoint | Applications with cellular wireless for distributed sites, IoT devices and remote workers |
| Forcepoint | Application-aware routing based on real-time network conditions |
| Fortinet | Highly secure branch office and remote user requirements |
| HPE (Aruba) | LAN, WLAN and WAN capability across SD-Branch. |
| Huawei | 5G (and IoT applications) |
| Juniper Networks | Medium/large enterprises |
| Nuage Networks | Multiple deployment modes (cloud, hybrid, on-premises) |
| Palo Alto Networks | Specific SASE requirements |
| Peplink | Ruggedised SD WAN requirements (transportation, public safety and broadcasting sectors) |
| Sophos | On-premises (mid-market and smaller customers) |
| Versa Networks | Service provider delivered SD-WAN and SASE |
| VMWare |
Global application performance |
Conclusion
As the SD-market has a range of different capabilities on offer, IT decision makers should carefully evaluate all vendors to ensure that the optimal solution is established for their requirements. The integration of technologies such as SASE, AI, cloud and branch networking, whilst on the rise, are only offered by some of the market.
For more information on choosing the best SD-WAN vendor, it is recommended to view the 2024 Netify best SD-WAN vendor.
