Palo Alto Networks Prisma SD-WAN & SASE Review | Netify Marketplace

.prd--form.prd--form--processing:before{--wpr-bg-d77ed499-5f97-485d-a057-4dc568d043e9: url('https://www.netify.co.uk/files/assets/loading.gif');}.prd--bloglisting--hero{--wpr-bg-fa9cc4fc-dd2d-4e67-a646-3eb9df2441f8: url('https://www.netify.co.uk/wp-content/uploads/2024/09/netify-blog-banner.jpg');}.wpforms-container .wpforms-datepicker-wrap .wpforms-datepicker-clear{--wpr-bg-73974a56-2650-45bf-87f1-edf9441c4979: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/times-solid-white.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal-overlay.wpforms-camera-format-video .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-cancel{--wpr-bg-ba0e32fa-aeff-4ba4-8b8a-06b4c7a7e296: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/camera-video.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal-overlay.wpforms-camera-format-video .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-crop{--wpr-bg-57072a6d-b701-4377-997d-84e3bac1f673: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/crop.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal .wpforms-camera-modal-footer .wpforms-camera-modal-actions .wpforms-camera-flip{--wpr-bg-1543599d-b1cb-4427-be89-a9055cefcfaf: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/camera-rotate.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-cancel{--wpr-bg-0480b680-ca92-4e19-b84c-0edf2897939d: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/camera.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-crop{--wpr-bg-0ca35a16-f2ad-41d2-b863-1049462d5207: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/crop.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-crop-cancel{--wpr-bg-17980c90-4ff2-4d20-88c9-3b3d0ee8ed2f: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/cancel.svg');}.wpforms-lead-forms-container .wpforms-form .wpforms-camera-modal .wpforms-camera-modal-footer .wpforms-camera-modal-buttons .wpforms-camera-cancel-video{--wpr-bg-f07d09d4-b7d8-478e-9331-0d81c6991935: url('https://www.netify.co.uk/wp-content/plugins/wpforms/assets/pro/images/trash.svg');}.elementor-element .icon .wpdt-table-logo:before{--wpr-bg-2b68c35f-27b5-41a6-a429-e01386fa99fe: url('https://www.netify.co.uk/wp-content/plugins/wpdatatables/assets/img/logo-large.png');}.elementor-element .icon .wpdt-chart-logo:before{--wpr-bg-562c4f4b-2a6d-4e5d-8530-19233cc3a471: url('https://www.netify.co.uk/wp-content/plugins/wpdatatables/assets/img/chart-icon.png');}

SD-WAN · SASE · SSE

Palo Alto Networks Prisma SD-WAN & SASE Review

Palo Alto Networks is a global cybersecurity vendor headquartered in Santa Clara, California, founded in 2005. Its SD-WAN product, Prisma SD-WAN, originated from the acquisition of CloudGenix in 2020 and uses Instant-On Network (ION) hardware appliances managed through a cloud-delivered controller. Prisma SD-WAN is not a standalone product: it is positioned as part of the broader Prisma SASE platform, combining SD-WAN connectivity with Prisma Access for security service edge (SSE) functions. Organisations evaluating Palo Alto Networks for SD-WAN are, in practice, evaluating a unified SASE platform with strong security credentials and a premium price point.

5x MQ SD-WAN Leader

150+ Prisma PoPs

AIOps Strata Copilot

Santa Clara, CA

Quick Facts — Palo Alto Networks

Category	Detail
Full company name	Palo Alto Networks, Inc.
Headquarters	Santa Clara, California, USA
Founded	2005
Primary product	Prisma SD-WAN (formerly CloudGenix)
Architecture	Hybrid (ION appliances + cloud-delivered Prisma Access)
Global PoPs	150+ Prisma Access nodes worldwide (third-party cloud infrastructure: AWS, GCP)
UK PoPs	London (multiple nodes via Prisma Access)
SASE capability	Full — Prisma SASE (SD-WAN + Prisma Access SSE)
SD-WAN capability	Full — Prisma SD-WAN
Target market	Enterprise (mid-market to large enterprise)
UK channel	Both — direct and via authorised partners (BT, NTT, Orange Cyberdefense, Lumen and others)
Gartner position	Leader — 2024 Magic Quadrant for SD-WAN (5 consecutive years); Leader — 2025 Magic Quadrant for SASE Platforms (3 consecutive years); Leader — 2025 Magic Quadrant for SSE

What Netify Thinks

Palo Alto Networks occupies a credible position in the enterprise SD-WAN and SASE market, with five consecutive years as a Gartner Magic Quadrant Leader for SD-WAN and three years as a SASE Platforms Leader. Its strength lies in security depth rather than SD-WAN networking breadth.

Strengths

Security integration: Prisma SASE combines SD-WAN with a mature, fully featured SSE stack (NGFW, CASB, DLP, ZTNA) from a single vendor. For enterprises that prioritise security consolidation over least-cost routing, this is a strong value proposition.
AIOps and visibility: Strata Cloud Manager and the Strata Copilot AI layer provide meaningful operational simplification, surfacing anomalies and automating remediation in a way that is ahead of many networking-first SD-WAN vendors.
Existing Palo Alto estate: Organisations already running Palo Alto NGFWs will find Prisma SASE considerably easier to adopt than a competing vendor's platform, as policy frameworks and threat intelligence are unified.

Weaknesses

Cost: Prisma SASE is consistently positioned at the higher end of enterprise SD-WAN pricing. Customers with smaller budgets or simpler connectivity requirements may find the total cost of ownership difficult to justify.
No private backbone: Prisma Access is built on third-party hyperscaler infrastructure (AWS and GCP) rather than a dedicated private backbone. This differs from vendors such as Aryaka or Cato Networks, and may result in less predictable performance on routes without direct cloud presence.
Complexity: Deploying Prisma SD-WAN without the full SASE stack requires careful design consideration. Enterprises without in-house Palo Alto expertise typically require a managed service partner.

Verdict: Palo Alto Networks Prisma SASE is best suited to large enterprises with an existing Palo Alto security investment, a defined zero trust strategy, and the budget and internal resource to manage or procure a fully integrated SASE platform.

Pros & Cons

Pros

Comprehensive security integration: NGFW, CASB, ZTNA and DLP unified in a single SASE platform
AI-powered AIOps (Strata Copilot): automates network anomaly detection and remediation
Application-aware traffic steering: Layer 7 intelligence for SLA-based path selection
Operational simplicity: centralised management via Strata Cloud Manager
WAN optimisation and QoS: efficient quality-of-service configuration across mixed underlay types
Strong Gartner positioning: Leader in SD-WAN MQ for five consecutive years (2024 report)

Cons

Higher cost: Prisma SASE is priced at the premium end of the enterprise SD-WAN market
Significant learning curve: requires expertise across Palo Alto's tooling stack; managed service partner often needed
No private backbone: Prisma Access relies on third-party cloud infrastructure (AWS, GCP)
Configuration complexity: deploying ION appliances alongside Prisma Access and Strata Cloud Manager can be operationally demanding
Limited TCP/WAN optimisation compared to some networking-first SD-WAN vendors
Two distinct SD-WAN product lines can create confusion during vendor selection

Frequently Asked Questions

What is Palo Alto Networks Prisma SD-WAN?

Prisma SD-WAN is Palo Alto Networks' enterprise SD-WAN solution, based on technology acquired from CloudGenix in 2020. It uses hardware-based ION appliances at branch and hub locations to deliver application-aware traffic steering, path selection and WAN optimisation, managed centrally through Strata Cloud Manager. In most enterprise deployments, Prisma SD-WAN is paired with Prisma Access to form the Prisma SASE platform, combining networking and security service edge (SSE) in a single cloud-delivered solution.

How much does Palo Alto Networks Prisma SD-WAN cost in the UK?

Palo Alto Networks does not publish list pricing for Prisma SASE. UK enterprise deployments typically require an authorised partner quote, as pricing depends on the number of ION appliances, Prisma Access bandwidth tier, number of remote users and the security features licensed. Based on market interactions and Gartner Peer Insights feedback, Prisma SASE sits at the higher end of the SD-WAN pricing spectrum. Indicative costs for a mid-size enterprise (20–50 branches, 500 users) typically range from £250,000 to £600,000+ over three years when including hardware, licensing and professional services. Request a quote through the Netify marketplace for a vendor-neutral comparison. Note: this is Netify's independent indicative estimate based on market data — not vendor-disclosed pricing.

Is Palo Alto Networks a good choice for UK deployments?

UK organisations benefit from Prisma Access nodes in London, providing relatively low latency to Prisma Access cloud functions for SSE traffic. Palo Alto Networks has an established UK partner channel including BT, NTT Global, Orange Cyberdefense and Lumen, which support both deployment and ongoing managed service options. Direct sales support is also available from Palo Alto Networks' UK office. UK enterprises already using Palo Alto NGFWs at their perimeter or data centre will find Prisma SASE the most natural integration path.

How does Palo Alto Networks Prisma SD-WAN compare to Fortinet SD-WAN?

Both are enterprise SASE vendors with strong security credentials, but their architectures differ significantly. Palo Alto Networks uses ION appliances alongside cloud-delivered Prisma Access, delivering a more cloud-native architecture. Fortinet uses FortiGate hardware appliances with FortiSASE for cloud security, taking a more hardware-anchored approach. Palo Alto Networks targets large enterprises with an existing Palo Alto security estate; Fortinet is more cost-effective and better suited to security-first, hardware-invested environments.

Category	Palo Alto Networks (Prisma)	Fortinet (FortiSASE)
SD-WAN origin	Acquired (CloudGenix, 2020)	Built internally from ground up
SASE architecture	Cloud-delivered; ION appliances at edge	Hardware-led; FortiGate appliances with cloud SSE option
Security integration	Full SASE: NGFW, CASB, DLP, ZTNA via Prisma Access	Full SASE: FortiGate NGFW integrated with FortiSASE cloud
Private backbone	No — relies on AWS/GCP infrastructure	No — relies on third-party infrastructure
Target market	Large enterprise with existing Palo Alto security investment	Mid-market to enterprise; strong in existing Fortinet deployments
Pricing	Premium	Mid-to-premium range; generally lower than Palo Alto

Include Palo Alto Networks in your SASE RFP

Use the Netify RFP Builder to build a structured, vendor-neutral SASE RFP and receive competitive bids.

Build Your SASE RFP