This article provides a comprehensive hands-on review for 10 of the best SD-WAN vendor solutions and evaluates their best use cases. Due to each vendor offering different benefits, IT decision makers should consider the key offerings from each vendor and compare these with their networking requirements. To assist with this, we tested each solution, noting the benefits and criticisms of each SD-WAN vendor.
About the authors: This article was written by Robert Sturt and Harry Yelland. Read more about Robert's writing on Techtarget and Forbes. Harry has a 1st in Computer Science and is an up and coming Cybersecurity consultant at Netify.
SD-WAN testing process | How we tested each SD-WAN solution |
Initial Setup and Configuration | Each SD-WAN setup process was assessed by following vendor guidelines and, where available, using Zero Touch Provisioning. Ease of use was particularly considered with these tests. |
Performance Simulation | Each SD-WAN network was stress-tested with heavy traffic introduced to determine how the network coped and if it could prevent critical traffic from experiencing degradation. Voice over IP (VoIP) and high-bandwidth content such as online video streaming was used to conduct this. Performance (latency, jitter and packet loss) and efficiency were considered for these tests. |
Metrics and Telemetry Monitoring | Throughout testing we used each SD-WAN solutions monitoring capabilities. We used these to determine network efficiency, whilst noting the ease of use, granularity and visibility of monitoring traffic. |
Security Management | By introducing known controlled threats, such as malware, to the network, we could monitor the SD-WAN security response and its effectiveness. This was assessed by considering the response and the amount of control over security the SD-WAN provided. |
Other Key Offerings | Features such as Artificial Intelligence integrations, Cloud Onramp and SASE integrations were used to assess the extendibility of SD-WAN solutions. |
Want to cut straight to the best SD-WAN vendors and providers for UK, US and Global businesses. We understand – IT decision makers are busy and your time is precious. You'll find a roundup of our top choices here. You can also jump to a more in-depth review for each product, along with our real-time, instant comparison tool to build your shortlist now.
Cisco Systems SD-WAN Netify Review | Aryaka SD-WAN Netify Review | Fortinet SD-WAN Netify Review | Cisco Meraki SD-WAN Netify Review | Cato SD-WAN Netify Review | VMware SD-WAN Netify Review | Masergy SD-WAN Netify Review | Versa SD-WAN Netify Review | Palo Alto SD-WAN Netify Review | Barracuda SD-WAN Netify Review | |
Awards |
|
|
| |||||||
Overall Score | 74 | 70 | 74 | 79 | 80 | 76 | 71 | 71 | 80 | 77 |
Star Rating | ||||||||||
Pros |
|
|
|
|
|
|
|
|
|
|
Cons |
|
|
|
|
|
|
|
|
|
|
Best for Use Case | Best for complex needs with global SD-WAN sites | Fully Managed, Global SD-WAN | Best for SD-WAN requiring hardened security | Multiple Branch-Offices, CCTV, Sensors | Global Co-Managed SD-WAN and SASE | Complex Routing with Analytics | Global Fully Managed Service Provider SD-WAN | Service Provider Delivered SD-WAN and SASE | Specific SASE Security Requirements | Microsoft Azure Cloud-Focused SD-WAN |
SD-WAN Features | 8.0 | 8.0 | 6.0 | 8.0 | 7.0 | 8.0 | 8.0 | 8.0 | 9.0 | 8.0 |
SD-WAN Application Routing | 9.0 | 7.0 | 8.0 | 7.0 | 7.0 | 9.0 | 8.0 | 7.0 | 9.0 | 7.0 |
SD-WAN Reporting | 6.0 | 8.0 | 8.0 | 7.0 | 8.0 | 8.0 | 7.0 | 8.0 | 9.0 | 8.0 |
SD-WAN Portal | 7.0 | 8.0 | 6.0 | 8.0 | 10.0 | 7.0 | 5.0 | 6.0 | 5.0 | 6.0 |
SD-WAN Cost | 6.0 | 6.0 | 8.0 | 9.0 | 6.0 | 6.0 | 6.0 | 6.0 | 7.0 | 8.0 |
SD-WAN SASE Integration | 7.0 | 5.0 | 8.0 | 8.0 | 10.0 | 8.0 | 8.0 | 8.0 | 9.0 | 8.0 |
Cloud Capability | 9.0 | 7.0 | 8.0 | 8.0 | 8.0 | 9.0 | 8.0 | 7.0 | 8.0 | 9.0 |
Features |
|
|
|
|
|
|
|
|
|
|
VMware SD-WAN Netify Review | Masergy SD-WAN Netify Review | Versa SD-WAN Netify Review | Palo Alto SD-WAN Netify Review | Barracuda SD-WAN Netify Review | |
Awards |
| ||||
Overall Score | 76 | 71 | 71 | 80 | 77 |
Star Rating | |||||
Pros |
|
|
|
|
|
Cons |
|
|
|
|
|
Best for Use Case | Complex Routing with Analytics | Global Fully Managed Service Provider SD-WAN | Service Provider Delivered SD-WAN and SASE | Specific SASE Security Requirements | Microsoft Azure Cloud-Focused SD-WAN |
SD-WAN Features | 8.0 | 8.0 | 8.0 | 9.0 | 8.0 |
SD-WAN Application Routing | 9.0 | 8.0 | 7.0 | 9.0 | 7.0 |
SD-WAN Reporting | 8.0 | 7.0 | 8.0 | 9.0 | 8.0 |
SD-WAN Portal | 7.0 | 5.0 | 6.0 | 5.0 | 6.0 |
SD-WAN Cost | 6.0 | 6.0 | 6.0 | 7.0 | 8.0 |
SD-WAN SASE Integration | 8.0 | 8.0 | 8.0 | 9.0 | 8.0 |
Cloud Capability | 9.0 | 8.0 | 7.0 | 8.0 | 9.0 |
Features |
|
|
|
|
|
For this article, we have created an at-a-glance checklist to help IT decision makers understand the areas which they must consider when comparing SD-WAN solutions.
Submit your details to receive a link to our SD-WAN buyers checklist, an at-a-glance Mind Map which details all of the areas you need to consider. Please check your junk folder if you do not receive an email within a few minutes.
In 2024, Meraki emerges as the best choice across SD-WAN Vendors, catering to the requirements of Medium and Large Enterprises. Meraki has been chosen based on Cloud integration, SASE security options, branch-office Wifi capability and support for remote workers.
Cisco is recognised as a leader within the Gartner SD-WAN magic quadrant for their capability and vision with the SD-WAN market. According to Gartner's analysis, Cisco supports approximately 46,000 enterprise customers with SD-WAN solutions on a global scale. These customers represent a diverse range of sizes and industries.
Key Features and Differentiators: Cisco SD-WAN is known for its capability across Application Aware Routing (AAR), Cloud OnRamp and SD-WAN monitoring.
Cisco SD-WAN AAR is a feature which optimises traffic based on applications and their overall importance. Cisco AAR configuration involved specifying the performance metric limitations by providing jitter and latency.
To test if VoIP degraded, I applied traffic to the network causing a breach in the jitter and latency thresholds.
Cisco SD-WAN identified this issue and promptly re-routed the network traffic onto our secondary broadband circuit as per the configuration. This meant that the Application Aware Routing was an effective method for managing heavy traffic for enhancing critical application experience.
Secondly, I tested Cisco SD-WAN Cloud OnRamp, a way to seamlessly integrate connections between branch offices and cloud services.
I connected a branch office network to Amazon Web Services (AWS) cloud using OnRamp. Following configuration, I was able to monitor the stability and performance of the network via analytics and noted a significant performance improvement for the time taken to access our cloud-hosted applications.
In a real-world deployment this would significantly improve the stability of the network and provide users with a better experience within the network. I also noted that, given the ease of integrating cloud providers through a few menus, it means the cloud OnRamp functionality should significantly reduce overhead when introducing a multi-cloud integration to the network and reduce workload for network administrators.
Finally, I evaluated the analytics that Cisco SD-WAN provides to gain deep insights into the network.
Cisco analytics gave me a wide range of options such as drilling down into individual traffic flows, monitoring fluctuations in application performance and observe changes in bandwidth usage across the network.
I focused primarily on the ability of Cisco SD-WAN to make forecasts based on predictive analytics. This functionality suggested potential issues within the network before there was even the chance for the issues to cause any negative impacts on the network and gave me a proactive approach for implementing network optimisations in order to better use the network resources.
My testing of Cisco SD-WAN demonstrated the effectiveness of the AAR routing, Cloud OnRamp and analytical capabilities, providing network optimisations and simplifying deployment for a comprehensive SD-WAN solution.
Whilst the detail of functions such as traffic monitoring is very granular and allows a large amount of control, this did add some complexity that would be harder to work with for less SD-WAN knowledgeable network administrators.
In my opinion, Cisco SD-WAN offers a great solution for complex services, such as large-scale enterprises, where an extra level of control/data reporting is required but would be hesitant to recommend it to small businesses where there isn’t quite the same need for granular control.
Evaluating Factor | Cisco SD-WAN |
Gartner status: | Leader |
Best for: | Complex Services |
Reasons not to shortlist: | Lacks ease of use for network administrators that don’t have advanced SD-WAN knowledge |
Stand-out features: | Application Aware Routing, Cloud OnRamp, Granular Control, Advanced Analytics, AIOps |
Features: Application-Aware RoutingCloud OnRamp
Global, Complex Requirements
Aryaka is well-known for its convergence of SD-WAN and SASE solutions, providing a unified platform for network management.
Key Features and Differentiators: Aryaka SD-WAN is known for its unified SD-WAN and SASE integration, ease of use, application routing and alert response. With this in mind, I conducted hands-on testing for these features to not only understand the setup but the overall functionality of Aryaka’s SD-WAN solution, in order to determine best fit use cases.
A core feature of Aryaka SD-WAN is its ability to identify applications, classify their priority and then route application traffic based on these classifications.
The logs demonstrated that Aryaka quickly prioritised critical (VoIP) traffic as could be seen from the data showing high levels of performance.
Next, I tested the customer portal within MyAryaka, the unified management dashboard. From various tests, such as adjusting the network configuring and viewing monitoring tools, the dashboard interface was very user-friendly and responsive.
This pane gave effective network management tools backed with actionable insights to improve network performance and health. The dashboard allowed me to make changes such as customised alert settings, tailored to specific network events.
The control was very useful for understanding network usage and potential issues within the network and allows for proactive network management.
Finally, I evaluated Aryaka’s integration of Secure Access Secure Edge (SASE) as part of their unified management system. This showcased the enhanced security options available such as its deep packet inspection engine and next generation virtual firewall.
These features offer an improvement over traditional WAN security and, when applying the deep packet inspection to the network, there was negligible effect on critical communications suggesting that the improvements in security did not result in a compromise of network performance.
After conducting hands-on testing of the Aryaka SD-WAN solution, I was able to confirm its ability for application-aware routing and traffic prioritisation, which enhanced performance of critical applications (VoIP) when under heavy load.
The alert responses to heavy traffic were a useful addition and gives obvious real-world use cases where administrators can quickly see issues on the network in realtime.
By providing a unified platform for managing SD-WAN and SASE implementations, Aryaka reduces the complexity of management which improves the ease of use for network administrators. Although Aryaka provides ease of management via the MyAryaka unified pane, it did appear to lack features such as extensive control over the system which can be found in other vendor solutions.
In my opinion, Aryaka SD-WAN is best for fully managed global SD-WAN networks where granular control isn’t a necessity but ease of use and SASE integrations are prioritised by IT decision makers.
Evaluating Factor | Aryaka |
Gartner status: | Unranked |
Best for: | Global managed SD-WAN |
Reasons not to shortlist: | Lacks extensive control functionality |
Stand-out features: | Ease of use, Unified SD-WAN and SASE integration, Application routing, alert response |
Features: Application-Aware RoutingUnified SASEWAN OptimisationMulticloud SupportSimple ManagementGlobal PoP Network
Fully Managed, Global SD-WAN
Fortinet is a Gartner SD-WAN Magic Quadrant leader, recognised for their security and end-to-end SASE capabilities. Security has driven Fortinet to create their own ASIC (Application-Specific Integrated Circuit), which ensures hardened security architecture in respect of hardware and allows the devices to perform better as the circuits are optimised to the Fortinet overlay software. Fortinet supports approximately 31,000 global SD-WAN enterprise customers across various industries.
Key Features and Differentiators: Fortinet SD-WAN primary offering is its extensive security capabilities alongside it’s Zero Touch provisioning (ZTP) capability and application-aware real-time network routing.
Due to these factors being key, I decided to focus my hands-on testing on them, whilst also evaluating the solutions ease-of-use via Fortinet Manager.
The Fortinet SD-WAN solution can be managed via Fortinet Manager, a centralised user interface that integrates both management and analytics monitoring into a single pane.
The Zero Touch Provisioning tool automates deployment by using available templates and policy packages. The blueprint saved setup time by allowing me to quickly integrate configuration settings and security policies from another branch office SD-WAN controller.
This process came complete with a step-by-step wizard, offering additional tooltips along the way, which should guide even the most novice network administrators through the process of setting up WAN and LAN configurations.
Through FortiAnalyzer, I was presented with a holistic view of the network’s health and usage. To test the ability of Fortinet SD-WAN to provide insights into network issues, I applied heavy load to the network in the hopes of causing the system to recognise the degradation in performance.
Upon adding load, Fortinet provided me with actionable suggestions to improve network performance, showing inefficiencies within the network.
The security measures provided by and leveraged from FortiGuard labs’ threat intelligence appeared to be rather expansive. Fortinet provides many components for managing high-level security and, through my testing, I confirmed that Fortinet SD-WAN maintains consistency of security features across dispersed environments (on-premises and remote connections).
FortiGuard included malware detection and so, by injecting malware into our network setup, we were able to quickly cause Fortinet to realise this threat and flag the issue. This seamless integration provided us the ability to rapidly respond to threats and thus ensure the security of the overall system.
Finally, I tested Fortinet SD-WANs application steering capabilities. This automatically routes traffic via paths based on real-time telemetry data and link health.
I found that Fortinet SD-WAN offered both active and passive measurement systems and this helped fulfil performance SLAs consistently, ensuring reliability of network resources whilst improving network performance.
This feature also enabled using the best quality/lowest cost links for steering, which could be useful for business that wish to tailor to specific needs and conditions, balancing network performance with link cost for optimal cost-benefit efficiency.
In conclusion, Fortinet SD-WAN did offer improved performance via its application steering capabilities with a vast array of security components for a very reliable and secure solution and the ability to use Zero Touch Provisioning make the solution easily scalable.
Unfortunately, it did not appear to be the most intuitive solution for complex use cases and therefore I would not recommend Fortinet for systems with complicated requirements.
Fortinet SD-WAN is best for highly secure branch offices and remote user requirements. Fortinet is often viewed as relatively low cost but, highly secure with a base set of SD-WAN and SASE security strengths. Fortinet is not as user friendly when compared to Cato, Meraki and Aryaka.
Evaluating Factor | Fortinet |
Gartner status: | Leader |
Best for: | Highly secure branch offices and remote user requirements. |
Reasons not to shortlist: | Can be more complex to manage than traditional WAN systems. May require organisations to upgrade existing infrastructure to support Fortinet SD-WAN. |
Stand-out features: | Zero-Touch Provisioning, Unified Manager, ASIC-Accelerated Security |
Features: Application-Aware RoutingZero Touch ProvisioningUnified SASEApplication ControlAutomationIdentity Based FirewallApp Path Insights
Best for SD-WAN requiring hardened security
Meraki is viewed as the best solution for healthcare and retail. In part, this is due to their strong Wifi, CCTV (Smart Cameras), and sensor capability which fits with the needs of these sectors. However, most business can leverage Meraki benefits, which include ease of configuration, strong partner support and the ability to integrate CCTV and sensors.
Key Features and Differentiators: Cisco Meraki is praised for its ease of management, high reliability and built-in security capabilities and so, with these features in mind, I decided to focus my hands-on testing on these factors.
I started testing by using Meraki’s cloud registration tool in order to make use of Zero-Touch provisioning features. This allowed me to automatically setup a branch site with minimal manual configuration in a very user-friendly manner.
Once deployed, within the Meraki dashboard, I changed settings for security features and traffic shaping rules but noted options for features such as VLAN configuration too. Within traffic shaping I could change the Quality of Service (QoS) settings to prioritise critical applications.
In order to test these new configurations, I decided to strain the network by utilising multiple instances of VoIP alongside less critical applications such as online film streaming.
Meraki responded to the video streaming and gave priority to VoIP to ensure clear voice communications were still possible.
Following this, I wanted to test the application steering functionality of Meraki. Meraki’s SD-WAN automatically routes traffic based on real-time telemetry and network link health.
For this, I continued to run VoIP applications and monitored Meraki seamlessly switch the applications between network links, which provided stable performance throughout calls.
Finally, as security is a key element provided by Meraki, I explored the integrated security features bundled into the SD-WAN solution. These features included content filtering, intrusion detection and advanced malware protection.
To test the advanced malware, I introduced a piece on malware into the network, which was quickly detected by Meraki, indicating the system’s ability to assist network administrators with rapid responses to ongoing threats.
In conclusion, Cisco Meraki SD-WAN appears to be adept at not only managing network performance demands during high volumes of traffic but also offer an easy-to-use interface platform on top of various security features. It should also be noted that, although I was not able to test it, Cisco Meraki SD-WAN offers more niche capabilities such as CCTV and sensor support, which is not often supported by other vendors.
Whilst Cisco Meraki was incredibly easy to setup and configure, it should be noted that the solution lacked the granularity needed for highly complex network criteria and thus should not be used in use cases where greater control is required.
I would therefore recommend Cisco Meraki to sectors such as healthcare and retail, where reliability, security and ease of use are prioritised but the need for granular control isn’t quite so present.
Evaluating Factor | Meraki |
Gartner status: | Leader |
Best for: | Healthcare and Retail. Easy Management |
Reasons not to shortlist: | Lack of granular control |
Stand-out features: | CCTV support, sensors, cloud services, remote users and WiFi capabilities |
Features: Zero Touch ProvisioningCCTV SupportSensor IntegrationSASE IntegrationApplication Control
Multiple Branch-Offices, CCTV, Sensors
Cato Networks SD-WAN is largely recognised within the SD-WAN market for their global network of Points of Presence (PoPs) and convergence of security services with SD-WAN into a unified platform.
Key Features and Differentiators: Cato is known for their focus on Global SASE Cybersecurity, Private IP Backbone and simple to use management interface.
In this hands-on review, I evaluate the capabilities that Cato SD-WAN offers, focusing primarily on how well Cato handles heavy loads of traffic with critical applications, how easy the system is to manage and the overall security functionality provided by Cato SD-WAN.
I began by deploying a new branch office via the Cato Management Application. This management application unifies all of Cato SD-WAN functionality and, as a cloud-native application, this improves management accessibility.
By entering a physical address, Cato SD-WAN can determine the nearest Point of Presence to me in order to establish the best performance when utilising the Cato global backbone.
To enable Quality of Service (QoS) functionality, I entered bandwidth and for security implementations I selected firewall, anti-malware and an intrusion prevention system in order to later test Cato’s security functionality. With the whole setup process taking mere minutes, I was impressed by Cato’s speed to setup and the well-presented interface provided to me with a very easy-to-use experience.
To test how Cato SD-WAN handled critical applications amongst heavy traffic, I decided to evaluate Voice over IP (VoIP) call quality degradation when adding other traffic such as video streaming and file downloads to the network.
By accessing the network analytics (via the Cato Management Application), the data showed that the VoIP was being prioritised with minimal jitter, latency and packet loss being experienced.
Whilst a latency of over 150ms would typically result in performance degradation, I noticed only an increase of 40ms to 105m, which caused no perceptible drop in performance and therefore indicates the ability of Cato SD-WAN to utilise application-aware routing based on real-time network telemetry.
By reviewing the Cato SD-WAN traffic policies, the response to network congestion could be seen as the traffic policies had changed to reflect the traffic, therefore ensuring critical applications (VoIP in this instance) were provided with enough bandwidth.
The ability to adapt to dynamic network traffic patterns suggests that Cato is very capable in use cases where network traffic patterns are unpredictable and trends change frequently.
Finally, I wanted to evaluate the security implementations of the Cato SD-WAN solution. As per my deployment, the system included integrated Next-Generation-Firewall (NGFW), anti-malware and an Intrusion Prevention System (IPS). These security systems were all managed within the Cato Management Application.
To test the security, I introduced a piece of malware into the system and monitored the response of Cato SD-WAN. The anti-malware security acted quickly, flagging the threat and allowing for a rapid response to deal with issue.
In conclusion Cato is capable of handling heavy network traffic whilst still prioritising critical applications and integrating security measures to protect the network.
It should be noted that Cato’s global private backbone, which minimises the number of hops and optimises routes that data has to travel through, appeared to help reduce latency and packet loss when using VoIP over large geographical distances. However, if your business is not located close to a Cato PoP, this could be a drawback to your business.
Whilst Cato does lack flexibility for more advanced features such as multi-casting support and more in-depth reporting functionalities, the ease of use experienced is a huge benefit for use cases where there isn’t such high complexity of requirements.
Cato is recommended for businesses that require global co-managed services with complete SASE capability, and simple setup with fast deployment.
Evaluating Factor | Cato |
Gartner status: | Unranked |
Best for: | Global co-managed services |
Reasons not to shortlist: | Lacks some features other vendors offer |
Features: Application-Aware RoutingGlobal PoP NetworkZero Touch ProvisioningUnified SASESASE IntegrationTemplated ConfigurationEnhanced Monitoring
Global Co-Managed SD-WAN and SASE
VMware SD-WAN is known for its simplified branch office networking and cloud-delivered architecture.
Key Features and Differentiators: VMware is recognised their their capabilities across Zero Touch Provisioning which is good for rapidly growing the network to cope with a dispersed workforce.
To test the Zero Touch Provisioning of VMware SD-WAN, I first logged into the orchestrator via the central management portal. This allowed me to create a new edge site and configure basic IP, LAN, VLAN and DHCP settings.
I also enabled the High Availability setting, designed to enhance network reliability by using 2 edge devices in an Active/Standby configuration.
This provides the network with redundancy and would allow for continuous communications to the edge site regardless of a device failure. I could then assign profiles and policies to the new edge devices, specifying network and security settings to ensure optimal performance.
After completing the software portion of the Zero Touch Provisioning, I physically deployed the edge devices. The edge devices remotely downloaded all required orchestrator data, pulling LAN and WAN settings, applying security policies and establishing the High Availability communications.
Following deployment, I wanted to test the ability of VMware SD-WAN to monitor the network, its performance and the status of the edge devices. The orchestrator provides not only central configuration capabilities, but also offers various settings and monitoring tools.
One of these is the network overview page which enables monitoring of real-time network statistics, deployment status and the health of both primary and secondary edge devices. VMware therefore provides visibility of the network through a centralised location.
To test the ability of VMware SD-WAN to maintain reliable performance, I decided to monitor the performance of Voice over IP (VoIP) applications whilst adding a heavy volume of traffic (online video streaming, large file downloads) to the network.
Using the Quality of Experience (QoE) tab within the orchestrator, I was able to view network metrics in real-time. This page indicated that the best traffic link was being used and that no packet loss or jitter was being experienced, which was reflected by the VoIP call having clear sound and no noticeable degradation.
The application steering routed traffic types through different network links based on their health and latency statistics. VMware SD-WAN was capable of identifying critical applications on the network, as shown by the maintained performance level of VoIP applications and indicates that WMware SD-WAN can adapt to the change of network demands in real-time.
For security, VMware integrates a firewall, encrypted VPN tunnels and a layer of security when switching between primary and secondary edge devices.
One of the key components of security for organisations is a firewall, which blocks the access to specific applications and IPs based on rules and therefore I decided to test the effectiveness of the firewall functionality.
The VMware SD-WAN firewall, managed by the orchestrator, allows for firewall rules to control IP and port authorisation or blocking. To test the firewall, I blocked all external SSH applications (port 22) and, upon trying to access a networked system from an external device, the SD-WAN network logs showed that this access was blocked.
In conclusion VMware SD-WAN offered network optimisations through Zero Touch Provisioning, traffic management, intelligent routing and added security features.
These features allow for VMware SD-WAN networks to be deployed at scale without extensive overhead, whilst the introduction of failover with multiple SD-WAN edge devices helps benefit the reliability of the network.
VMware is not designed for simple business requirements, the solution is focussed at the large Enterprise business market.
VMware SD-WAN is best for global Enterprise businesses with diverse application performance requirements. If you are an existing customer of VMware, you should add their solution to your SD-WAN vendor shortlist.
Evaluating Factor | VMware |
Gartner status: | Leader |
Best for: | Global application performance |
Reasons not to shortlist: | Lack of documentation and support. |
Stand-out features: | Zero-Touch Provisioning, High Availability configurations, Dynamic Multi-Path Optimisation, Integrated Security Features. |
Features: Application-Aware RoutingApp Path InsightsGlobal PoP NetworkCloud Vendor IntegrationMulticloud SupportApplication Control
Complex Routing with Analytics
Masergy (now part of Comcast Business) is well-known within the SD-WAN market for their Artificial Intelligence for IT Operations (AIOps), which was the first AI-integrated network optimisation tool for SD-WAN solutions.
Key Features and Differentiators: Masergy SD-WAN also provides implementation of cloud services, network optimisation, security integrations and singular unified control panel for managing the network.
I began my evaluation by considering the deployment of Masergy SD-WAN. The web-based interface, Masergy Intelligent Service Control Portal, provides an overall view of the network and Zero Touch provisioning for deployment.
The web interface walks through the essential configurations necessary for setting up the network, covering basic information such as site information and connection details.
After completing the wizard, the SD-WAN device could be deployed to site, automatically downloading the pre-configured settings from Masergy cloud. This minimised manual configuration and therefore improves the ability of Masergy SD-WAN to rapidly scale network size.
As network performance is a crucial factor for assessing SD-WAN solutions, I evaluated how Masergy SD-WAN handled crucial applications when under heavy volumes of traffic.
To do this, I navigated to the Quality of Service (QoS) settings within the Masergy Intelligent Service Control Panel. I then created a new rule, setting the application to Voice over Internet Protocol (VoIP) from the application list and the priority to high.
Following this I began introducing heavy traffic from video streaming services and file downloads to test if the VoIP call degraded. The ‘Analytics’ tab showed that the network policies had caused VoIP to be prioritised, with the data showing that there was no increase in latency or jitter.
The call continued to be crystal clear, indicating the ability for Masergy SD-WAN to effectively prevent degradation through prioritisation of crucial applications.
Due to Masergy AIOps being a core feature of the SD-WAN solution, I decided to test the AIOps virtual engineer. To do this I set up monitoring of all network security events such as intrusion attempts, unusual access patterns and traffic anomalies. I then attempted to access unauthorised areas within the network, simulating an intrusion attempt and monitored the results within the AIOps dashboard.
This quickly alerted me to the intrusion attempts and generated incident reports to let me know what had occurred in greater detail, showing that the attempt was from an unusual location. The AIOps virtual assistant also locked the user account I had tried to access, preventing any changes in tactic for breaching the network via this method.
In conclusion Masergy SD-WAN offers a reliable networking solution, with performance optimisations to handle heavy traffic, Zero Touch Provisioning for scalability, security integrations to protect data and an Artificial Intelligence virtual assistant to aid in network improvements and maintenance. Drawbacks revolve around loss of control due to service provider involvement, and a high price point.
Masergy is best for Global financial Enterprise businesses considering outsourcing their end to end SD-WAN.
Evaluating Factor | Masergy |
Gartner status: | Unranked |
Best for: | Global managed services. |
Reasons not to shortlist: | Masergy may come at a higher price-point than other SD-WAN vendors. |
Stand-out features: | AIOps, Real-Time Bandwidth modification, Zero Touch Provisioning, High Performance Global Network. |
Features: Zero Touch ProvisioningAIOpsMulticloud SupportFully Managed ServicesGlobal PoP Network
Global Fully Managed Service Provider SD-WAN
Versa are well-known within the SD-WAN market for their extensive security implementations with advanced networking capabilities.
Key Features and Differentiators: Security is offered by Versa through a single converged software layer, which makes Versa SD-WAN an excellent option for large-scale dynamic enterprise environments.
In this hands-on review, I looked to evaluate the capabilities of Versa SD-WAN and the best use case for the solution.
Initially I installed the Versa Operating System (VOS) for their SD-WAN solution, which contains Versa’s unified software stack, such as security and routing integrations.
VOS could be installed on any generic x86 networking appliance, which highlights that Versa SD-WAN is not tied to vendor hardware and allows greater flexibility and cost-efficiency for organisations by allowing existing hardware to be leveraged.
After installation, in order to test the solution, I needed to deploy some branch offices. To do this I logged into Versa Director, the centralised management platform and under the ‘Organisations’ tab selected the option to create a new branch, entering branch name, location and selected a pre-configured template.
This template included predefined settings for routing, security policies and Quality of Service (QoS) settings. As Versa SD-WAN supports Zero Touch Provisioning (ZTP), I entered the IP, model and serial numbers of branch devices and then started the automated setup and deployment process of these devices by connecting them to the internet. This reduced the amount of manual work required and overall complexity of scaling the network.
To test how Versa SD-WAN handled traffic prioritisation, I navigated to the ‘Application Steering’ section of the Versa Director interface and defined VoIP applications to have high priority.
After this I applied heavy traffic volumes to the network in order to gauge how Versa SD-WAN handled the influx of traffic and if this caused the VoIP application traffic to degrade through latency, jitter and packet loss.
Whilst streaming online videos and starting large file downloads, I monitored VoIP traffic through the analytics page of Versa Director. The monitoring view showed QoS metrics indicating that the latency, jitter and packet loss all remained within acceptable thresholds and this was reflected by the VoIP call sounding clear with no noticeable latency. This indicates the ability of Versa SD-WAN to adapt to network conditions and prioritise applications to fulfil QoS requirements.
Versa SD-WAN also integrates several security features into its solution, including Next-Generation Firewall (NGFW), anti-malware and Distributed Denial-of-Service (DDOS) protection. In order to test the effectiveness of Versa SD-WAN security, I introduced malware into the network to see how Versa SD-WAN responded.
Versa SD-WAN automatically detected the malware and I received an immediate alert on the Versa Director dashboard informing me of the detected malware.
The alert included details about the nature of the malware, its source and potentially affected network segments.
Versa SD-WAN also automatically applied traffic isolation measures, quarantining the infected segment, preventing the malware from affecting other areas of the network. This highlights that
Versa SD-WAN is very capable at detecting and nullifying potential threats on the network, therefore increasing the security of the network and, via the notification and automated response system, reduces the workload on network administrators to ensure network security.
In conclusion, my testing of Versa SD-WAN demonstrated the effectiveness of the Zero Touch Provisioning, application prioritisation and steering and overall security capabilities, providing network optimisations and simplifying deployment for a comprehensive SD-WAN solution.
Whilst the Zero Touch Provisioning does reduce the complexity of deployment, it should be noted that the user interface wasn’t the most intuitive and this made the solution complex to navigate and would likely affect the user experience for network administrators.
In my opinion, the best use case for Versa SD-WAN is for a Service Provider delivered SD-WAN with end-to-end SASE capability.
Evaluating Factor | Versa |
Gartner status: | Leader |
Best for: | Service Provider delivered SD-WAN and SASE |
Reasons not to shortlist: | Complex to navigate |
Stand-out features: | Unified SD-WAN and security software stack, Zero-Touch Provisioning, and high scalability. |
Features: Zero Touch ProvisioningMulticloud SupportSASE IntegrationApp Path Insights
Service Provider Delivered SD-WAN and SASE
Palo Alto Prisma SD-WAN is a Leader within the Gartner SD-WAN magic quadrant.
Key Features and Differentiators: Well-known for offering a unified SASE, advanced security and SD-WAN solution, Palo Alto Prisma provides an innovative way of managing networks, enabling security of complex enterprise and large-scale networks.
Palo Alto SD-WAN merges all of their SD-WAN management into Prisma Access, a central management interface for configuring network devices, performance settings and security capabilities.
In order to setup the network, I navigated to “deploy new device” and entered the device information such as location and model number. I then connected the physical SD-WAN devices to the internet and, upon powering up, each device automatically established a secure internet connect to Prisma Access cloud.
This access initiated the Zero Touch Provisioning (ZTP) process, where the device identifies itself with the Prisma Access management platform using its pre-registered details and automatically downloads the configuration settings specified within Prisma Access.
This process reduced the complex and time required to deploy the SD-WAN devices as the configuration was entirely automated and reduced the need for manual work, increasing the scalability of the overall network infrastructure.
Following deployment, I decided to test how Palo Alto Prisma SD-WAN handled traffic prioritisation for crucial business applications. As Prisma SD-WAN features an Artificial Intelligence (AI) feature for traffic management and so whilst setting up the Quality of Service (QoS) policies, I decided to enable AI insights in order for Prisma SD-WAN to make traffic management suggestions based on network load.
To test the capability of Prisma SD-WAN AI at managing network performance, I wanted to see how heavy volumes of traffic affected the quality of crucial applications such as Voice over Internet Protocol (VoIP).
After starting a call over VoIP, I then began streaming internet videos and downloading large files to increase network traffic load. Prisma SD-WAN AI noticed the increase in traffic in real-time and made suggestions via the dashboard to change routing decisions for VoIP applications.
These changes prevented the traffic from causing quality degradation in VoIP applications, minimising any increase in latency, jitter and packet loss. It should be noted that Prisma SD-WAN allows QoS policies to be manually created (and not just AI generated), whilst Forward Error Correction (FEC) and packet duplication functionality did also reduce the quantity of packets lost.
To evaluate Prisma SD-WAN real-time security functionalities, I navigated to the AI operations panel and activated predictive analytics and automated anomaly detection.
These integrations, combined with Next Generation Firewall (NGFW) and deep packet inspection allow Prisma’s artificial intelligence to detect threats across the network. I decided to test this by introducing a piece of malware into the network whilst monitoring Prisma Access.
The AI detected the malware and alerted me via the dashboard, giving me details such as the malware type, source and the potential threat that it posed to the network. Prisma SD-WAN also provided me with a recommended action plan for dealing with the threat, which provides the capability to rapidly respond to any network threats that may occur.
In conclusion, Palo Alto Prisma SD-WAN provides a comprehensive solution for Zero Touch Provisioning, routing critical applications, giving deep visibility into network operations and artificial intelligence-backed security capabilities.
It should be noted that Prisma SD-WAN does provide a potentially overwhelming amount of features and configuration options which may not be easy to manage for smaller teams with less dedicated knowledge of Prisma SD-WAN.
I would recommend Prisma SD-WAN for large enterprises with complex security and network performance requirements.
Evaluating Factor | Palo Alto |
Gartner status: | Leader |
Best for: | Large enterprises with complex security and network performance requirements. |
Reasons not to shortlist: | Potentially overwhelming for smaller organisations or those with simpler network needs. |
Stand-out features: | Advanced security, AI, Application Aware routing. |
Features: Application-Aware RoutingUnified SASEZero Touch ProvisioningStrong Cloud Management
Specific SASE Security Requirements
Barracuda SD-WAN, CloudGen WAN, is widely recognised within the SD-WAN market for their native integration with Microsoft’s Cloud solution Azure.
Key Features and Differentiators: Azure integration facilitates seamless operation and optimisation of network traffic between on-premises networks and Azure cloud services. Barracuda SD-WAN also offers integrations for CloudGen firewall and SecureEdge products, offering enhance security for the network. In this hands-on review, I evaluate the deployment, performance optimisations and security of Barracuda SD-WAN.
To begin deploying Barracuda SD-WAN, I accessed Barracuda Cloud control, the online portal for managing the network and set the configuration profiles using pre-defined templates. This allowed me to utilise the Zero Touch Provisioning (ZTP) capabilities of Barracuda SD-WAN as I could then plug in branch office hubs, which automatically communicated with Barracuda Cloud Control to download the latest firmware and configuration profiles.
The hubs could then be configured and managed remotely through the cloud control service for any further changes. This reduced the complexity of the deployment process by minimising the need for manual configuration (eliminating human error) and enabled the network infrastructure to be scalable.
Once deployed, I decided to test how Barracuda SD-WAN handled traffic prioritisation and whether performance degraded once high volumes of traffic were introduced. To do this, I monitored the performance of Voice over Internet Protocol (VoIP) application traffic.
Within the network settings I created a new Quality of Service (QoS) rule specifically for prioritising VoIP traffic and entered the application-signature, setting priority to high. After applying this QoS rule, I tested the network under heavy load by streaming online videos and starting large file downloads to create network traffic.
I then navigated to the Barracuda SD-WAN network traffic monitoring tool which shows both real-time and historical data about traffic flows, bandwidth usage and packet prioritisation. This indicated that the VoIP traffic was being prioritised and adequate bandwidth was being allocated to ensure that the latency, jitter and packet loss was minimised.
The clarity of the call didn’t decrease and this supported the statistics to show that Barracuda SD-WAN was capable of prioritising crucial applications, such as VoIP.
The Barracuda SD-WAN cloud control offers a unified platform for not only QoS and monitoring but also provides control over network security. Barracuda SD-WAN, with CloudGen Firewall, implements cloud-based threat intelligence, Intrusion Detection and Prevention Systems (IDPS), URL filtering and anti-malware functionality.
To test the security response capability of Barracuda SD-WAN, I introduced malware into the network in order to see how Barracuda SD-WAN dealt with the threat.
This caused the real-time threat detection from Barracuda firewall to identify the malware, immediately quarantining the software and alerting me through the control dashboard about the threat, its origin and the recommended actions to take to fully remove the threat.
This shows that Barracuda SD-WAN is capable of ensuring network security whilst also reducing the workload for network administrators by providing them with threat notifications in real-time and allowing for a rapid response.
In conclusion, Barracuda SD-WAN is capable of Zero Touch Provisioning, managing critical application (such as VoIP) prioritisation, implementing security measures and providing a seamless integration with Microsoft Azure cloud.
It should be noted that, although Barracuda SD-WAN improves integrations with Azure, this focus means that Barracuda SD-WAN limits usage of other cloud providers and therefore reduces applicability for leveraging multi-cloud network architectures.
It is recommended that Barracuda SD-WAN is used for Azure-focused enterprises, or businesses looking for an outsourced managed SD-WAN solution.
Evaluating Factor | Barracuda |
Gartner status: | Niche player |
Best for: | Azure-focused enterprises |
Reasons not to shortlist: | Limitations for non-Azure cloud integrations |
Stand-out features: | Zero Touch Provisioning, CloudGen, Firewall Integration, Azure-cloud integration |
Features: Zero Touch ProvisioningAzure Cloud-NativeStrong Cloud ManagementApp Path Insights
Microsoft Azure Cloud-Focused SD-WAN
Aspect |
|
|
|
|
|
---|---|---|---|---|---|
SASE Integration | Integrates with Cisco Umbrella for cloud-delivered security services. | Unified SASE services with managed firewall, secure web gateway, and secure remote access. | FortiSASE offers networking and security functionalities in a unified platform. | Seamless integration with Cisco's SASE technologies for a unified network and security platform. | SD-WAN capabilities integrated with WAN backbone and cloud-based security services. |
SD-WAN Architecture | Abstracted architecture with control and forwarding plane separation across network resources. Includes Cisco vEdge and XE SD-WAN routers. | FlexCore global Layer 2/3 backbone network, offering tiered performance and availability. | Scalable, redundant design with multiple transport options including MPLS and broadband. | Cloud-based management with hub-and-spoke topology, utilising Meraki MX appliances. | Cloud-native software stack minimising edge-compute requirements, global private backbone. |
Technology Management | Managed via Cisco vManage for centralised control, supporting REST and NETCONF communication. | MyAryaka portal for intuitive, intent-based forwarding rules and policy definition. | Centralised management console for streamlined configuration and management. | Cisco Meraki dashboard for granular control over SD-WAN infrastructure in a cloud-native environment. | Cloud-based application for single-pane-of-glass management of networking and security infrastructure. |
Core Network | Global scale operation with cloud-based network connectivity management, flexible architecture. | Secure PoPs with integrated WAN acceleration and optimisation, sub-30ms latency to major business areas. | Security-driven network approach, designed for cloud-first and hybrid workforces. | Engineered for cloud-first enterprises, blending SD-WAN functionality with security features. | Global private backbone designed to replace MPLS, optimising cloud application access. |
Differentiators | Advanced routing capabilities, global support network, integration with Cisco's security portfolio. | Global FlexCore network, sophisticated end-to-end application and network optimisation technology. | Specialised hardware for performance optimisation, self-healing capabilities, application identification. | Cloud-centric management, user-friendly dashboard, integration with Cisco's security portfolio. | Integrated SD-WAN and security solution with a global backbone, cloud-based security services. |
Aspect |
|
|
|
|
|
---|---|---|---|---|---|
SASE Integration | VMware SASE integration for cloud-native network security and connectivity. | Aligns with Gartner’s SASE model, offering tiered security options including next-gen cloud firewalls. | Versa SASE integration for continuous security across multiple access points. | Centralised management of network security policies, traffic segmentation, and built-in encryption. | Integrates next-generation firewall capabilities for comprehensive threat protection. |
SD-WAN Architecture | Cloud-native architecture supporting edge computing, AI integration for simplified operations. | Flexibility in network connectivity with options for public, private, and 5G wireless access. | Single software platform offering multi-layered security and multi-cloud connectivity. | Cloud and virtual machine setups on universal customer premises equipment. | Combines advanced VPN routing, balancing, and shaping features for optimised performance. |
Technology Management | Cloud-native platform with AI for IT operations (AIOps) capabilities for proactive network management. | Masergy’s management portal offers a single-pane-of-glass view into network and cloud application delivery. | AI/ML integration for a self-managing, self-healing, and predictive networking solution. | Assists with planning of SD-WAN configuration, including branch and hub communications. | Zero-touch deployment for SecureEdge site devices, requiring no local expertise for setup. |
Core Network | Part of VMware SASE offering, with expanded PoPs for better cloud connectivity. | Direct connections to the cloud with 100% service availability SLA, secure access to cloud applications. | Carrier-class, flexible, agile, and innovative approach in the NFV market. | Improved reliability, better performance, and enhanced security for IoT integration. | Ensures fast, always-on access to business-critical applications on-premises and in the cloud. |
Differentiators | Cloud-native design, expansive global PoP network, enhanced performance for voice and video applications. | 24/7 monitoring, software-defined network for enhanced reliability, AI-powered analytics. | Flexibility to scale network resources, multi-tenancy, unified network management. | Prisma Access integration for a unified security posture, AI/ML-driven operations for predictive analytics. | CloudGen WAN integration for optimised cloud application performance, automated threat protection. |
We've listed the most popular SD WAN & Cybersecurity features which are requested by the majority of IT decision makers.
Consider your features based on what you already know. Global private backbone services are often considered by companies that currently use MPLS. In contrast, public gateways offer the ability to leverage multiple Internet providers to achieve the best possible global performance. If you're a national business, there is no need to select private or global as the benefits are not required.
Netify has researched the price points across vendors and service providers. In some instances, a key driver may be to save costs as a primary goal.
The number of sites and users will factor into your shortlist. For example, a larger Enterprise business will typically engage with different vendors and providers vs SME businesses.
Please review the information below and complete the form to finish the assessment.
Once you submit your details, each of the 3 vendors will reach out to you within 48 hours. Your results will be displayed once you have completed your details.
* Required field
Based on your selections, here are the companies that match your needs. Please check your mail over the next 24 hours - you will receive an introductory email from the vendors or providers listed below.
Unfortunately our system couldn't find an exact match but that doesn't mean there isn't a solution for you!
This assessment compares companies in our marketplace with everything you selected but the best way to find a solution is to connect with a Netify agent. We'll work directly with you to find a company which can fulfill your needs.
Based on your selections, here are the companies that match your needs. If you have questions, request to talk to a Netify employee using the button below.
Connect with us and we'll help you compare the market to find the perfect solution.
Netify is the first marketplace with a focus on SD WAN & SASE Cybersecurity. We employ researchers to list Gartner leaders, niche players and startups across WAN and security. The Netify advisory is available for free to help make sense of the decision making process by offering vendor briefings and tools to help your business find the right solution fit.
Unfortunately our system couldn't find an exact match but that doesn't mean there isn't a solution for you!
This assessment compares companies in our marketplace with everything you selected but the best way to find a solution is to connect with a Netify agent. We'll work directly with you to find a company which can fulfill your needs.
Fill out the form below and an expert will reach out to you within the next business day to develop a plan for your business.
There are several market leaders, which have been recognised by the Gartner 2024 Magic Quadrant. Fortinet, VMware, Cisco, HPE, Versa and Palo Alto are all 2024 SD-WAN leaders.
Yes, in 2024 SD-WAN remains relevant. However, the general view is that SD-WAN will become another component of the Gartner SASE (Secure Access Service Edge) framework.
In 2024, SD-WAN is evolving significantly with trends such as the integration of AI for optimising AI delivery and network management, the rise of SD-WAN as a service within the broader Network-as-a-Service (NaaS) offerings, and the merging of SD-WAN with secure remote access, particularly in the context of Secure Access Service Edge (SASE). In addition, the use of Wireless WAN (WWAN) within SD-WAN, especially leveraging 4G and 5G services, is expected to increase substantially. The advent of quantum computing, securing communications in the post-quantum era is a growing challenge, where Quantum Key Distribution (QKD) are becoming necessary to secure private communication channels.
SD-WAN is regarded as a key technology for future network management due to adaptability and integration with emerging technologies like AI, cloud computing, and 5G. SD-WAN offers the capability to streamline network operations, optimise AI delivery, and support complex business requirements positions SD-WAN as a forward-looking solution.
Next-generation SD-WAN is an advanced evolution of traditional SD-WAN, integrating modern technologies like AI, ML, and automation to offer improved network performance, increased security, and simplified network management.