Log In
vendor-logo

Palo Alto SD WAN Comparison, Review, Use Cases, News, Pros & Cons

Schedule a Zoom demo
Local sales contact
Request contact

All the tools you need to compare SD WAN vendors. Here's how to start using them now.

  • Use the quick assessment tool and find your perfect SD WAN match
  • View the Marketplace and read extensive research across 30+ solutions
  • Book a Zoom call with an advisor

Learn more about the SD WAN Marketplace, quick assessment and free advisory.

Get everything you need →

Focus

Proposition Focus

10%
30%
30%
30%
Managed Services
SASE Security
Management Portal
SD WAN

Cloud Focus

33.33%
33.33%
33.33%
AWS
Azure
Google Cloud

Other Focus

40%
40%
20%
Remote users
Simplicity
Complex Requirements

Summary

Analyst: Thomas Stroude Contact: tstroude@netify.co.uk 

If you have questions about Palo Alto and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com 

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

Categories: 

  • SD WAN 
  • SASE

Sub-categories:

  • SD WAN Vendor 
  • SASE Vendor 

Pros:

  • Palo Alto offer next generation SD WAN and SASE, designed to replace legacy architectures with simplified and fully cloud-integrated alternatives.
     
  • Offer a strong security product portfolio, including next generation SASE, 5G Security, Cloud Native Security, Okyo Garde which is Palo Alto’s home and small business security device and various network security features. 

Cons:

  • Poor option for industry verticals such as retail, due to limited capabilities in simple all-in-one form factors.
     
  • Do not offer a specific WAN optimisation or application acceleration service. 

Netify Review:

Palo Alto Networks are a good option for large global enterprises looking for a solution with integrated SD WAN and SASE and strong cloud capabilities. The solution leverages machine learning to simplify network operations, removing the need for manual control. 

Further, the company are a good option for those looking for strong access to cloud vendors such as AWS, Azure and Google Cloud. However, caution may be taken as Palo Alto do not offer WAN acceleration and optimisation - client’s looking for these services may need to look elsewhere. 

Contents:

  • About Palo Alto
  • What is the Palo Alto SD WAN Solution?
    • Configuration-Based Key Features
    • Security-Based Key Features
    • Performance-Based Key Features
  • What is the Palo Alto SASE Security Solution?
  • How does Palo Alto Access Cloud Vendors?
  • Does Palo Alto Offer WAN Acceleration and Optimisation?
  • How Does Palo Alto Support Remote Users?
  • Which Connectivity Underlay Services are Supported?
  • Do Palo Alto Manage and Support SD WAN Underlay?
  • What is the Palo Alto Managed, Co-managed and DIY Services Solution?
  • What Reporting and Management is Available via the Palo Alto Portal?
  • What is the Palo Alto SLA?
  • Which Service Providers do Palo Alto Support? 
  • Additional Notes

About Palo Alto:

Palo Alto Networks acquired CloudGenix (a software company founded in 2013) in 2020.  Now, the company is headquartered in San Jose, California, North America and offers SD WAN and SASE solutions. The company were awarded “Customer’s Choice” in the 2021 ‘Voice of the Customer’: WAN Edge Infrastructure by Gartner Peer Insights. Palo Alto’s SASE solution is used by over 2500 enterprises globally. As of 20th July 2021, Palo Alto partnered with Google Cloud to provide native threat detection for virtual private clouds through Cloud IDS, a joint network threat detection service. Their Unit 42 team leverages over 200 threat researchers as part of their threat intelligence support to enhance their products and provide services in the case of advanced attacks. 

What is the Palo Alto SD WAN Solution?

Palo Alto deliver ‘next generation’ Prisma SD WAN, delivering and connecting all branch services from the cloud. The aim is to replace legacy SD WAN platforms with Palo Alto SD WAN which uses machine learning to simplify overall network operations by eliminating 99% of trouble tickets. 

Configuration-Based Key Features:

  • Cloud-Delivered Branch: All branch services are delivered from the cloud, including security, networking, voice and more. This simplifies WAN management, as all applications are integrated even in different locations.
     
  • Application-Defined: SLAs are delivered for all applications including Cloud, SaaS and UCaaS.
     
  • Application Visibility: Includes Layer-7 intelligence that enables simpler traffic engineering and network policy creation. 

Security-Based Key Features:

  • See the CloudGenix SASE security solution here. 

 

Performance-Based Key Features:

  • Router Modernisation: Legacy routers can be upgraded to lightweight branch appliances, with zero-touch provisioning to improve branch deployment services.
     
  • Autonomous Network Operations: Prisma SD WAN leverages artificial intelligence of IT operations (AIOps) and machine learning with data science methodologies to automate problem avoidance and simplify network operations

What is the Palo Alto SASE Security Solution?

The Prisma Access SASE security solution is designed to replace legacy SASE architectures. The security solution converges next generation SASE and next generation SD WAN into one cloud-delivered platform, securing applications used by workforce users in the branch office, remote or from home. Multiple security products are combined into one integrated service to reduce complexity whilst increasing agility. 

SASE Features: 

  • Firewall as a Service (FWaaS): Delivered as a cloud-based service, FWaaS provides next generation firewall (NGFW) capabilities and hyper scale, with security features such as advanced threat protection (ATP), intrusion prevention system (IDS), domain name system (DNS) and web filtering.
     
  • Cloud Secure Web Gateway (SWG): Deployed from the cloud, SWG enables web security for any authorised device, which could be used in a remote location. Performs malicious content inspection, URL filtering, web visibility and web access controls.
     
  • Zero Trust Network Access (ZTNA): Provides secure access to services and applications based on pre-set access control policies.
     
  • Integrated Cloud Access Security Broker (CASB): Cloud-based, integrated CASB does not require a broker, as it is easily deployed due to it being integrated into an existing security stack. It is designed to protect sensitive data which is being transported between company networks, users and SaaS providers. It monitors and manages user behaviour to minimise shadow IT risks, whilst securing applications, data and users on-premises and in remote locations and the cloud. 

How does Palo Alto Access Cloud Vendors?

The Prisma Cloud Security platform offers comprehensive cloud security, which extends to AWS, Azure and Google Cloud. Palo Alto are an AWS partner, offering VM Series Cloud Migration, SD WAN Connectivity to AWS and hybrid cloud. They are a Microsoft Azure Gold partner in Application Development and Cloud Platform, and a Silver partner in Security. They also partner with Google Cloud and offer Managed Cloud Security through a partnership with Telus.

Cloud Access Features: 

  • Cloud Security and Posture Management: Maintains compliance across public clouds whilst monitoring posture and detecting and responding to threats.
     
  • Cloud Infrastructure Entitlement Management: Secures identities and enforces permissions across workloads and cloud resources.
     
  • DevSecOps: Integrates security with developer tools whilst securing configuration and scan codes.
     
  • Cloud Workload Protection: Secures serverless functions, hosts and containers across the application lifecycle.
     
  • Cloud Network Security: Enforces micro-segmentation and secure trust boundaries and provides network visibility.

Does Palo Alto offer WAN Acceleration and Optimisation?

Palo Alto do not provide WAN optimisation or acceleration. However, quality of service (QoS) and application routing services are available to improve performance. 

How does Palo Alto support Remote Users?

Users that work from home are supported via Palo Alto’s Okyo Garde appliance. The device is available to both Enterprise as well as Home and Small business. The Enterprise edition provides teleworking staff with an easy-to-use and secure extension of the corporate network. The device uses Zero Trust access and multi-layered protection to deliver enterprise grade security to corporate devices on the home network. The lack of network isolation at an employee’s home and the inability to configure VPN or agents to some corporate devices means that the home environment becomes a significant hazard as the enterprise network becomes vulnerable to cyberattack or loss of sensitive data if an employee’s network is inadequately secured. Okyo Garde offers high performance corporate segments through the use of a mesh-enabled Wi-Fi 6 system and multi layer protection for all corporate devices on the network whilst being orchestrated through a single pane of glass. The home network becomes integrated with Prisma Access to provide SASE security without the need for a datacenter and a minimal deployment time to allow remote workers and IT administrators to attend to other tasks. An employee using the Okyo Garde enterprise edition is also able to set up an optional subscription to secure their own personal home network at no additional cost. 

Which connectivity Underlay Services are Supported?

Palo Alto’s solution supports DIA, MPLS and LTE connectivity underlay services.

Do Palo Alto Manage and Support SD WAN Underlay?

As a vendor, Palo Alto do not manage or support SD WAN underlay. However, these services may be available via one of their service provider partners (see, Which service providers do Palo Alto support?). 

What is the Palo Alto Managed, Co-managed and DIY Services Solution? 

Palo Alto is available as a managed service through qualified managed security service providers (MSSP). 

What Reporting and Management is Available Via the Palo Alto Portal?

Palo Alto offer customers access to their Customer Support Portal, where assets and support cases can be registered and managed, questions can be answered and the Live Community can be accessed.

What is the Palo Alto Networks SLA?

Below is a table displaying the main focus points of the Palo Alto Networks Service Level Agreement (SLA). 

Support Plans and Services offered: 

 

Platinum 

Premium 

Standard 

Online support 

Yes - 24x7x365

Yes - 24x7x366

Yes - 24x7x367

Telephone support 

Yes - 24x7x365

Yes - 24x7x365

No

Response Times 

Platinum 

Premium 

Standard 

Severity 1 - Critical 

Product is down, critically affects customer environment. No workaround available. 

≤ 15 minutes 

≤ 1 hour

≤ 2 hours 

Severity 2 - High

Product is impaired, customer production not affected. Support is aware of the issue and a workaround is available. 

≤ 30 minutes

≤ 2 hours

≤ 4 hours 

Severity 3 - Medium 

A Product function has failed, customer production not affected. Support is aware of the issue and a workaround is available.

≤ 2 hours 

≤ 4 hours 

≤ 12 hours 

Severity 4 - Low 

Non-critical issue. Does not impact customer business. Feature, information, documentation, how-to and enhancement requests from customer. 

≤ 4 hours 

≤ 8 Business hours 

≤ 48 hours

Additional Services 

Platinum 

Premium 

Standard 

Premium United States Government (“USG”) Support

N/A

Yes, if eligible 

N/A

Security Assurance 

Yes, if eligible 

Yes, if eligible 

N/A

Expert Assistance 

Yes, if eligible 

N/A

N/A

Focused Services including Plus and Elite tiers

Optional, if eligible 

Optional, if eligible 

N/A

Hardware RMA

4-hr Premium or 4-hr Platinum 

Premium or Platinum 

Standard 

Advance Replacement Service: 4-Hour Replacement (available only for Hardware located within a specified range of Palo Alto Networks service locations)

Yes, if eligible 

No

No

Advance Replacement Service: Next Business Day Service

N/A

Yes

No

Return and Repair 

N/A

N/A

Yes

Palo Alto End User Support Agreement. (Palo Alto, 2020.) See more at: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-global-customer-support-services-terms-and-conditions-eusa.pdf

Customer Success Plans and Services Offered: 

 

Premium 

Standard 

Online support 

Yes - 24x7x366

Yes - 24x7x367

Telephone support 

Yes - 24x7x365

No

Response Times 

Premium 

Standard 

Severity 1 - Critical 

Product is down, critically affects customer production environment. No workaround available yet. 

≤ 1 hour

≤ 2 hours 

Severity 2 - High

Product is impaired, customer production up, but impacted. No workaround available yet. 

≤ 2 hours 

≤ 4 hours 

Severity 3 - Medium 

A Product function has failed, customer production not affected. Support is aware of the issue and a workaround is available. 

≤ 4 hours 

≤ 12 hours 

Severity 4 - Low 

Non-critical issue. Does not impact customer business. Feature, information, documentation, how-to and enhancement requests from customer. 

≤ 8 Business hours

≤ 48 hours

Self-help guidance:

  • Online access to quick-start guides, best practices and training materials (pdf and video).
  • Online access to knowledge base and Support Portal.

Yes

Yes

Customer Success Team assistance:

  • Onboarding oversight.
  • Best practice guidance. 
  • Operational excellence reviews. 
  • Personalised training. 

Optional, if eligible 

No

Additional Services 

Premium 

Standard

Premium United States Government (“USG”) Success

Yes, if eligible 

No

Focused Services including Plus and Elite tiers

Optional, if eligible 

No

Hardware RMA

Premium or Platinum 

Standard

Advance Replacement Service: 4-Hour Replacement (available only for hardware located within a specified range of Palo Alto Networks service locations)

No

No

Advance Replacement Service: Next Business Day Service

Yes

No

Return and Repair 

N/A

Yes

Palo Alto End User Support Agreement. (Palo Alto, 2020.) See more at: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-global-customer-support-services-terms-and-conditions-eusa.pdf

Which Service Providers do Palo Alto Support? 

The following is a list of Palo Alto service providers:

  • BT
  • NTT Global 
  • Orange Cyberdefense 
  • Lumen 
  • Optiv
  • Trustwave 
  • On2it
  • Lightstream
  • Presido
  • Critical Start
  • Telefonica Tech 

Which Palo Alto partners provide SD WAN services?

List of Palo Alto Partners:

  • Abnormal Security
  • AbuseIPDB
  • Acalvio
  • AccessData an Exterro company
  • ActiveMQ
  • Agari
  • Akamai
  • Alexa
  • AlgoSec
  • AlphaSOC
  • Altipeak Security
  • Analyst1
  • Anomali
  • ANY.RUN
  • APIVoid
  • Aria
  • Arista
  • Armis
  • Aruba
  • AT&T Cybersecurity
  • Atlassian
  • Attack IQ
  • Attivo Networks
  • Authentic8
  • Awake Security
  • Axonius
  • BackBox
  • Bambenek Consulting
  • Bastille Networks
  • BeyondTrust
  • BigFix
  • BitcoinAbuse
  • BitSight
  • BlockList DE
  • BlueCat
  • Blueliv
  • bmc helix
  • Box
  • C2SEC
  • Censys
  • Centreon
  • CheckPhish
  • Cherwell
  • CIRCL
  • CircleCI
  • Claroty
  • Cloudflare
  • Code42
  • Cofense
  • Cognni
  • Commscope
  • Concentric
  • Confluera
  • Coralogix
  • CounterCraft
  • Cradlepoint
  • Cuckoo
  • CVE
  • Cyber Observer
  • Cyber Triage
  • CyberArk
  • Cybereason
  • Cyberint
  • Cyberpion
  • Cybersixgill
  • CyCraft
  • Cyjax
  • Cylance
  • Cymptom
  • Cymulate
  • Cyren
  • Cyware
  • Darktrace
  • Deep Instinct
  • DeHashed
  • Devo
  • Digital Defense
  • Digital Guardian
  • Digital Shadows
  • dnstwist
  • DomainTools
  • Druva
  • Elastic
  • Endace
  • Ericom
  • Exabeam
  • ExtraHop
  • F5
  • Farsight Security
  • Fidelis
  • Field Effect
  • FireEye
  • Flashpoint
  • Forescout
  • Gamma
  • Genians
  • Google Chronicle
  • GreatHorn
  • GreyNoise
  • Group-IB
  • Gurucul
  • HashiCorp
  • Hatching
  • Humio
  • HYAS
  • IBM
  • iLert
  • Illusive Networks
  • Indeni
  • Infinipoint
  • Infoblox
  • Infocyte
  • Intel471
  • Intezer
  • IPQualityScore
  • IronNet
  • Ironscales
  • KeySight
  • Linkshadow
  • LogPoint
  • LogRhythm
  • Logz.io
  • Malwarebytes
  • McAfee
  • Menlo Security
  • Micro Focus
  • Microsoft Active Directory
  • mnemonic
  • MobileIron
  • Niagara Networks
  • Nozomi Networks
  • Nvidia
  • Pentera
  • Perception Point
  • PolySwarm
  • Proofpoint
  • QA Cafe
  • Qualys
  • Quantum Security Systems
  • Query.ai
  • Rapid7
  • Recorded Future
  • Red Hat
  • ReversingLabs
  • RiskIQ
  • RiskSense
  • RSA
  • RST Cloud
  • Rubrik
  • Saasyan
  • SafeBreach
  • SailPoint
  • SCADAfence CNM
  • SecBI
  • SecurityAdvisor
  • Securonix
  • Sepio
  • ServiceNow
  • Silverfort
  • Siscale
  • Slack
  • Splunk
  • SSL Blacklist (SSLBL), by Abuse
  • Sumo Logic
  • Swivel Secure
  • Symantec
  • Tanium
  • Tenable
  • Thales
  • ThreatQ
  • Thycotic
  • Titaniam
  • Trend Micro
  • TruSTAR
  • Twinwave
  • UBIRCH GmbH
  • Uptycs Inc
  • Vectra
  • Venafi
  • VMware
  • VMware Carbon Black
  • WootCloud
  • Workday
  • XM Cyber
  • XMatters
  • Zendesk
  • ZeroFox
  • Zimperium
  • Zoom
  • ZPE

List of Palo Alto Integrators:

  • Accenture
  • NTT Global 
  • Deloitte
  • IBM 

Comparisons

Current Vendor
Palo Alto

Add to Compare

Additional Vendors

Add to Compare

VeloCloud

Add to Compare

Aryaka

Add to Compare

Palo Alto

Once you have submitted, Netify will use your IP location to put you in touch with your local Palo Alto vendor contact.

Once you have submitted, Palo Alto will be in contact to provide availability. Your data will not be shared outside of Palo Alto and you will not be added to any mailing lists.

Please provide the following details:

Compare Vendors
Compare
Remove All