Prisma SD-WAN vs PAN-OS SDWAN ... Focused on SASE
Prisma SD-WAN vs PAN-OS SDWAN ... Focused on SASE
Hi good afternoon, as always, thanks for the time to answer and the good vibes. Today there is some confusion regarding these different variables, whether to use Prisma SD-WAN i.e. CloudGenix ION, to put together a sd-wan based network and/or to use PAN-OS SD-WAN.
Thinking about an environment with 30 branches, some sites with 2 links, the most critical ones, others with only one, that have Palo Alto FWs, connected by IPSEC currently to the Central HQ site and another 5 or 6 sites, with non Palo Alto FWs ( Standard IPSEC connection ) and a couple of edge routers in branches, with IPSEC. NO PANORAMA.
Now thinking about the above scenario, which is more convenient to use PAN-OS SDWAN to put together the SDWAN architecture, thinking about adding the SDWAN subscription, it is not obligation, although they say so, if it makes everything more friendly and practical, but PANORAMA is not obligation or use Prisma-SDWAN with ION Cloudgenix ?
With PAN-OS SDWAN, I have firewall with full coverage, while with cloudgenix I only have a device that its purpose is sd-wan connectivity but not security, as a firewall gives me.
On the other hand, as the title indicates, thinking about the approach of jumping on the "SASE" bandwagon, and in the future... having the VPN Global Protect connections in Prisma Access, but currently they are in the PA, or HA pair in the Central site, what would be the best planning strategy because or which products/subscriptions/services do you target, according to the environment and infra before commented ? With Prima access/Prisma SD-WAN can I integrate FWs, routers or third party devices with IPSEC and integrate them to the SDWAN architecture?
Thanks as always for the good vibes, collaboration and for the time.
Best regards
Panorama is required for PAN-OS SD-WAN. That is because the config is done there, and pushed out to the firewalls.
Cloudgenix (Prisma SASE) is not just SD-WAN, it is security too and has App-ID. Perhaps not as much security as a PAN-OS firewall. It does not require or use Panorama because it has its own cloud console. Sorry I don't have much experience with it to comment more, I only took a training.