Cisco SD-WAN Room for Improvement

Eliot Robinson
Executive Vice President Operations and IT at Sterling National Bank

I think that the SD-WAN had everything that my client was interested in in our first experience with it. I think that some of the solutions now are being integrated with other services. As an example, Fortinet has a product called FortiGuard. Included in the FortiGuard product is an SD-WAN. So some of these products are expanding capabilities so that they have more to offer in a single product.  

That would be a nice thing for Cisco. They could provide you your firewall and your SD-WAN solution together. Some people like that approach of nesting products or bundling because they have fewer vendors to deal with and immediate integration.  

I am sure as time goes on that the threat landscape will continue to change all the time. What was good encryption five years ago may not be such great encryption today. Because of that, I am sure that you have to constantly be looking at the threat landscape to see if you need to change anything. I do not know if I am close enough to that cutting edge of the problem to answer the question as to what Cisco's solution really needs. All I know is that my client is very happy with what they have got in the way of savings and functionality. That does not mean that there are not some other things that they would like to see. I just do not know what they are.  

There are a number of large companies that have bought out various SD-WAN vendors. If you looked at VMware, you will find that they also have an SD-WAN that they bought. There are several other companies that have bought SD-WAN services because the technology is so good and the cost benefit is so great that it is worthwhile for almost any company to implement it. They get the advantage of performance and the benefit that these systems never go down.  

As an example, one time locally there was an incident where two providers, CenturyLink and Level 3, went down at the same time. If you had CenturyLink and Level 3, your connection to the internet would have gone down for six or seven hours or whatever the overlap of those outages was. That would be an extreme case. There is another local ISP service called Cox, if you had CenturyLink and Cox, Cox did not go down. In that case, you would continue using your internet or your connections to your branches without ever experiencing an outage and it would just go through Cox. The reason is that Cox's infrastructure, their central office, their wiring, their co-ax cables, or fiber are completely separate from what CenturyLink uses. CenturyLink has got a completely separate central office and completely separate wire. So the chances of those two entities going down exactly at the same time is something that just never happens.  

View full review »
Malith Chandrasekara
Head of Enterprise Business at a tech services company with 201-500 employees

One of the major areas that Cisco can improve on with their SD-WAN offering is their security features. When compared with Fortinet, who have what they call their 'security pillars' (e.g. firewall and security features built-in to their SD-WAN solutions), Cisco generally comes up short. With Cisco, if you need a security component, you have to pay more to get it done. So if they could add more security features that come part and parcel with their existing solutions, then I think Cisco could be very aggressive in the market.

Essentially, they have to incorporate different security features on top of their SD-WAN box. At the end of the day, I should be able to give one single box to the customer which includes SD-WAN and all the necessary features such as security.

When it comes to IoT edges, they could possibly incorporate their SD-WAN features into the LAN side together with Cisco's DNA networking, just as Aruba is doing with their ESP solution. If Cisco could come up with a similar solution to that, then I think they will have the upper hand in the market compared to their competitors' brands. They have to come to a point where they can better integrate WAN and LAN into one single platform.

Regarding the data center sites, when we're talking about software-defined networking, Cisco has the SD-WAN segment, software-defined access for the LAN segment, and application-centric infrastructure for their data center segment, and they have to combine all three segments into one platform. Just like how the other guys are doing it. Again, if they can accomplish this, then technically they have a fair share in the market.

Otherwise, Cisco could also integrate more features on the cloud side of things, like with SD-WAN in the cloud, or SD-WAN in AWS, some of which I believe they have implemented already.

Beyond that, I can't say too much about what I'd like to see when it comes to new features because almost every day I've seen Cisco add more features to their SD-WAN and SD-LAN portfolios. At the rate they're going, it could be only a few months before they add the security features I've mentioned. So from my perspective, I think they're doing okay.

Finally, in terms of stability, there could be some improvement. In my experience with our current project, there have been some instances where stability has been an issue. But I can't speak for everyone here; other partners who have completed more projects may disagree and this is only my own observations so far.

View full review »
Pre-sales consultant at a tech services company with 10,001+ employees

The product is not a cheap solution and could be improved by lowering the cost. Most customers who do not buy Cisco give their primary reason as cost. If the cost was reduced then I think we'd be able to sell more. Vendor log in could also be improved. There are a lot of solutions on the market now that are open solutions, meaning boxless solutions. You don't really need to buy the box that Cisco provides. You can upgrade to SD-WAN using the open solutions. Cisco could provide a full mobile solution but I don't think they'll do that because selling their hardware on top of the software is their bread and butter, .

Before SD-WAN came in they provided quite a few features. For example, a lot of customers were using Cisco's router and voice gateway which has not been available since the launch of SD-WAN. They are still working on restoring it. It's one of the key issues with the Cisco SD-WAN solution that would be a good additional feature. Whatever features were supported before are not supported in the SD-WAN solution now. If they could incorporate all those features for customers that would be a big improvement. 

View full review »
Learn what your peers think about Cisco SD-WAN. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,151 professionals have used our research since 2012.
Solution Director at a comms service provider with 10,001+ employees

The client portal needs to be improved in order to make the solution much better.

The service care area of the solution needs improvement. That is to say, the ability to have a simplified management system is a key success factor. 

If you could have the ability to raise an SD-WAN capability just by activating a kind of license, it would great. We have too much hardware deployment needed right now. 

In the future, if the solution could make it so that there is nothing to deploy beyond a license and some firmware, it would be great.

View full review »
Network Operations Manager at a tech services company with 1,001-5,000 employees

The bandwidth limitations would be good to remove, but it is a policy and license situation for Cisco because the cost is very high. 

It would be good to have OTP implemented with VRF. It can have support for EIGRP Over the Top (OTP) VRF. I saw some limitations in regards to the VRF protocol and the advertisement between VRF configuration. EIGRP Over the Top basically was quite limited with the VRF configuration. If you wanted to do rollback in VRF by using the EIGRP OTP protocol, the formation was not populated across. Cisco got back and confirmed that it is a configuration that I need to wait for until the next release, which is going to happen in one year. 

Cisco documentation is not the way it used to be before. It just gives an easy way to configure, but it doesn't go into the details of the configuration. The information that you need is there, but sometimes you want to go further and get more information, but the information is quite limited. It would be good to cover a few business cases or configuration cases. They used to be there in the past.

View full review »
Head of Network Service, Information's Communications Technologies and Development at a transportation company with 1,001-5,000 employees

The solution basically does exactly what we need it to do. I can't recall finding a feature that was lacking for our purposes. We aren't actually using many of the features in general.

The solution could be a bit cheaper.

View full review »
Salvador Penalva
Telecom and Collaboration Manager at a construction company with 501-1,000 employees

When you buy the equipment, they should already put it into your cloud account. It should already be set up so that we can manage with vBond. We came across an issue where it wasn't resolved in the DNS.

We are using Umbrella, so we need to create a VPN IPSec tunnel to Umbrella to enable the users to browse. I would really like to see an internal built-in firewall so that we don't have to go to Umbrella. This functionality might already be there. We are quite new to this solution, and we are still learning about it. 

View full review »
System Engineer at a tech services company with 1-10 employees

The whole solution needs to be re-imagined. It's quite complex right now and really needs to be simplified to make it easier for those of us using it. It should offer more simplified management as well.

The solution is expensive. They should adjust their pricing to make it more competitive.

View full review »
Products & Solutions Manager at a comms service provider with 10,001+ employees

Its license model needs to be improved. They always make the license model too complex. There are too many license models and too many options. They should have a flexible license model.

They can improve a lot of things in terms of scalability, templates, and automation, mainly automation for onboarding a number of sites.

If you want some new features, it can take quite a long time. If you want a feature and it is not yet developed, you need to have the support of the business units to have the feature developed. If the feature is not on their roadmap, it can take quite some time before you get the feature.

View full review »
Arturo Sierra
Senior Engineer at Totalplay

For the most part, we don't really see any features that are lacking.

The actual configuration could use some work. The solution could add in some more automation elements to help with the process.

The solution needs to be more flexible around legacy devices.

The security should be improved on the solution. They need to make everything more secure.

Scalability could be easier to achieve if a company needs to expand.

The product could improve its pricing. They are very expensive.

View full review »
Pre-sales Engineer at a tech services company with 501-1,000 employees

Cisco products are a little bit complicated, so making them a little bit easier would be an improvement. The installation is easy but having many components, and the integration with other components, is a little bit complex compared to other products and other vendors.

View full review »
Solution Architect at a tech services company with 51-200 employees

This solution has a built-in firewall that handles URL filtering and functionality, but you have to buy other cisco services like, Umbrella. Some of the customers would rather just use Fortinet or Palo Alto. This solution should include a fully functional firewall at no extra charge. At this time it supports layers three, four, and five, but it needs support for a level seven firewall.

View full review »
Senior Network Engineer at a tech services company with 51-200 employees

We've worked with BetterCloud, and found the security to be better than what is offered by Cisco. The user interface is nicer as well. Cisco should look at what they are doing and try to replicate it a bit.

When it comes to adding more security features, you need to add more RAM.

The pricing could be a bit better. When a customer transfers from a traditional WAN to SD-WAN, the subscription price is one big problem for them.

The solution is a bit buggy, which makes it slightly unstable.

The provisioning could be easier during deployment. Some vendors say they can handle provisioning, however, it differs from vendor to vendor.

View full review »
Steve Roy
Senior Director, Network Engineering at a tech vendor with 1,001-5,000 employees

The inexpensive Viptela hardware may be replaced with overpriced Cisco routers. This would be a tragic mistake for Cisco as the lightweight commodity platform built by Viptela is the reason to own this solution. 

View full review »
Data Center Engineer at Emerging Communication Limited

It would be very helpful if we had better access to a knowledge base, or online documentation, to help both us and our customers learn to use this solution.

View full review »
Network Analyst at a real estate/law firm with 1-10 employees

On its own the product does what it's expected to do but if you're looking for more features you'd need to move to a dedicated firewall like the ISA firewall. There's something a little inconvenient and old style about it. 

The solution could have a better web interface to simplify changing configurations or see some statistics. I think the main weakness of the Cisco product is the user interface, I'd like to see things more clearly. 

View full review »
Network Analyst at a real estate/law firm with 1-10 employees

I would like to see a better, web-based interface to make changes to the configuration or to view statistics. The main weakness of Cisco products is the user interface.

This solution would be improved with the inclusion of an ISA Firewall.

View full review »
Director de Arquitecturas at a tech services company with 1-10 employees

The security features could be improved.

The solution needs to offer better stability.

The product could have improved flexibility.

View full review »
Majid Yousuf
Sales Engineer at Logicom

Since most user-data is going through the solution, we are concerned about security, as all the information is in the cloud and not on-premises. The user data authentification should be higher to better prevent malicious attacks.

View full review »
Executive Director at a manufacturing company with 51-200 employees

They should enhance the reporting because, as it is today, they need more executive-level reports.

If in the future they can support Cisco SASE then it would be good.

View full review »
Shah Jamal
Network Security Associate at VPS

I would like them to add some more SD-WAN ports. We have seen one implementation where there were four ISPs. Currently, we have a maximum of two ports for ISP in this device. Therefore, we cannot connect directly, and we need other switches. There should be some option to have more than two ports for SD-WAN. 

View full review »
Pavan Kumar Mateti
Owner at SCO`Scope Consulting Private Limited

We've just started using the solution, so I don't know if there are any features that are missing. We haven't used it long enough to find any faults.

The initial setup could be a bit less complex.

View full review »
Team Lead Network Infrastructure at a tech services company with 1-10 employees

The process of onboarding the vSmart, vBond, and vManage should be improved to make it easier to manage in general. 

View full review »
Senior Global Product Manager at a comms service provider with 10,001+ employees

An area of improvement for this solution is reducing the complexity. Currently, the solution requires people who have a very good understanding of Cisco SD-WAN. 

For example, VeloCloud can be used and is easier to understand, but it has limited functionality. It is designed like a block box where the internal architecture is hidden. With Cisco, I can see the inner workings of the architecture. Therefore, it is necessary to have a good understanding of how the solution works in order make full use of it.

An additional feature that should be included in the next release of this solution is the ability to use a local area network (LAN) behind the domain name system (DNS) box. This feature would allow for better communication protocols to be put in place.

View full review »
Muhammad Zakaullah
Sr. Network Engineer Consulting Services at a consumer goods company with 1,001-5,000 employees

The main issue is that not in the technology, but it comes back comparison. When we do a comparison with other SD-WAN solutions, they are priced better. Then on that basis, they conclude to use the other solution. 

View full review »
Tharanga SKP
Engineer, Enterprise Products at a comms service provider with 5,001-10,000 employees

The licensing model needs to be improved.

Sometimes we feel that the choice of models is very limited, so we would like to see additional devices made available.

View full review »
Head IT Operations at a tech services company with 1-10 employees

This solution is expensive so pricing is a concern.

View full review »
Learn what your peers think about Cisco SD-WAN. Get advice and tips from experienced pros sharing their opinions. Updated: May 2021.
501,151 professionals have used our research since 2012.