Prisma Access by Palo Alto Networks Initial Setup

MI
Associate Director at Cognizant

It was pretty straightforward at the PoC level. But the rollout of something like this across an enterprise is never like a one-shot thing. We went through some bumps and bruises and roadblocks along the way, but, overall, it was a pretty straightforward path.

The entire onboarding took around four months for our approximately 20,000 users.

On a day-to-day basis, we have security engineers and SMEs managing the platform. But there are not as many intricacies and challenges as there are in some of the other products that we deal with. From administrative, operational, and management standpoints, the way Prisma has let us do it, things are pretty efficient.

View full review »
TejasJain - PeerSpot reviewer
Sr. Cloud Security Architect at a computer software company with 10,001+ employees

It was fairly straightforward. We started with a couple of proof of concepts, and we've been adding things. We are gradually getting new locations, new sites, and new deployments, and we never faced any challenges in terms of the capabilities of the platform. It has been fairly smooth.

This was a huge implementation with a couple of dozen sites, and it involved designing, bill of materials, procurement, and implementation. The designing phase took about two months. The implementation took about a month.

The beauty of it is that we just have a team of five people managing the entire implementation. When it goes to the operation stage, we would definitely need more people because there are different pieces to it, but for the design implementation, we just have five people to manage everything.

View full review »
AM
Cloud Architect at a computer software company with 10,001+ employees

The deployment is straightforward, and it's done via Prisma's console. I didn't find it to be tricky or have any difficulty finding what I needed. Everything is clearly labeled and intuitive. The more you play with that, the more comfortable you get.

It only takes a minute or two if you have everything configured and you simply need to push the config file. That also depends on how much configuration you push at once. A small configuration takes less than 30 seconds. A larger configuration like we've done in the past few days might take a minute or more. 

View full review »
Buyer's Guide
Prisma Access by Palo Alto Networks
March 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
RR
Network Security Engineer at a manufacturing company with 10,001+ employees

Setting up Prisma Access is somewhat complex. You must configure many little pieces ahead of time to build the entire portal and LAN. It's slightly painful to ensure everything is working correctly. Do you wrap the comprehensive policy around everything you're trying to do? Configuration is not straightforward.

The solution doesn't need care and feeding once it's set up. It is just like another firewall. Adding rules isn't any different from setting restrictions on a local on-prem firewall.

View full review »
Hemant Rajput - PeerSpot reviewer
Deputy Manager at a tech services company with 10,001+ employees

Setup was very easy. It's just plug and play. Deployment took between two and three hours. There wasn't a lot of physical technical intervention.

To deploy Prisma SaaS, we had to turn it on in our Palo Alto Prisma Axis.

Deploying Prisma takes a tenth of the time that it takes to deploy traditional CASB solutions in the market.

The complexity of the solution depends on how it's designed. Anyone who has a basic knowledge of networking can understand Prisma and administer it. It was quite difficult to manage, and it has a lot of components involved. Their onboarding process took a long time.

View full review »
TodorShuev - PeerSpot reviewer
System Administrator at a computer software company with 501-1,000 employees

It is straightforward because all the work is done by Palo Alto. They provide help for the initial setup to go without any issues or with minimum problems. They power up the machines, and they give us console access from there.

After Prisma Access was set up, it took us about a week to tune everything and connect our data centers to Prisma Access, etc.

We had two engineers for its setup. It does require maintenance. I am the only person handling the maintenance. It is not difficult to maintain.

View full review »
Kepa-Ayerbe - PeerSpot reviewer
Connectivity Platform Cyber Security Specialist at BASF Business Services GmbH

Prisma Access by Palo Alto Networks' deployment was straightforward. It was a big project and we were required to migrate the whole infrastructure. It took around six months to complete. It was a network migration project where we transitioned to the solution. The migration involved changing our network supplier from one provider to another. The IT team handled the technical aspects of the project. 

We prepared the infrastructure, including the servers and firewalls. We focused on the repair of the firewalls, ensuring connectivity, and replacing the main infrastructure. After these preparations, we proceeded to deploy the clients, conducting a pilot for the clients as part of the overall process.

View full review »
Nikolay Dimitrov - PeerSpot reviewer
Cyber Security Engineer at Paysafe / IBM

It is easy, and I can't complain. It is a straightforward process. It takes about one hour. It is not so complex. It is a cloud solution. So, you just specify how many gateways you want, and with a few clicks, it gets deployed.

You don't need prior knowledge of the setup, but you should be a good network engineer and have the basic knowledge. It can't be done by someone who doesn't understand security networking. You need to have a good understanding of how much bandwidth you need because Prisma Access is taxed on bandwidth. So, you have to know how much bandwidth you need. You have to do static analysis before deploying Prisma Access to know how much bandwidth your users are using on average and how big the connection is going to be. You can increase the bandwidth later, but it is better to provision from the start based on the bandwidth requirements. The bandwidth analysis takes more time than the provisioning itself.

View full review »
Gur Sannikov - PeerSpot reviewer
Technical program manager at Intel Corporation

The solution's initial setup is pretty straightforward. The solution is easy to implement.

View full review »
JM
Sr systems eng at a computer software company with 1,001-5,000 employees

Setting up Prisma Access was relatively straightforward for our use case. We deployed some firewalls in our system and used the IP addresses we got from those to inform and allow this. So it was very straightforward to get it to work, but tweaking it over time has been cumbersome.

I was the only person from our company working on the deployment. I designed and implemented the architecture, then deployed the tool to the endpoints internally. I'm responsible for educating the users and troubleshooting problems they find. I do things like telling a guy, "No, there isn't a problem with the VPN. You shouldn't use the web version of Spotify because only crazy people do that."

View full review »
Gabriel Franco - PeerSpot reviewer
Senior Service Delivery Engineer at Netdata Innovation Center

Setup is very straightforward. Prisma Access has very extensive documentation. If you use that, it's easy to deploy the solution. You need to read a lot more for routing considerations, but I think it's easy for people with startup experience.

The amount of time it takes to deploy the solution depends on the complexity of the consumer's considerations. Normally, the basic implementation and policy authentication can be completed in two or three hours.

We require a few people for maintenance. One person provides support and two people do the implementation.

View full review »
Alikhayyam Guluzada - PeerSpot reviewer
Chief Information Security Officer at Prosol LLC

The deployment of the key features of the product took about three months, but that was because of the delays from our side and the client's side. 

It was a standard deployment. We took sample applications and tested it on them as a PoC. We became familiar with the security function of the product, and we realized its benefits. We then applied it part by part to other web applications and non-web applications.

It is deployed on the cloud. We use Google and other clouds.

View full review »
Alex Kisakye - PeerSpot reviewer
Senior DevSecOps Engineer at Sympli Australia Pty

The initial setup was pretty straightforward. The product has very good documentation that is very easy to follow. Deployment took about a day. Rolling it out took longer, but that was because of internal challenges, not the product itself. 

View full review »
Gabriel Franco - PeerSpot reviewer
Senior Service Delivery Engineer at Netdata Innovation Center

In most cases, it is easy, but it depends on the application that the customers want to onboard. For example, if you want to onboard Office 365, Microsoft Teams, and Exchange, the onboarding is easy because you can use the same user account for these three solutions. The challenging part is that you need to create an account with the specific rights for communication and gathering the appropriate information. That's more complex. In some cases, the companies are not completely controlling their Office 365 environment. They have a leader company that gives you the rights, which can take a bit longer.

It could be challenging when you try to use the S3 bucket because you have to work with the IAM to get the exact privilege access to the bucket. That's a more complex part, but if you know what you are doing, it's not that hard.

For me, its implementation is very straightforward. I would rate it a four out of five in terms of ease. Its duration varies because it depends on the information that you have in your SaaS applications because it's going to communicate with your applications through API.  It depends on a lot of things, but in my experience, one week to one and a half weeks is generally enough time. It is not something set in stone. It can take less or more, but you obtain a lot of information once that is finished.

View full review »
RM
Senior Network Security Consultant at a tech vendor with 10,001+ employees

The initial setup was complex, and only our network admin could install it. Once the solution is set up, it's straightforward, but the setup is arduous. We completed the deployment in a day. Our implementation strategy was to determine the number of users and ensure they all had the necessary information regarding the solution and GlobalProtect. Then, we deployed accordingly.

We have a team of 30 responsible for managing and maintaining the solution. 

View full review »
Burak Dartar - PeerSpot reviewer
Cybersecurity Unit Manager at a university with 11-50 employees

The initial setup is very easy. I have deployed it three times and it was integrated within two hours.

One network engineer, one network security engineer, and a system engineer are enough for the deployment and maintenance.

View full review »
AK
Network lead at SDGC

The tool is very easy to set up. It will take some time since you need to plan all the things. You also need to think about the migration of the existing infrastructure. It is not like you can complete the installation in a week. We will collect information first on users and categorize them from a user perspective like the applications and services which will be connected to the product. We will make a plan once we understand the user requirements. It is a long process and we will ensure that everything is secure. A document will be created with the data flow. We will ensure 100 percent that everything is working fine. 

View full review »
PD
Global Network Tech Lead at a computer software company with 10,001+ employees

The initial setup is not so straightforward. There is a learning curve involved because you need to understand which component fits where, with all of these modern, edge infrastructure secure-access services. You need to do capacity planning well, as well as a budgetary plan. You need to know the right elements for your business. Once you set that up, it is very simple to manage.

It took us about two to three months to deploy because we have a lot of geographical constraints. Different regions have different requirements. Accounting for all of those needs is why it took us that amount of time to set everything up.

View full review »
MR
Senior Security Engineer at a manufacturing company with 501-1,000 employees

I would say the cloud SaaS part was extremely straightforward to set up. We had no problems there. Then there is the container compute area called Compute in Prisma. It's almost like a product within a product. You have to deploy the container section on an agent to your container host. That's a little more complicated because we have to rely on development teams to deploy the agent, but tying the platform to your cloud subscriptions was straightforward and took only 30 minutes to an hour. 

It is a little more involved to set up the Kubernetes containers and deploy the agent. That could take up to a day because you have to collaborate with other teams to get that deployed and make sure it's pulling the right data. Then again, it depends on how receptive your development team is to deploying the agents. That part usually takes around three hours. It takes one or two security engineers to deploy and maintain. 

View full review »
AH
Senior Manager Network Design at a computer software company with 51-200 employees

The product's initial setup phase was very straightforward.

The deployment process involves identifying the user profiling and figuring out what exactly its users need, meaning there are some prerequisites involved in the deployment's preparation phase, and it is the most important process critical for the product's success.

The solution is deployed on an on-premises model.

The solution can be deployed in two days.

View full review »
AC
General manager at a tech services company with 201-500 employees

Setting up Prisma Access is complex. You cannot deploy it without help from Palo Alto or a Palo Alto partner. They are the only ones who can do the configuration. It took us about four months to get the solution up and running. We need about two IT staff to provide user support for Prisma, but Palo Alto handles all the updates. 

View full review »
VG
Team lead at a tech services company with 10,001+ employees

Prisma Access works on Panorama which we have on a virtual machine on GCP. As with anything, if you don't know it, it is complicated, but once you understand it, it is very easy. If I look at it as a combination of before and after, the setup is of average difficulty. You can learn things very fast. It's not that difficult or complicated, but you should know the purpose of each part. Then it is easy.

When I did my initial deployment of Prisma Access in 2019, it took around five days. But by the time I had done two or three deployments, it was taking me 20 minutes to deploy.

The implementation strategy is totally dependent on the requirements. Some customers say they want the same feeling at home that they have in the office. Some customers say they want Prisma Access to reduce the burden on the existing on-premises firewall. The posture checks have to be done on Prisma Access and, once done, the traffic is forwarded.

Once you understand the product, two to three guys should be able to handle it for configuration, and then they can move on. But for operations, you need a team.

View full review »
MY
Senior Network Consultant at a tech services company with 10,001+ employees

The initial setup was not too complicated, but it still took a little time to get familiar with it. The good thing is that Prisma VPN uses our existing Panorama centralized management tool, which we use to manage Palo Alto firewalls and VPNs. Because the centralized management tool is very familiar to us, it helped us in using the new solution. But, of course, since it is a cloud-based VPN, it did take a little bit of time to get used to, but after we got used to it, it became straightforward.

View full review »
FS
Global Leader Network Engineering at a financial services firm with 5,001-10,000 employees

The initial setup was complex. It has taken us almost a year, but we have about 7,000 users. We're just finishing up the main deployment of 5,000-plus users. We had an acquisition earlier this year and that will add another couple of thousand users. There have been a lot of hurdles with the bugs that we hit in the product. The stability of the software has been our biggest challenge.

View full review »
TT
Senior Network / ITOps Engineer at a leisure / travel company with 201-500 employees

We had a mixture of different applications and vendors, and we wanted to merge everything under Prisma Access. The terminology is a bit different between Palo Alto and Cisco ASA, and between their local firewalls and the Prisma Access firewalls. It took us about a month to wrap our heads around it and understand how things worked. Once we did that, it was easy to implement. We have gradually migrated all our services. We did our MPLS and the connection to AWS, and now, we're slowly migrating the users. No one has noticed, so it has been seamless.

We don't have a big infrastructure and did the migration piece by piece, and it was really easy and seamless.

To set up the infrastructure with the team, it took us less than a week. The gradual migration took us three weeks, but the basic setup takes less than a week.

View full review »
SG
Professional Services Consultant at Infinity Labs India

The deployment is simple.

The time it takes for deployment of Prisma Access depends on how big the environment is. One company may have 120 or 130 branch sites, while another company may have just six or seven. It varies on that number of sites or on the number of data centers they have. If there are only five or six branch office locations, then the deployment can be completed in five or six days.

View full review »
VS
Works

The initial setup is straightforward. It's a SaaS product, we only need to log in and integrate our apps using our administrative rights.

The full deployment takes a couple of weeks. The deployment is easy, but the scanning takes time. If you connect a product and that product is having a terabyte of data, the scanning will take time. However, deployment connecting to the products, it's fairly easy.

We implement the solution in a sandbox environment and a production environment. The sandbox environment is connected to our sandbox applications, and production is connected to production applications. Whenever we are trying to launch a new policy, we used to try a new sandbox first. If it goes well, we send it to a production environment. We upload a sample of corrupted files to see if the policies are acting as they are supposed to.

View full review »
PD
Sr. Security Analyst at Atos

The initial setup is straightforward.

View full review »
GA
Endpoint Security Manager at Catholic Health Initiatives

For us, the initial setup was not straightforward. It was very complex due to the fact that we're a very large company. That said, I don't mind the complexity.

The deployment was easy. It was just a matter of handling the configuration for different regions and hospitals. We had to figure out what egress they come in on or what device they come in on and things like that and that decide upon what's the most efficient means for them to connect back into the network.

View full review »
TA
Network Administrator Specialist at a government with 501-1,000 employees

The setup was medium complex. Because of the way we're doing it through our Panorama, it's a little more complex than it would be on the cloud-only solution. There is definitely some  complexity to it.

View full review »
CJ
Chief Executive Officer at Clemtech LLC

Setting up Prisma is pretty straightforward. It takes around an hour to get it up and running. The amount of time needed to fully deploy Prisma depends on the size of the enterprise and the number of units, groups, endpoints, etc. Pre-deployment preparation also varies according to the size of the enterprise. It takes about a couple of days for a medium-size organization. You have to set up the architecture, determine who the users are, set up the IP schema, establish your Zero Trust scheme, set up network access, and send your log files over to the site. All of that takes about three days. Two network engineers can handle setup and deployment. After that, Prisma can be maintained by normal networking staff and at least one engineer.

View full review »
NP
Senior Network Security Lead at a tech services company with 10,001+ employees

The initial setup was a mix of difficult and straightforward. We did the deployment in phases for users across different continents. By the time we finished the deployment, which took nearly six months, it was in our case a stable solution and simple to use as well. However, it took a while as we were working on different continents and moving from one to the other in a particular order.

The team was a combination. The team was a combination of one of the vendors in Malaysia and my team, who's from a client end. So there was a total of seven members in the team.

Our implementation strategy was as follows: we already had one Palo Alto Global Protect Retail Solution, so it was not big trouble for us to migrate it to a cloud. We started implementing, planning the redundancy for such two different sites. We established the IP set terminals with our two different sites, which will terminate from the cloud to Palo Alto VPN Box on our on-prem. Then, we gradually migrated the users from on-prem to the cloud.

In terms of maintenance, first of all, we have to keep on monitoring it. If there is something wrong with the cloud, we will have to get the alert and act accordingly. Maintenance-wise so far we have increased the bandwidth for internet links. At that time we had set up redundancy and there was no trouble with that. Apart from that, so far, no other maintenance has been done.

View full review »
DB
Network Security Engineer at a tech services company with 10,001+ employees

The license activation process is very straightforward. When we purchased Prisma Access, they provided a link and, from there, we had to add the serial number of our existing Panorama. After that, everything happened automatically. Once that management setup was done, we were easily able to add a rule and do other configurations.

Our deployment did not take a long time. However, our infra is very big. While the initial setup was done in four to five hours, finishing everything took us one week.

View full review »
LS
Solution Consultant at a tech services company with 1,001-5,000 employees

The product's initial setup phase is simple.

The solution is deployed on the cloud.

The solution can be deployed in a couple of hours.

View full review »
AD
Senior Engineer at a tech services company with 11-50 employees

I didn't do the original configuration, but I am doing some of the re-configuration. It is important to understand your organization's infrastructure, cloud containers, and all the various types of administrative access controls. It all comes down to having the knowledge and visibility to configure it with your environment. 

View full review »
SG
Professional Services Consultant at Infinity Labs India

It's straightforward and very easy. The deployment duration depends on the client's infrastructure. It depends on how many branch offices they are going to have. They could have only 3 offices, or they could have 100 offices. On average, if they have only 4 offices, it will take a max of four sessions. If they have 10 offices, it would take about 20 hours with two hours for each session.

We need an infrastructure subnet so that we can create an infrastructure over Prisma Access. We need to decide on the routing part, whether we are going with BGP or traffic routing. We need to have the IP address information for the IPsec tunnel. Apart from that, we need to take care of the DNS and resolve internal domains, if they have any. 

From my end, only one consultant is assigned for delivering the solution to the customer.

View full review »
PG
Senior Executive at a tech services company with 1,001-5,000 employees

This product is straightforward to set up and the integration is good.

View full review »
BY
Manager Network Engineering at a computer software company with 5,001-10,000 employees

The initial setup of the solution was complex. The configuration is not easy to understand and requires a lot of expertise from the Palo Alto side. The terms that they use in the product require quite a bit of explanation and clarification.

We used a phased approach. The first deployment we did, as a milestone, took us at least six months. For the deployment, we needed at least two to three engineers: someone from security, someone from networking, and someone from the end-user side. All parties had to be involved.

View full review »
JJ
DevOps Engineer at a tech services company with 10,001+ employees

It is pretty straightforward. It is a two-step procedure. You need to create the roles and mention the role in the Prisma config. You have to create a role in the corresponding AWS account or Azure account and give that role information while configuring Prisma. So, you need to provide the account ID number, the role that you have created, and a short description of the account that you're using. You also need to enable a couple of other things, such as VPC flow logs and cloud trail for Prisma. If these are not configured, Prisma will still get configured, but it will alert you that you have not configured the flow logs, cloud trail, and all other events. After that, Prisma will immediately start scanning the account. 

It also has a provision for grouping your accounts into a particular group. If you have a project that has multiple accounts, you can group them together as a central group. If all those accounts are managed by a single team, you can enable alert notifications for that single team instead of each account. Everything is pretty good in terms of management activities.

Deployment hardly takes five to ten minutes. It is a SaaS offering. It is a managed service by Palo Alto. You don't have to configure anything at your site for Prisma. You don't have to create any sort of instances or deploy it. You just need to onboard the accounts.

View full review »
GV
Architect - Cloud Serviced at a comms service provider with 10,001+ employees

The initial setup is simple. You just need to log into the Aperture cloud with your user ID and password, apply the license and you are done. After this, you just need to know how to integrate, but they already have documentation that can help you out.

The time required for deployment depends on how complex you are making the environment. If it's a very simple one, such as a Box or a Google Drive, then it will take around a day or two, maximum a week.

I would say that a complex environment may take between three and four weeks. It depends on the use case. If you want to do a POC setup on VPC or Google Drive then it may take less time. On the other hand, if you are integrating more services then it will take longer because you have to learn the product from scratch. There are no similar services.

Once this solution is configured, there is very little that you have to do unless the customer requests something new. If you integrate it with WildFire and AutoFocus, it will automatically get the latest volume or latest signatures, and it will notify you whenever that happens. If somebody is properly trained then one person can handle the maintenance.

View full review »
SV
Solution Architect // Network Consultant at a consultancy with 501-1,000 employees

The solution is not easy to implement. The first setup is a bit more difficult, but it gets better. The solution is easy to maintain.

View full review »
RR
Network Engineer at Acliv Technologies Pvt Ltd

The initial setup was a bit complex. It took two or three months and we are still continually working on it.

View full review »
PT
Consultant at a political organization with 201-500 employees

The initial setup is very straightforward. With the standard deployment, I think it took a few days.

View full review »
JM
Senior Director at a logistics company with 501-1,000 employees

I wasn't personally involved in the initial setup, but our IT director was. He reported that it was straightforward and easy to configure.

View full review »
RO
IT Manager at a tech services company with 1,001-5,000 employees

The tool's deployment difficulty is in the middle.

View full review »
KF
Lead Security Engineer at ESKA

Installation is simple. There are a few steps involved but with help from customer service and some simple troubleshooting, it's not too bad.  

View full review »
DS
Consultant at a tech services company with 501-1,000 employees

The initial setup was straightforward. It was completely on cloud and easily activated, and we were up and running quite quickly.

View full review »
PS
General Manager - CyberSecurity Practice at a aerospace/defense firm with 1,001-5,000 employees

The cloud setup is straightforward, and the onboarding process is much better, but the on-premises initial setup is slightly complex.

View full review »
MM
Director at a tech services company with 51-200 employees

There are many ways to deploy for the firewall in general. Sometimes we propose a firewall as a perimeter firewall, to protect the internet connections. Sometimes, we propose the firewalls to protect the data center and protecting the institutional traffic between servers. So it depends on the deployment model and the customer requirements.

Depending on the client, it may take time to gather the info and requirements from the customers, so it takes anywhere from two business days to two months to finalize the whole deployment for the Palo Alto Networks.

View full review »
EW
Head of Pre-Sales at a tech services company with 51-200 employees

The initial setup is straightforward in a way, but there are certain things that may require Panorama, which is a centralized management platform. The management of certain things can only be done through Panorama. For the initial integration, a few steps have to be followed, but after that, it is easy to configure and use.

For the console-side deployment, one or two engineers would be enough. A complete user deployment may take a few weeks to complete.

View full review »
EW
Head of Pre-Sales at a tech services company with 51-200 employees

Prisma SaaS requires a small implementation. Two engineers would be sufficient for the deployment process.

View full review »
CR
IT Security at a real estate/law firm with 1,001-5,000 employees

The initial setup was really straightforward.

View full review »
Buyer's Guide
Prisma Access by Palo Alto Networks
March 2024
Learn what your peers think about Prisma Access by Palo Alto Networks. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.