Please share with the community what you think needs improvement with Prisma Access by Palo Alto Networks.
What are its weaknesses? What would you like to see changed in a future version?
There can be some latency issues with the solution that should be improved.
Our security team had a concern that they are not able to filter out a few things. There is some particular traffic that the security team wants to filter out and apply their own policies and they cannot. Earlier, we used our on-prem solution for that, however, when it is in the cloud, the problem is that it has to be done manually. When we do changes on the on-prem, it will not automatically sync to the cloud. Therefore, manually, the admin has to do changes on the on-prem for spam filtering and at the same time on the cloud as well. We actually faced some a problem with using the failure of authentication. Our primary authentication happens through a RADIUS server, to a non-IP solution, so that there is a double-factor authentication. In that double-factor authentication, we are using three different RADIUS servers. Apart from that our requirement was that if all our RADIUS servers failed, we wanted the authentication of users to fall back to LDAR. The problem we faced is that each RADIUS server was consuming 40 seconds each for the timeout, and then only will it go to LDAR. However, the total timeout of the global product timeout, we are not able to adjust. If you take an on-prem Palo Alto device, you can adjust or increase the Global Protect time out value from 30 seconds to up to 125 seconds or 150 seconds. Later, we were able to resolve this by reducing the timeout value for each RADIUS server. Technical support could be a lot better.
When it comes to the VPN, it uses the global protect VPN functionality to connect remotely, but it has a feature limitation for assigning multiple IP subnets to different user groups. It would be much better if we are able to assign the current IP blocks for the subnets based on the user groups.
The solution needs to be more compatible with other solutions. This is specifically a problem for us when it comes to healthcare applications. They have proprietary connection types and things of that nature that make compatibility a challenge sometimes. The scaling can be a bit tricky, depending on the setup.
It is integrated with the MDM solution but it is not a VPN, so this is something that can be improved. Better integration with the MDM solution would be useful.
I would like to see an increase in third-party integration, in terms of identity and access management, or strong authentication.
I would like to see better pricing and an easier logging process. Also, if there was a way to log a global log, everything could go onto the system. It would be better if there was a third log, otherwise one would have to do everything manually.
The dependencies of applications sometimes are a bit confusing. All the dependencies you have between applications can be confusing when you fill in things. It's mostly the configuration with the different applications. Extra guidance in using applications and things like that might be helpful. In terms of features, at the moment, the features we use are all in there. But we don't even use the full feature set at the moment. So I don't really have any need for anything else. For now, there's not really anything missing.
They could improve the proactive service on this application and application tracking in their next release. Their next release should provide solutions for the mobile environment.
What do you like most about Prisma Access by Palo Alto Networks?
Thanks for sharing your thoughts with the community!