10 Best SD WAN Providers Reviewed (With comparison tool)
The best SD WAN Providers you should compare are:
The top rated SD WAN providers offer features which include zero-touch provisioning, traffic steering, circuit bonding, managed services, cloud-native access, next-generation firewalls, and SASE cybersecurity.
With these features, businesses can simplify network infrastructure, enhance application performance, and improve security, all while optimizing costs.
Comparison of the 10 best SD WAN Providers (USA, UK & Global SD WAN) | Business use case (USA, UK & Global SD WAN) |
Cato Networks | Businesses choose Cato because of their Global private network, simple to use portal and strong SD WAN+SASE and SSE product set. |
Aryaka | Fully managed SD WAN with overlay and underlay management, good statistics and SD WAN+SASE capability. |
Masergy | Fully managed SD WAN with Global metro network, SASE+SSE, UCAAS and MS Teams integration. |
Versa | Cost effective capability with SD WAN+SASE, SSE and focus on application steering, SWG & monitoring. |
Meraki | Huge channel presence, support for SD WAN, CCTV, IoT and Switching. SASE provided by Cisco Umbrella. |
VeloCloud | VMware platform integration with strong ZTNA remote access, SD WAN+SASE, SSE, public global gateways and multi-cloud. |
Palo Alto | Powerful SASE and SSE solution, Prisma SD WAN offers powerful ZTNA, Multi-cloud and Support with AI. |
Fortinet | Security first vendor with excellent WAN edge performance, SASE and SSE. |
Barracuda | Complete integration with MS Azure across the SD WAN data-plane. SASE for medium sized businesses. |
Forcepoint | Excellent support for the Office 365 suite of applications including granular SASE with DLP and GDPR compliance. |
Who is the best SD WAN provider?
Cato Networks is the best Global SD WAN provider. Cato Networks offers a cloud-native SD WAN-as-a-service solution with a complete set of networking and SASE security features delivered from the cloud. Cato operates a private backbone spanning over 65 PoPs.
Please complete the Netify SD WAN assessment to learn whether Cato is a good fit for your business.

Compare the SD WAN & SASE / SSE Cybersecurity market across 150 providers and vendors now
- Compare DIY or fully managed solutions for your business
- Learn why each solution is a match for your business
- Used by companies including CDC, Permira, Square Enix, British Legion and more
How we reviewed each SD WAN provider solution and our methodology
We setup an initial SD WAN with default security policies across each vendor. This process involved:
- Logging into the management portal of each solution
- Moving through the configuration steps
- Viewing the statistics and reporting capability
- Analyzing features and SD WAN use-cases
- Explaining SASE and SSE security features
- Outlining Pros and Cons across each SD WAN solution
- Detailing information on solution competitors
The above review methodology helped us create this highly exhaustive best SD WAN providers article.
Did you know? Netify offer a free vendor and service provider briefing where one of our analysts will walk you through leading solutions and explain why each capability is a good fit for specific business needs.
Which SD WAN capabilities should your business compare?
1. Compare SD WAN coverage
One key factor to compare is coverage, which depends on whether your business operates nationally or globally. A crucial difference in selecting an SD WAN solution is its ability to support global connectivity. For instance, if your business comprises only 10 sites located in the US or the UK, a global network of interconnected PoP's might not be a priority. However, if your business is a multinational corporation, then having this kind of coverage can significantly impact which SD WAN solutions make it to your shortlist.
2. Compare SD WAN Managed Services
The second factor your IT team should compare is the level of managed services your business needs. SD WAN enables flexible management options, from fully managed to co-managed and DIY services.
Certain SD WAN providers specialize in fully outsourced services, while others are a better fit for DIY provision. Therefore, when selecting an SD WAN solution, it is crucial to determine which providers align with the level of management services required by your business.
3. Compare SD WAN Complex Services
The third factor to compare is the level of complexity required by your business. For large multinationals with complex routing, disaster recovery policies, and a vast number of remote users with various BYOD devices, only a select few providers and vendors can support such complex requirements.
On the other hand, if your business is more standardized, then you should look for solutions that are cost-effective and simpler to manage and provision. Some products provide out-of-the-box configurations and policies that can get your business started quickly.
Therefore, it is important to select an SD WAN solution that aligns with the level of complexity required by your business to ensure that you are getting the most efficient and effective solution.
4. Compare SASE and SSE Cybersecurity
The fourth comparison factor to consider is SASE and SSE security, which is now a must-have product for all businesses. SD WAN is considered a subset of SASE.
SD WAN enables security across remote users and branch-office sites, making it an essential component of SASE. Therefore, when selecting an SD WAN solution, it's important to keep in mind that it is a critical part of your overall security architecture.
By incorporating a SD WAN solution into your security strategy, you can ensure that your remote users and branch-office sites have secure and efficient access to the network resources they need.
The components of SASE typically include:
Secure web gateway (SWG) - This is a cloud-based service that provides a range of security capabilities to protect against web-based threats. This includes web filtering, URL filtering, and other features designed to enhance web security.
Cloud access security broker (CASB) - This service provides organizations with increased visibility and control over the use of cloud applications and services, ensuring that sensitive data is protected and compliance requirements are met.
Zero-trust network access (ZTNA) - This service provides secure access to applications and data, regardless of location or device. It operates on a "never trust, always verify" principle, requiring authentication and verification for all network access.
Software-defined wide-area networking (SD WAN) - This service provides secure and optimized connectivity to applications and services, helping to improve network performance and reduce costs.
Firewall as a service (FWaaS) - This cloud-based firewall service provides network security capabilities, protecting against unauthorized access and other threats.
A range of security components may be included in SSE, such as:
Firewall - This is a security solution that can be hardware or software-based and is designed to protect a specific segment of a network or perimeter against unauthorized access and other threats.
Intrusion detection and prevention systems (IDPS) - This security solution is capable of monitoring network traffic for signs of malicious activity and can either alert or block potential threats.
Virtual private network (VPN) - This secure connection allows remote workers to access the network in a manner that emulates an on-site connection, thus ensuring a secure connection.
Access control mechanisms - These are security measures that are implemented to ensure that only authorized users and devices can access network resources. This helps to protect against unauthorized access and security breaches.
SSE can include various additional components, including both hardware and software-based firewalls, intrusion detection and prevention systems (IDPS), virtual private networks (VPN), and various access control mechanisms.
These technologies work in concert to safeguard a specific network segment or perimeter, thus ensuring that only authorized personnel and devices can access network resources.
Companies can monitor network traffic for suspicious or malicious activity, thereby enabling the prompt detection and prevention of potential security threats.
With the help of these robust security measures, SSE can provide enhanced protection against unauthorized access and other security risks.
5. Compare SD WAN Features and Benefits
The fifth factor to compare revolves around the features and benefits of SD WAN. As a comprehensive solution, a typical SD WAN vendor offers various features that provide businesses with increased flexibility, security, and efficiency for managing their WAN.
Circuit bonding combines multiple connections together to improve bandwidth and resilience, while network segmentation enhances security and enables greater control over traffic flow.
By optimizing WAN performance, SD WAN reduces latency and improves application speed. Quality of Service (QoS) ensures that critical traffic is prioritized, and dynamic traffic routing automatically selects the best path for traffic to follow.
With cloud-native access and termination, integrating cloud-based services into the WAN is easy. Finally, SD WAN supports a variety of connection types, including 4G, 5G, Broadband, and leased line services, making it a versatile and adaptable solution for modern businesses.
Selecting an SD WAN solution that aligns with the unique features and benefits required by your business can ensure that you are getting the most efficient and effective solution.
6. Compare Cloud-native options
Finally, the sixth comparison are is Cloud. SD WAN is a secure and efficient way for businesses to access cloud services, including AWS, Azure, and Google Cloud.
The cloud-native architecture of SD WAN allows for seamless integration with cloud services in a simple and secure manner. This architecture is designed to enable businesses to transition their WAN to the cloud with ease, taking advantage of the flexibility and scalability of cloud-based services.
To access cloud services, the SD WAN appliance utilizes direct connectivity, such as AWS Direct Connect, Azure ExpressRoute, and Google Cloud Interconnect. These dedicated connections provide a private and high-bandwidth link between the SD WAN edge device and the cloud provider's network, ensuring low latency, high performance, and increased security.
SD WAN solutions are built with cloud-native architectures, utilizing cloud-based technologies like microservices and containers. This design enables the solution to be more flexible and scalable, providing fast and seamless integration with cloud services.
Along with direct connectivity, SD WAN offers application-aware routing, which can dynamically route traffic to the closest cloud service endpoint. This feature enhances application performance, reduces latency, and provides a better user experience. Overall, SD WAN is an effective solution for businesses looking to connect securely and efficiently with cloud services.
7. Compare SD WAN SLA's (Service Level Agreements)
When comparing SLAs for SD WAN service providers, it is important to look at key network performance metrics such as packet loss, latency, and jitter for both primary and backup links. Make sure to find SLAs that guarantee a high level of network uptime, for example, 99.99% availability, and consider the service provider's mean time to repair (MTTR) for network outages. SLAs related to support services, such as 24/7 customer support, escalation procedures, and response times to make an informed decision.
The SD WAN market has experienced significant changes - 2023 looks to be no different. A major trend has been the shift towards cloud-native solutions, which have become increasingly popular as businesses continue to adopt cloud-based services and applications hosted within AWS, Azure and Google Cloud.
Some notable acquisitions have resulted in a higher demand for SD WAN solutions that can seamlessly integrate with leading cloud platforms, as well as provide improved security from SASE (Secure Access Service Edge) and SSE (Security Service Edge). Consequently, a smaller number of large providers have emerged as dominant players, while smaller providers have resorted to specializing in niche areas.
- VMware acquired VeloCloud in 2017
- Cisco acquired Viptela in 2017
- Silver Peak was acquired by HPE in 2020
- Palo Alto Networks acquired CloudGenix in 2020
- Juniper Networks acquired 128 Technology in 2020
Another notable trend has been the growing focus on edge computing, with SD WAN playing a pivotal role in facilitating distributed computing. Despite these changes, the market continues to evolve rapidly, suggesting a dynamic and exciting future.
1. Cato Networks Review
IT administrators begin with Cato by selecting a new site and specifying the intended use case and location, deploying a site through Cato is a straightforward process. During installation, IT teams can supply key information such as the site name, type (Branch, HQ, user), connection type (Socket or client), country and state, license type, users, bandwidth, and the assigned IP range. If required, the Cato interface also permits WAN2 configuration to accommodate a diverse circuit.
After setting up, policies are immediately assigned to ensure company security and apply any necessary restrictions. The Cato socket is then plugged into the WAN port of the ISP router, which brings up the actual appliance within the management portal.
Cato SASE, SSE and Remote Access
Remote users are a major component of the Cato value proposition. Setting up their configuration is simple; the first step involves adding the user's name and email address. Shortly after setting up the account, the user will receive an email asking them to activate the Cato service, which directs them to the Cato website's user portal. Once on the website, the portal prompts the user to select Windows, MacOS, iOS, Android, or Linux. After downloading and installing the application, the user can add their username and password to invoke the app, allowing them to connect to the Cato cloud.
Once the user is set up, firewall services can be applied for the WAN (site-to-site and corporate resource access) as well as for Internet access (general browsing). Applying anti-malware and intrusion protection services is simple; just select the option to begin using their standard services.
As an example, when users attempt to visit denied websites, Cato will automatically block sites that are deemed unnecessary for corporate access.
With the site and user set up, no additional action is required because the Cato SSE 360 applies almost real-time security to the WAN.
I was impressed with the comprehensive security features and ease of use that the platform offered. The consolidation of security tools and services into a single platform was a standout feature, allowing for simplified network management and greater visibility and control over network traffic.
The AI-powered threat detection and response were also noteworthy, providing a higher level of protection from emerging cyber threats. The user-friendly interface made it easy to manage and configure policies, and the support team was always available to answer any questions I had.
I was impressed with the platform's comprehensive view of SaaS usage through its Shadow IT dashboard. The dashboard provided both high-level statistics and application-specific data, allowing me to assess the risk of each application accurately. The risk assessment was done by Cato's unique Application Credibility Engine (ACE), which collected information regarding the application's purpose, publisher, security, and compliance to calculate a risk score, determining the most suitable access policy.
I found the platform to be a reliable and efficient solution for businesses seeking comprehensive network security. The fact that all WAN and internet traffic goes through the Cato Cloud ensures that there are no blind spots and no need for multiple appliances from different providers, making it a cost-effective solution.
One of the standout features of Cato's cloud-based solution is its ability to inspect any combination of encrypted and unencrypted traffic with all supported security services. This provides customers with reliable and comprehensive protection, and unlike other solutions, there is no need to go through sizing exercises or forced upgrades, as the platform ensures that sufficient capacity is available to provide the subscribed service.
With Cato's cloud-based solution, customers can be assured that inspection capacity is handled exclusively by Cato, ensuring that there is always enough support for licensed capacity. This means that businesses don't have to worry about sizing, upgrading, patching, or refreshing appliances, as Cato takes care of all of this on their behalf.
Cato's cloud-based solution is efficient and easy-to-use solution for keeping network security up-to-date against emerging threats and evolving business needs. The platform's comprehensive security features and minimal maintenance requirements make it an excellent choice for businesses seeking reliable and cost-effective network security solution.
Cato's CASB supports highly granular access policies, which were enforced inline in real-time, setting it apart from many competing solutions. The level of granularity ensures that an Enterprise's SaaS usage is secure and protected against potential threats. I appreciated the platform's ease of use, advanced features, and security measures, which made it an ideal choice for businesses seeking to streamline their SaaS usage and reduce their risk exposure. Overall, I found Cato's CASB to be a reliable and effective solution for managing SaaS usage, and I would highly recommend it to other enterprises looking for a comprehensive security solution.
Cato's advanced SASE and SSE security solutions, coupled with their global backbone, offer the necessary tools to secure branch offices and remote users. Cato Networks is an excellent option for businesses that prioritize security and require a simple-to-use product. However, enterprise businesses with more granular and complex SD WAN and security requirements may find Cato limited by their standardized feature sets, which may preclude large, complex multinational businesses. What we like about Cato is their easy-to-use management portal, which allows fast deployment of users and sites with simple adds, moves, and changes that can be completed in seconds.
Cato TLS decryption
One further option that Cato offers is the application of TLS decryption. The majority of web traffic is TLS-encrypted, which means your SD WAN provider needs to decrypt this traffic to view the contents and ensure security is upheld. Typically, TLS requires additional hardware, but with the Cato solution, switching on this additional service component is simple; you don't need any other service options. Once TLS is applied, the Socket or client will automatically check all traffic with TLS encryption that traverses the network.
Cato SMB acceleration
The Cato SMB acceleration feature improves traffic acceleration for large batch files, which boosts network performance and thus improves transfer speeds. An example transfer of a batch file demonstrated the following efficiencies:
Without SMB acceleration | With SMB acceleration |
7Mbps download | 37Mbps download |
The above table shows a positive impact of over 400%. Another improvement witnessed was with RDP (Remote Desktop Protocol). Not only were the same security policies applied through Remote Desktop, but the performance was also excellent, including the quality of video and voice applications. This is a byproduct of the Cato Global backbone.
Users outside of Active Directory can be supported and configured using Cato Zero Trust (ZTNA).
What are the main Cato features? |
Cato feature description |
Does Cato offer their own network? |
Yes. 75 Global PoP locations delivering cloud access with multiple ISP connectivity. |
What managed services does Cato offer? |
The Cato solution is available as DIY, Co-managed and fully managed. Although all 3 management options are available, customers typically opt for DIY or Co-managed services. |
Does Cato support complex or simple requirements? |
Although Cato is capable of supporting complex requirements, their solution is more aligned with standard off the shelf requirements. |
What SASE and SSE security is offered by Cato? |
Cato SSE 360 offers complete protection for remote users and branch-office locations. Designed as a complete monitoring service which scales with your requirements, SSE 360 is an all encompassing security monitoring capability. |
What are the main features supported by Cato SD WAN? |
Cato supports the majority of typical SD WAN features which includes SaaS optimisation, SASE and SSE, remote user support, multi-cloud support, connectivity access management and their global private network. |
How does Cato access the Cloud? |
Customers breakout to the nearest AWS, Azure of Google Cloud PoP from the Cato backbone via multiple ISP's to ensure the best possible network performance is made available. |
What is the Cato SLA? |
Cato customers are backed by a 99.999% uptime service level agreement (SLA) and offers 24/7 support through a global Network Operations Center (NOC) and Security Operations Center (SOC). |
Who is Cato Networks?
Cato Networks is a leading provider of a single-vendor SASE platform that has experienced impressive annual recurring revenue growth from $1 million to $100 million in just five years. IT decision makers seeking Global SD WAN with SASE and SSE products can turn to Cato Networks for a range of use cases.
Why should your business should consider Cato SD WAN?
- Cato Networks simplifies MPLS migration, allowing organizations to transition from outdated MPLS networks to public Cloud-based SD WAN.
- Cato Networks offers low-latency cloud network access with significant benefits, such as improved access to key applications which includes Office 365 and AWS.
- Cato Networks' optimized private backbone allows global offices and remote workers to connect directly to any of Cato's 75 PoPs, providing fast and dependable access to critical business applications without complex and expensive VPN setups.
- Cato Networks' managed services offer the resources and support your organization needs to ensure smooth SD WAN management. They can provide various tiers of managed SD WAN and assist with monitoring last-mile circuits and security threats for in-house management.
- Cato Networks' solution for local Internet access can enhance branch office connectivity. This solution offers simplified deployment and management, improved application performance, and enhanced security through Cato's cloud SASE and SSE technologies.
What products does Cato SD WAN include?
The main product features Cato offers are as follows:
Cato product |
Product description |
SSE 360 (Secure Service Edge) |
SSE 360 integrates SWG, CASB, DLP, ZTNA, and FWaaS with advanced threat protection features, including IPS and anti-malware. |
Cato Remote Access |
The Cato traffic management solution relies on zero trust and multi-factor authentication to ensure access to users based on specific policies related to application type and context. |
Cato Edge SD WAN (Cato Socket) |
The Cato Edge SD WAN system acts as a point of termination for different underlay connectivity types, including broadband, 4G, and leased lines. |
Cato Global Private Backbone |
Cato operates a global network that spans 75 Points of Presence (PoP) locations. |
Cato Hybrid / Multi Cloud |
The Cato Multi/Hybrid Cloud environment is seamlessly integrated with top cloud platforms, which includes AWS, Azure, and Google Cloud through Cato Sockets (WAN edge) or IPSec tunnel termination. |
Cato SaaS Optimization |
Cato's strategic location close to the apps ensures optimized latency for essential cloud-based applications which includes Office 365, Salesforce, and UCaaS. |
Cato Managed Service |
Cato's cloud-based management portal offers businesses the flexibility to choose the level of management that best suits their needs, with three distinct options available. |
What is Cato's Gartner SD WAN Magic Quadrant status?
Cato is not currently included on the Gartner magic quadrant for SD WAN.
Who are Cato's main competitors?
Aryaka is a natural competitor to Cato Networks due to their similarity across their provision of private network PoPs. Aryaka is focussed on fully managed network services whereas Cato is a better option for DIY and Co-managed. Also consider VeloCloud for access to Global public Cloud gateways and strong SASE security integration with 3rd party vendors.
What are the benefits (pros) and drawbacks (cons) of Cato Networks?
Benefits (pros) |
Drawbacks (cons) |
Fully managed cloud-native solution delivered via a single-vendor unified networking and security stack |
Limited security feature set compared to similar enterprise-grade solutions. |
Highly scalable and fault-tolerant via zero-touch SD WAN edge devices and link aggregation |
Limited integration with third-party identity providers |
Centralized management via a user-friendly and simplified web user interface |
Relatively new solution that is still gaining popularity amongst the IT community |
Recommended resource for Cato Networks: Find your local sales contact, download the latest Cato service PDF or book a demo, visit Cato on the Netify Marketplace.
2. Aryaka Networks Review
Configuring and deploying Aryaka is straightforward with an easy to use menu system which supports advanced configuration, network monitoring, QoS, network segmentation, traffic rules, WAN optimisation and virtual machine options. Aryaka's primary value proposition lies in its network and security as-a-service, making it an ideal solution for companies seeking to completely outsource their WAN and security requirements.
The advanced configuration menu option displays the site type, license, and naming convention. Changing the bandwidth is perhaps the simplest option here, but interestingly, you are also able to select burstable to ensure that your network is not limited in the event that extra bandwidth is required. Note: burstable depends on your Internet provider offering this service.
Deploying Aryaka at a basic site-to-site level is straightforward. IT administrators can log in to the MyAryaka portal and choose whether to route traffic via Aryaka or site-to-site with pure Internet. Simply select the sites you want to configure, and the portal will submit the request for provisioning. This means the configuration change does not happen immediately and requires the Aryaka team to manually make the change.
When a change or order is submitted by the customer, a confirmation email is sent containing the references from the Aryaka support team. When a site is in a provisioning state, the MyAryaka portal will display the status which includes:
- Draft
- Provisioning
- Configured
It is important to note that there is a help function which allows users to quickly understand each of the options which exist on the portal.
Aryaka SASE, SSE and Remote Access
SASE is another key component of the Aryaka proposition and can easily be accessed via the portal. Once logged onto the security domain, the data displayed shows a summary of connected sites, user connections, and threats. When using Aryaka's Secure Web Gateway, we found the top threats graph interesting as is weekly trends at a glance. Additionally, there is security data on users who poses the biggest threat to the business.
Monitoring of live logs is available, allowing IT teams to view real-time threats and flags as they occur on the network. This feature is particularly useful when known virus threats exist.
The directory service allows Active Directory users to be bulk added to the network with simple workflows to quickly set up layer 3/4 firewall policies, content-based policies, and traffic scan options to permit or deny traffic. The Aryaka Secure Web Gateway supports URL category filtering, internet firewall options, SSL inspection, antivirus and malware scanning, user identity and control, analysis and reporting, and finally a security policy for hybrid workers.
Adding an Internet policy with Aryaka can be done using segments or zones with two types of policies which can be configured to send traffic to local segments or DMZ's and traffic to specific address ranges. Authentication of remote users is completed using Active Directory (as mentioned previously) with the local PoP assigning an IP address from whatever range is configured.
Aryaka employs multi-factor authentication, where a connection request generates a one-time password sent via email or SMS, ensuring enhanced security measures. The Aryaka SWG applies all the relevant policies that either permit or deny access as per the configuration. In case a user tries to access a restricted website, a message is displayed, and the Aryaka portal adds logs to enable IT teams to identify user trends. For senior staff, individual policies can be configured at the user level rather than at the IP level, offering more personalized and customized security measures.
What are the main Aryaka features? |
Aryaka feature description |
Does Aryaka offer their own network? |
Yes. Global private network of 30+ Services PoPs is called the Aryaka Network Access Point (ANAP). |
What managed services does Aryaka offer? |
Fully managed SD WAN and SWG with strong remote access support. Underlay last mile services are also managed and sourced by Aryaka. |
Does Aryaka support complex or simple requirements? |
Aryaka is known for offering a simple to use portal, complex service requirements are not typically supported. |
What SASE and SSE security is offered by Aryaka? |
Aryaka provide SWG as one of their primary capabilities. Although SASE and SSE are managed centrally via the My Aryaka portal, partners are used to deliver many other components of the solution. |
What are the main features supported by Aryaka SD WAN? |
SD WAN, SWG, Remote access, CDN, Multi-cloud and last mile underlay support. |
How does Aryaka access the Cloud? |
Connectivity to multiple cloud providers ensures the best possible latency and performance - includes IaaS, UCaaS and SaaS applications. |
What is the Aryaka SLA? |
Comprehensive SLA which covers up to 5 nines uptime for the Aryaka Middle Mile, which is our Layer 2 Core Network, up to 4 nines end-to-end uptime, which covers the Last Mile, Middle Mile, and Edge Services. Last Mile SLA with committed delivery time from Aryaka. Edge Services SLA that includes Aryaka services such as the managed and hosted Firewall SLA. |
Who is Aryaka?
Aryaka is a leading provider of software-defined network (SD WAN) connectivity and application delivery solutions. Headquartered in San Mateo, California, Aryaka has a global presence with additional offices located in London, United Kingdom, Bengaluru, India, Beijing, China, and Singapore. The company's innovative SD WAN technology enables businesses to securely and efficiently connect their networks across geographically dispersed locations, providing enhanced application performance, reliability, and security. With its global presence and commitment to customer service, Aryaka is able to offer businesses the support they need to manage their networks and optimize their performance.
Why should your business should consider Aryaka SD WAN?
- Aryaka Secure Web Gateway next-provides generation firewall technology from Checkpoint and Palo Alto, as well as cloud-based security solutions from Zscaler, Palo Alto, Cisco, Symantec, and Checkpoint, to provide protection against URL filtering, anti-virus, malware, and SSL inspection.
- Aryaka's multi-cloud networking solution comprises four key components: ANAP SD WAN CPE, a global private network of 40+ PoPs, MyAryaka Cloud Portal, and direct regionally-based connections to IaaS and SaaS providers.
- FlexCoreTM architecture, delivers QoS optimized per-site and per-application performance and global resource reservation for each customer. HybridWAN combines MPLS and public internet connectivity options, while Aryaka's patented technology resolves latency and packet loss issues in the last-mile internet link.
- Aryaka's cloud-optimized solution provides WAN optimization, application analytics, and direct connections to major IaaS, SaaS, and UCaaS providers for optimal performance. Aryaka offers a fully-meshed private backbone with 40+ service PoPs and 5-9 SLAs for high-quality connectivity.
- Aryaka's solution meets the demands of modern cloud-based operations, offering features such as WAN optimization, application analytics, and direct connections to top IaaS, SaaS, and UCaaS providers for peak performance.
What product features does Aryaka SD WAN include?
The main product features Aryaka offers are as follows:
Aryaka feature |
Feature description |
Aryaka Managed SASE |
Aryaka provides SASE as-a-service solutions with its Prime EZ and Prime Pro offerings. These solutions include SD WAN on a global backbone, secure edge devices, Aryaka Private Access, and Secure Web Gateway services. |
Aryaka Managed SD WAN |
Aryaka's SmartConnect SD WAN service is a reliable solution that uses the FlexCoreTM global network fabric to provide unified management for sites, applications, cloud, and users. |
Aryaka Multi-cloud Networking |
Aryaka's Cloud-First WAN as a Service solution provides a fully managed multi-cloud networking solution for global and regional enterprises. |
Aryaka Remote VPN |
Aryaka SmartSecure Private Access offers a Cloud-First approach to connect remote workers using Aryaka's Global Layer 2 Core Network. |
Aryaka Secure Web Gateway (SWG) |
As work continues to evolve, employees require regular internet access as part of their daily routine. |
Aryaka Managed Underlay (last mile circuits) |
Aryaka’s Last Mile Services can be a beneficial add-on option for enterprises looking to reduce the burden of network responsibilities. |
Aryaka CDN (Content Delivery Network) |
Aryaka's SmartCDN offers performance for dynamic IP applications for global users. |
What is Aryaka's Gartner SD WAN Magic Quadrant status?
Aryaka is not currently included on the Gartner magic quadrant for SD WAN.
Who are Aryaka's main competitors?
Cato Networks is the main competitor to Aryaka because of their private Global network provision. Customers choose Aryaka for their fully managed capability across SD WAN+SASE and SSE. Also consider Masergy as a service provider alternative when opting for fully managed services and VeloCloud as a public gateway alternative to private PoP provision.
What are the benefits (pros) and drawbacks (cons) of Aryaka?
Benefits (pros) |
Drawbacks (cons) |
Fully managed, end-to-end SD WAN solution, including first and last-mile procurement and management. |
Many desirable capabilities, such as SaaS peering, ZTNA, and SWG, are available as upgrades or optional add-ons. |
Aryaka’s SD WAN service is available in regions where few providers operate, such as China. |
The current product offering does not offer CASB and DLP capabilities. |
Centralized co-management and self-service capabilities are available via the MyAryaka customer portal. |
Limited coverage in South America and Africa with a single PoP location in each continent. |
Recommended resource for Aryaka: Find your local sales contact, download the latest Aryaka service PDF or book a demo, visit Aryaka on the Netify Marketplace.
3. Masergy Review (Comcast Business)
One of the original Masergy propositions surrounded adding bandwidth to circuits on the fly and while this approach is no longer specific to Masergy, it does remain a core feature of their network-on-demand capability. This is because the bandwidth change happens in real time which is a key differentiator between their approach and other providers and vendors where tickets take time to process. Using the Masergy portal, an authorised administrator simply selects the site and changes the bandwidth using a slider.
Today, Masergy is offering a number of key solutions to customers. Masergy SD WAN is available as a fully managed and co-managed solution - as a service provider, offering DIY is not part of their proposition. The platform offers support for Masergy-provided Internet or MPLS, Broadband, 4G/5G, or customers can even provide their own network connectivity (over-the-top SD WAN).
Perhaps the biggest feature recognized by Netify is their Service Level Agreement (SLA), which applies to both their own connectivity but also any over-the-top providers sourced on your behalf. If one of your sites is under contract and cannot be migrated to Masergy, over-the-top will take the circuit under management with a bespoke SLA.
Multi-Cloud Connect is available to AWS, Azure, Google Cloud, Salesforce, SAP, and Cisco with SASE cybersecurity with next-generation Firewalls and managed NOC and SOC layered over the proposition.
Wrapped around the service proposition are real-time statistics and insights into the network with AIOps. With artificial intelligence, AI works as a virtual engineer to enhance application performance and predict bandwidth needs. An example is where AI discovers excessive packet drops or high bandwidth utilization - the tool will notify your point of contact. If Office 365 bandwidth is increasing over time, AIOps will also provide notifications that this is a potential future issue.
Maergy SASE, SSE and Remote Access
"On The Go" (Masergy remote access) Endpoint detection and response with CASB and Zero Trust form the basis of Masergy's remote access proposition, which is provided by Fortinet. In addition to their remote capabilities, Masergy also adds their UCaaS VoIP and video conferencing solution, which means your delay-sensitive traffic is served over one IP network. With Fortinet, Masergy offers a work-from-home edge device, which means any connected device is secured when accessing the internet, vs. their client, which is installed directly onto the laptop, PC, tablet, or phone as an app.
Protection against malware, phishing, and ransomware is a priority, all of which is monitored and managed by their operations control NOC. The service does have a 30-day installation time, which is used to process orders and create your initial setup.
Fortinet is the main vendor used within Masergy managed services across SD WAN, Firewall, and Secure Web Gateway, with Forcepoint supporting Cloud Service Security Broker. The Masergy value is based around security analytics and AIOps - in other words, the service is configured and set up on your behalf, with the reporting and analytics provided for your business to understand current threats and issues.
What are the main Masergy features? |
Masergy feature description |
Does Masergy offer their own network? |
Yes. Masergy are known for their high performing Global network which is located within metro area locations. |
What managed services does Masergy offer? |
Masergy primarily offer Fortinet managed solutions but also support HPE Aruba and Cisco. |
Does Masergy support complex or simple requirements? |
Masergy is known for middle-market solutions and is not normally associated with complex service delivery. |
What SASE and SSE security is offered by Masergy? |
Complete SASE and SSE as provided by their SD WAN partners. |
What are the main features supported by Masergy SD WAN? |
Masergy offer AIOps (Network automation), Security and Hybrid workforce with MS Teams and UCAAS services. |
How does Masergy access the Cloud? |
Access is provided to Azure and AWS with firect access to SalesForce, Box and Zendesk. |
What is the Masergy SLA? |
Comprehensive SLA covering uptime, latency and jitter which can be viewed here. |
Who is Masergy?
Masergy is a North American company headquartered in Plano, Texas, founded in 2000 to deliver software-defined networking solutions. The service provider offers managed and co-managed, best-of-breed SD WAN and SASE solutions through integrations with leading networking and security vendors delivered over a global network comprising fifty-one (51) points of presence. Comcast acquired Masergy in 2021, but the company has been operating independently since the acquisition.
Previously renowned for their exceptional global metro area backbone connectivity, Masergy has advanced to offer a full suite of services, including fully-managed SD WAN and SASE solutions, unified communications, contact center solutions, and managed security services. With a strong commitment to customer service, Masergy boasts one of the highest net promoter scores in the industry, exemplifying their focus on ensuring customer satisfaction. By leveraging Masergy's comprehensive services, IT decision makers can enhance their organization's productivity and efficiency, while enjoying peace of mind knowing their network is in safe and experienced hands.
Why should your business should consider Masergy SD WAN?
- Companies which prefer a service provider with support for multiple SD WAN vendors should consider Masergy.
- Choose Masergy for their high performing backbone which offers significant benefits across latency and jitter.
- Designed for the mid-market, their solutions meet the demands of most requirements without being overly complex to consume.
- Masergy support both SD WAN, SASE and SSE together with UCAAS, MS Teams and Contact Centre.
- Simple bandwidth changes make the solution flexible when organisations experience significant usage changes.
What products does Masergy SD WAN include?
The main product features Masergy offers are as follows:
Masergy product |
Product description |
Masergy Managed SD WAN |
Co-managed and fully manage SD WAN with options for OTT (Over the Top) support of 3rd party connectivity, AIOps, Multi-cloud. |
Masergy Managed Security |
Cloud security (CASB), Endpoint security, network services and security and SOC services. |
Masergy Unified Communications |
Cisco Webex, Microsoft Teams, SIP trunking (Global) and supply of IP phones. |
Masergy Contact Center |
Omni-channel, Predictive routing, Virtual agent, Workforce management. |
What is Masergy's Gartner SD WAN Magic Quadrant status?
Masergy is not currently included on the Gartner magic quadrant for SD WAN.
Who are Masergy's main competitors?
Masergy's main value proposition surrounds fully outsourced SD WAN and SASE managed services. Ayraka is a vendor alternative as their value also has a focus on managed SD WAN. Other service provider telcos are a further consideration, including GTT, BT and Colt.
What are the benefits (pros) and drawbacks (cons) of Masergy?
Benefits (pros) |
Drawbacks (cons) |
Great option for mid-market customers requiring a fully managed service provider. |
Backbone costs viewed as expensive compared to competitor solutions. |
Excellent IP backbone with options for MPLS. |
Solutions are not customizable so buyers should consider future requirements. |
Easy to use portal with instant bandwidth changes. |
|
Good integration of UCAAS and Contact Center. |
|
Recommended resource for Masergy: Find your local sales contact, download the latest Masergy service PDF or book a demo, visit Masergy on the Netify Marketplace.
4. Versa Review
Versa was recognized for their capability to support complex WAN requirements. Although this remains the case today, Versa can also support standard requirements for medium to large businesses. As with the majority of SD WAN providers listed in this article, the Versa portal allows users to administer the SD WAN solution via configuration, monitoring, troubleshooting, management of users and licenses.
When adding a site, you are confronted with network, security, and steering. With network, the company intranet or LAN, and of course the WAN. When selecting the Versa WAN configuration, users and sites can be forced to send traffic as Internet, VPN only, or within the actual organization. The addition of being able to configure interfaces easily is a great feature that allows you to simply implement WAN diversity (WAN1/WAN2) and also add 4G and 5G LTE services for backup (although cellular can be configured as primary if it makes sense).
Security is easily deployed out of the box with default policies for Firewall, profile definitions for whitelisting and blacklisting, IP reputation, Antivirus, and intrusion protection. Each feature is customizable but also very simple and straightforward to deploy with a range of recognized threats and websites that are auto-denied by using Easy Security Picks (Versa auto-deployment).
Traffic steering is an important feature of Versa which allows easy setup and configuration of applications based on a number of options as follows:
- Low latency
- Low packet loss
- Low delay variation
Versa will detect which underlay circuit supports the best latency, packet loss, or jitter. You can also select per application to route the traffic across whichever link is most suitable.
Reporting is available with an at-a-glance display of your connected sites and their current network, security, and device status. With LTE circuits, the signal strength is also displayed to quickly understand any potential performance impact. The security tab shows the URL categories your users are visiting from computer and Internet information through to shopping and travel - deny policies can be set up if required. URL reputation, session quantity, and the bandwidth used are also displayed, representing important data points when evaluating the users' daily access to the Internet.
Troubleshooting displays the current status of deployed branch-office hardware appliances and any remote users connected to the network. An interesting feature is Versa's pre-defined troubleshooting options, which include Internet connection problems, Wi-Fi issues, slow speeds, and trouble accessing websites.
The portal also allows you to select loss recovery options, which includes Forward Error Correct (FEC) and packet replication, which is ideal when running delay-sensitive applications such as voice and video. The same stream if sent over a primary and secondary circuit - if one circuit fails, the other takes over.
Versa SASE, SSE and Remote Access
Versa SD WAN is a networking and security solution that provides a comprehensive approach to branch or remote user connectivity. Their solution is categorized into networking and security, with a focus on providing users with a wide range of connectivity options, such as WiFi, cellular, routing, appliances, or apps. This ensures that users have access to the best possible connectivity solution for their specific needs.
The security capabilities of the solution include Firewall, Anti-virus, Anti-malware, Intrusion Protection, and Secure Web Gateway. This comprehensive suite of security features ensures that users are protected from a wide range of threats, including malware, viruses, and unauthorized access attempts.
Both the networking and security capabilities of Versa SD WAN feed into the Versa Flex VNF (Virtual Network Function) proposition, which is the key to the aggregation of Versa technologies.
The Versa SASE client provides a unique pre-logon connection feature that allows clients to establish a secure VPN connection to an organization's network at the same time as their user login.
This pre-logon authentication method guarantees that the user's identity is verified and that the client device establishes a secure connection to the network. Furthermore, the pre-logon feature is especially beneficial for organizations that use Active Directory on-premises, as a connection between the user device and AD is necessary during the initial login. With pre-logon enabled, new users without AD connectivity can quickly and efficiently log in to the network using their Versa SASE client and login credentials provided by the network administrator.
Before shipping the laptop device, network administrators must install the Versa SASE client with pre-logon enabled and ensure that the necessary OS updates and security patches are in place to meet the organization's security requirements. Once installed, the new user can log in from any location and access the organization's internal resources, thanks to the pre-logon feature. Overall, the Versa SASE client's pre-logon connection method offers a secure and reliable option for organizations that require their users to access their network from various locations.
The Versa SASE solution elements are as follows:
On premises or Cloud delivered |
Cloud delivered |
Networking |
NGFW (Next Generation Firewall Service) | ZTNA for work from anywhere | Secure SD WAN |
URL/IP/File filtering | SWG | Advanced routing |
DNS Sinkhole | FWaaS | Complete IPv6 |
DNS Proxy | Data loss prevention (DLP) | Multicast routing |
Anti-malware | Advanced threat protection (ATP) | Scale to 100Mbps |
SSL/TLS Decryption | Forward error correction | |
Zero day threat intelligence | Packet replication | |
Unified ZTNA | TCP optimization | |
CASB |
Versa SASE is an excellent solution for organizations that require a comprehensive suite of network security capabilities to safeguard their on-premises, branch, or cloud applications. Versa Security is a fundamental component of the Versa SASE platform, providing a centralized location for managing network security capabilities that allow you to enforce policies in real-time with complete visibility. The NGFW, secure remote access, and UTM services offer enhanced protection for application and user activity across the enterprise WAN, branch, and private or public clouds.
One of the remarkable features of Versa Security is its multi-tenancy, multi-service, elasticity, and zero-touch provisioning. These features make it a critical component of any organization's security strategy. Providers can effortlessly create basic managed firewall services or multi-function services like UTM, replacing complex physical or virtual appliances with virtualized security functions. These services can operate on-premises, in the provider data center or cloud, public cloud, or a combination of all. Additionally, the security functionality is embedded directly into the network stacking, making it a more cost-effective solution than third-party or proprietary security hardware or software packages.
Versa's service chaining and multi-service capabilities make it simple for organizations to integrate critical security functions like next-generation firewall and secure web gateway into their existing network infrastructure. In conclusion, Versa Security offers a full suite of network security capabilities that are centrally managed through a single pane of glass, providing complete visibility and real-time policy enforcement for your on-premises, branch, or cloud applications.
The virtualized security functions offered by Versa are open, fully programmable, and run on commodity x86-based hardware, providing a cost-effective alternative to third-party or proprietary security hardware or software packages. Overall, Versa SASE is an outstanding solution for organizations that need to simplify security and networking interoperability while providing comprehensive protection for their applications.
What are the main Versa features? |
Versa feature description |
Does Versa offer their own network? |
Yes. Versa cloud access is provided through 75 public points of presence (PoPs) located around the world, each offering connectivity to multiple internet service providers (ISPs). |
What managed services does Versa offer? |
The Cato solution is available as DIY, Co-managed and fully managed. Although all 3 management options are available, customers typically opt for DIY or Co-managed services. |
Does Versa support complex or simple requirements? |
Versa is capable of supporting both simple and complex requirements. |
What SASE and SSE security is offered by Versa? |
Versa SASE and SSE is fully featured and supported by a range of partner solutions. |
What are the main features supported by Versa SD WAN? |
Versa Director, Versa Analytics, Versa Concerto and Versa Titan form the basis of Versa SD WAN. Director delivers SASE, Analytics delivers reporting, Concerto is the automation and orchestration for SASE and Titan is the portal into Versa. |
How does Versa access the Cloud? |
Azure, AWS and Google cloud are all accessible via the Versa solution. |
What is the Versa SLA? |
Versa offers and SLA to partners which is then defined and delivered to customers. |
Who is Versa?
Versa's unique approach to Secure Access Service Edge (SASE) sets it apart from other vendors in the market. As a provider of an end-to-end solution that both simplifies and secures modern networks, Versa's SASE, which is built on its proprietary operating system, VOS, offers a comprehensive range of capabilities that can be delivered via the cloud or on-premises. This enables businesses to create agile and secure networks that can efficiently manage remote workforces and connect users to applications no matter where they exist. Versa's focus is to solve the security and networking challenges faced by enterprises and service providers.
Why should your business should consider Versa SD WAN?
- Versa Networks' SD WAN solution enables secure and efficient connectivity between multiple cloud environments, including public, private, and hybrid clouds, and branch offices/remote users. The Versa solution optimizes cloud application performance and dynamically routes traffic over the most appropriate path based on real-time network conditions.
- Secure connectivity is provided to remote workers, guest users, and IoT devices while ensuring compliance with corporate security policies. SASE overlays SWG, ZTNA, FWaaS, and CASB.
- Versa enables secure access to SaaS applications, such as Office 365 and Salesforce, by enforcing granular access policies and providing advanced threat protection. It can also protect against data exfiltration and compliance violations.
- Versa SWG enables secure internet access for remote workers and branch offices by providing advanced threat protection, URL filtering, and malware detection. It can also enforce security policies to prevent data leakage and compliance violations.
- 24/7 monitoring, incident response, and reporting ensure that enterprises can focus on their core business while Versa Networks takes care of their security needs.
What products does Versa SD WAN include?
The main product features Versa offers are as follows:
Cato product |
Product description |
Versa SD WAN |
Versa's SD WAN solution boasts an impressive range of features, such as sub-second packet steering across multiple WAN interfaces, FEC-based packet loss reduction, packet replication, and avoidance of poorly performing links. |
Versa Routing |
Continuously monitor transport-paths, links, and application performance including bandwidth, latency, jitter, error rate, packet loss, MOS, MTU, among other metrics. This data is then used for intelligent traffic engineering, application-based link dynamic path selection, and efficient smart re-routing. |
Versa ZTNA |
Versa Secure Private Access builds on the philosophy of ZTNA services, which is based on the idea of not trusting anyone. It does this by offering various unique features, including application segmentation for access restriction, strong multi-factor authentication (MFA), granular application and role-based control, as well as application and network visibility. |
Versa SWG |
With Versa's Secure Internet Access (VSIA), customers can have a comprehensive security solution that encompasses URL filtering, reputation checks, risk assessment and management, compliance checks, and access control mechanisms. |
Versa NGFWaaS |
Versa's VSIA is a robust offering that includes NGFWaaS (with UTM), SWG, CASB, DLP, and other features. |
Versa CASB |
The ability to identify and manage all cloud applications while enforcing management policies in real-time or on a non-real-time basis. Creating policies to regulate the handling of sensitive information, including compliance-related content. Customers can also encrypt or data in conjunction with Versa's Network DLP. |
What is Versa's Gartner SD WAN Magic Quadrant status?
Versa is a Gartner Magic Quadrant leader.
Who are Versa's main competitors?
Cato, Palo Alto and Meraki are competitors to Versa. Versa is focussed on cost effective SD WAN+SASE and SSE managed services which is matched with Cato and Palo Alto. Meraki is not a natural competitor in terms of default features but pricing of both solutions are similar and therefore a good fit for multiple branch sites.
What are the benefits (pros) and drawbacks (cons) of Versa SD WAN?
Benefits (pros) |
Drawbacks (cons) |
Cost effective solution |
Heavy partner integration |
Capable of meeting the demands of both simple and complex requirements |
|
Comprehensive SD WAN, SASE and SSE features |
Recommended resource for Versa Networks: Find your local sales contact, download the latest Versa service PDF or book a demo, visit Versa on the Netify Marketplace.
5. Meraki Review
One of the main areas of value offered by Meraki is the dashboard. The key takeaway here is that although Meraki is known for offering a fairly simple solution for managing your SD WAN, the Meraki platform is capable of being configured to support some sophisticated features. Once your Meraki device is given a valid IP address, it can be configured through the Meraki device.
Organizations and networks are essential elements of the Meraki dashboard. Organizations act as containers for networks and licenses, while networks provide a way to logically group Meraki devices and their configurations.
Getting started with Meraki simply requires creating a dashboard account using dashboard.meraki.com. Complete the required fields to set things up, and the company name will be used for the organization.
Once logged in, the first step is to create your network by entering the name, network type, and configuration.
The Meraki capability is clear here as you can setup the network as one of the following:
- Security appliance
- Switch
- Wireless
- Camera (CCTV)
- EMM (Systems manager)
- Cellular gateway
If you are using multiple Meraki products, you have the option to choose combined hardware. There is a quick way to get started by using one of the Meraki templates, or you can bind to a template (if one exists), or you can clone from an existing network.
Lastly, the network is now created within the setup of your organization.
One of the major benefits Meraki brings is cloud monitoring via the dashboard. When viewing the monitoring landing page, it is easy to see the overall status of devices and networks with the connected clients. You can quickly move between network-wide (the overall picture), security and SD WAN, switches, wireless, and the organization.
When viewing the health page, you can quickly see the uplinks, the MX devices, switches, and wireless together with their status. Client devices are displayed underneath, which includes fields such as last seen, usage, device type and OS, IP address, and their policy. The topology and connected devices are also easily accessible.
Meraki SASE, SSE and Remote Users
The Meraki remote user proposition offers plug-and-play with auto-provisioning of IPsec VPN within three clicks, with support for dynamic IP addressing. There are multiple types of VPNs supported, including site-to-site, wireless concentrator, and VPN client, depending on the requirement. SASE is built-in to ensure intrusion protection, antivirus, anti-malware, and firewall filtering is applied as standard, although split-tunneling can be applied if the user wishes to connect outside of the office concentrator.
Reporting is again very strong across Meraki remote access, with each user's data points, which include availability, usage, ISP, latency, packet loss, and even signal strength for cellular access. Further insights include VoIP, which shows health with MOS (Mean Opinion Score), loss, latency, and jitter, which are good for fast troubleshooting.
Office 365 is used prolifically by Enterprise businesses, and Meraki reports on slow servers, domains, clients, and response time. Again, connected clients are listed, allowing administrators to quickly understand issues and problems. Other applications are also shown on the reporting dashboard.
Meraki SASE security is provided using two platforms: Cisco Umbrella and the Meraki dashboard. The primary product is the Umbrella SIG (Secure Internet Gateway) technology.
Navigating to deployment and then network tunnels via Umbrella will show the deployed connections and their respective data centers. When heading back over to the Meraki console, clicking Cloud On-Ramp will link Meraki and Umbrella together to apply SASE security. All the administrator needs to do is add their management API key.
Once there, adding a new deployment is simple - naming the network, selecting the data center (primary and secondary).
Connecting Meraki devices requires heading over to the site-to-site VPN. The admin selects the SASE connector as the hub for that specific site. With your Meraki site connected to the Umbrella, all traffic is secured by SASE for that specific site extending the fabric out into the cloud.
Setting up SASE with Umbrella is incredibly simple and although the Meraki and Umbrella are distinct, the SASE options are feature rich.
Some options include:
- Data Loss Prevention Policies (stop financial credit card information from being uploaded)
- Web Policy (for knowledge workers which can be applied against an identify profile - options include file analysis (scan content for Virus threats), file type controls (e.g. ISO images), HTTPS inspection, time wasters (stop the user from visiting sites which are not business related), and remote user isolation policies (denies website).
What are the main Meraki features? |
Meraki feature description |
Does Meraki offer their own network? |
No. Meraki does not own or provide network connectivity. |
What managed services does Meraki offer? |
Managed services available via a huge range of channel partners. |
Does Meraki support complex or simple requirements? |
Meraki is aimed as simple, standard requirements. |
What SASE and SSE security is offered by Meraki? |
Meraki SASE and SSE is supported by the Cisco Umbrella platform. |
What are the main features supported by Meraki SD WAN? |
SD WAN, SASE, CCTV, Wifi and IoT support. |
How does Meraki access the Cloud? |
Multi-cloud to AWS, Azure and Google are supported by the Meraki solution. |
What is the Meraki SLA? |
SLA's are provided by channel partners and resellers. |
Who is Meraki?
Cisco Meraki is a cloud-managed networking solution that provides a range of networking and security products for businesses of all sizes. The company was founded in 2006 and acquired by Cisco in 2012.
One of the key benefits of Cisco Meraki is its cloud-based management platform, which allows businesses to easily manage and monitor their entire network from a single web-based dashboard. This simplifies the deployment and management of networking and security devices, making it easy for businesses to scale their network as they grow.
Cisco Meraki offers a wide range of products, including switches, routers, access points, security cameras, and security appliances. All of these devices are designed to be easily managed and configured through the Meraki dashboard, allowing businesses to quickly deploy new devices and make changes to their network as needed.
Why should your business should consider Meraki SD WAN?
- Ideal for businesses with multiple branch office or retail locations due to the cost effective product pricing structure and inclusion of strong WiFi and security camera support.
- Simple to managed which suits DIY requirement, security policies and SD WAN configuration can be completed in minutes using ZTNA.
- Support for remote users is strong with the ability to deploy updates on mobile devices across your organization with just a few clicks.
- Excellent reporting and statistics across users, sites and their associated access with WiFi coverage.
- Cisco Umbrella security is heavily embedded into Meraki meaning there are a huge amount of security options which can be deployed by purchasing the necessary licence.
What products does Meraki SD WAN include?
The main product features Meraki offers are as follows:
Meraki product |
Product description |
Meraki SD WAN |
Integration of Ethernet, cellular and WiFi capability with ZTNA deployment. |
Meraki IoT |
Support for smart cameras, sensors and IoT applications. |
Meraki Switching |
Capable of supporting thousands of stacked ports with full integration into the Meraki management portal. |
Cisco Umbrella (SASE and SSE) |
Complete protection of all Internet traffic including DNS layer security. SWG, CASB and application aware Firewall. |
What is Meraki's Gartner SD WAN Magic Quadrant status?
Cisco is a Gartner Magic Quadrant leader.
Who are Meraki's main competitors?
Fortinet, Versa and Barracuda are competitors to the Meraki capability. Fortinet is a true vendor with strong partner support which is similar to Cisco. Fortinet also offer layer 2 switching which is comparable with Meraki. Versa and Barracuda both offer solutions which can be used across requirements where multiple branch site connectivity is required.
What are the benefits (pros) and drawbacks (cons) of Meraki Networks?
Benefits (pros) |
Drawbacks (cons) |
Huge support from one of the biggest channel businesses in the industry |
Although the base solution is cost effective, licence creep can quickly increase costs |
Meraki use Cisco Talos to provide threat inteligence |
Relatively |
Simple to use CCTV, switching and WiFi |
|
Recommended resource for Meraki: Find your local sales contact, download the latest Meraki service PDF or book a demo, visit Meraki on the Netify Marketplace.
6. VeloCloud Review
VMware SD WAN options (VeloCloud) consist of 3 platforms with regards to deployment:
- Edge software pre-installed as 'bare metal' on VMware or Dell hardware.
- Virtual Edge installed on ESXi or KVM certified by Dell (uCPE)
- Virtual Edge installed in AWS and Azure via their marketplace
Regardless of the deployment option, one of the major value propositions from VeloCloud surrounds their global public PoPs (cloud gateways), which are interconnected via multiple providers to ensure traffic is routed via the best possible connection.
The PoP with gateway value proposition consists of 100 PoP locations, 60+ orchestrators, and 2000+ gateways. All of the VeloCloud gateways are located in exactly the same locations as AWS, Azure, and Google Cloud.
DMPO (Dynamic Multipath Optimization) combined with VeloCloud gateways detects the best path for your site or remote user. There are pre-defined policies that can be applied with continuous link monitoring and dynamic per-packet sub-second steering. While there are numerous benefits to VeloCloud, their global network of gateways with DMPO is one key reason why businesses choose VeloCloud. Another reason is the VMware products and services that are integrated into the platform.
Bringing up VeloCloud devices is simple and straightforward with zero-touch deployment. When a site receives an edge device, they simply need to plug it in, and the config will automatically be received. The whole process is quick and totally different from legacy network provision.
From a network manager's perspective, the VeloCloud dashboard offers multi-tier management, application-aware visibility, global SD WAN visibility and analytics, detailed site and user data points, all via a single pane of glass with vRNI integration.
Insights into link metrics are easily accessible with characteristics that include links (4G, 5G, leased line, and MPLS), cloud status, interface type, bandwidth up and down, alerts, latency, jitter, and packet loss. Link quality scoring and utilization are displayed as easy-to-read graphs.
Businesses are choosing VeloCloud because of the aforementioned zero-touch deployment and statistics, but also application performance and reliability traffic steering, direct cloud access via their public gateways, and choices in edge security.
There are over 3000+ applications that are listed as part of their deep application recognition. Applications can be classified as real-time (high), transactional (normal), and bulk (low - anything else). And once identified, you can define their policy and how you want to treat the application.
VeloCloud SASE, SSE and Remote Users
SASE and SSE security for VeloCloud is delivered by a range of partners rather than their own proprietary solution. The following partners deliver the VeloCloud capability:
- Zscaler
- Checkpoint
- Forcepoint
- Palo Alto
- Fortinet
- Netskope
- Menlo Security
VeloCloud will openly state that they are not a security vendor, preferring to add a range of best in breed vendors which they integrate into the solution. Their key value proposition, via partners, offers:
- Network security
- Application protection
- Threat protection and management
- User identity protection
- Network segmentation
- Workload encryption
- Layer 7 Firewall (Next generation)
- Web filtering
Although VeloCloud are not actually providing SASE or SSE security, they are integrating each solution into the dashboard and cloud based networks via API connections. It also important to note that VeloCloud are still using the gateways to optimize connectivity and access to each vendor.
What are VeloCloud features? |
VeloCloud feature description |
Does VeloCloud offer their own network? |
Yes. 100+ Global PoP's, 2000 gateways, SSAE16 Type 2 audited data centers. |
What managed services does VeloCloud offer? |
VeloCloud sells via a network of service providers across globe. |
Does VeloCloud support complex or simple requirements? |
VeloCloud is capable of supporting standard SD WAN requirements. If your business is a complex multinational, we would suggest considering alternatives. |
What SASE and SSE security is offered by VeloCloud? |
Delivered via a range of partners connected via VeloCloud gateways and integrated via APIs. |
What are the main features supported by VeloCloud SD WAN? |
Application recognition and steering (DMPO) routed via the VeloCloud global gateways. |
How does VeloCloud access the Cloud? |
Access PoPs are located within all major AWS, Azure and Google Cloud locations with multi-ISP connectivity. |
What is the VeloCloud SLA? |
VeloCloud customers are backed by a 99.99% uptime service level agreement (SLA) and offers 24/7 support through a global Network Operations Center (NOC). |
Who is VeloCloud?
VeloCloud is an expert cloud-based networking services provider that offers innovative Software-defined Wide Area Networking (SD WAN) solutions. Established in 2012, VeloCloud was acquired by VMware in 2017.
VeloCloud's SD WAN technology ensures secure and optimized connectivity for businesses across their distributed branches, data centers, and cloud environments. By delivering SD WAN via the cloud, VeloCloud empowers enterprises to seamlessly connect to cloud-based applications and services, ensuring unmatched performance and reliability, while reducing overall costs.
Why should your business should consider VeloCloud SD WAN?
- Customers with global site requirements will benefit from their network of PoPs and Gateways.
- Out of the box 3000+ application recognition with traffic steering means VeloCloud is ideal for companies using mainstream applications.
- Companies which currently use a security vendor are able to integrate their solutions into VeloCloud SD WAN. Choosing one of VeloCloud's supported SASE and SSE vendors will result in trouble integration via APIs.
- Existing VMware customers benefit from integration of their cloud VMware Workspace One platform with SD WAN.
- Multi-cloud strategies are a great fit for VeloCloud since their PoPs are located in exactly the same locations as AWS, Azure and Google Cloud.
What products does VeloCloud SD WAN include?
The main product features Meraki offers are as follows:
VeloCloud product |
Product description |
VMware SD WAN by VeloCloud |
VeloCloud's premier SD WAN offering is a cutting-edge solution that utilizes a 2000 gateway cloud-based architecture to efficiently connect and enhance the performance of remote workers, branch offices, and cloud environments. |
VeloCloud Edge SD WAN |
VeloCloud hardware component can be implemented at a company's branch offices or data centers, delivering connectivity and optimization features to support local applications. |
VMware SD WAN Orchestrator |
Cloud-native management platform offers a centralized approach to configuration, monitoring, and analytics for the implementation of SD WAN. |
VMware Secure Access Service Edge (SASE) |
Security-focused SD WAN solution that combines SD WAN, security, and Zero Trust Network Access (ZTNA) features into a single platform. |
VMware Workspace ONE SD WAN |
VMware SD WAN is specifically engineered to operate seamlessly in conjunction with VMware Workspace ONE, an all-inclusive digital workspace platform. |
VMware NSX Cloud |
Delivers both security and network virtualization features, including micro-segmentation, distributed firewalls, and VPN connectivity, all tailored to meet the needs of cloud-based environments. |
What is VeloCloud's Gartner SD WAN Magic Quadrant status?
VeloCloud is a Gartner Magic Quadrant leader.
Who are VeloCloud's main competitors?
HPE Aruba, Cato and Aryaka are alternatives to consider. HPE Aruba because too their out of the box policies, WAN optimization and capability to support complex requirements. Cato and Aryaka as their platform offers a private backbone which is an alternative to the public cloud gateways offered by VeloCloud.
What are the benefits (pros) and drawbacks (cons) of VeloCloud?
Benefits (pros) |
Drawbacks (cons) |
Good for companies requiring a large telco service provider approach to SD WAN deployment. |
SASE and SSE security is delivered by partners. |
Network of PoPs and public gateways with resilient ISP connections. |
Limited feature set compared to other vendors in the market. |
Out of the box application recognition with link steering and improved latency and performance for mainstream apps such as Office 365. |
Proposition appears to be an add-on to VMware products rather than a focussed product. |
Recommended resource for VeloCloud: Find your local sales contact, download the latest VeloCloud service PDF or book a demo, visit VeloCloud on the Netify Marketplace.
7. Palo Alto Review
We initially noticed how simple activation of the Palo Alto solution actually is when bringing up a site.
Activation of the Palo service is simple. First, place an order which is shipped to your designated site address. Second, a link is emailed to the admin notifying the team of the device arrival. Third, a user ID and password is created, and then finally, the service is ready for activation.
Once logged in, you will be taken to the Common Services screen, which shows the current inventory. You'll be shown any unclaimed licenses on this screen, so if you have made a set purchase of licenses, any unused inventory will be detailed on this screen.
When you click on the claim button, you can select the account - you can configure multiple tenancies if your organization operates across multiple business divisions. Once this initial site is activated, Prisma will automatically build the initial configuration.
Setup of Prisma SD WAN is simple, which is in part due to the way in which the inventory of licenses is displayed with the ability to apply out-of-the-box configuration.
We noted that the actual configuration portal is split into 5 initial tabs:
- Name
- Type
- Policies
- Circuits
- Summary
The naming of each site is simple, with only basic requirements needed to get started. Selecting the "type" tab is a choice between branch (users and services) and data center (apps and services). Selecting branch requests you to select the policies, which include the path policy, QoS policy, security policy, and NAT policy. Moving to the circuit tabs means selecting the type of internet underlay connection, the provider, and the actual description. Lastly, the portal then displays a summary of everything configured at this point - this means the site is ready for the site to be assigned.
The solution consists of ION appliances, which are all managed via a cloud management platform. Palo Alto is known for their experience across cybersecurity, and their SD WAN appliances or clients can be routed via cloud SASE Prisma Access solution. The proposition is essentially WAN and security as a service.
Using the serial number of the Prisma ION (SD WAN appliance) allows you to attach the ION to your designated site, which allows configuration of the device. There is the ability to configure the interface where you set the IP address, description, and circuit label - if the device is configured as internet, the security policy will be automatically assigned. Additional options include routing (static or BGP), SNMP, Syslog, NTP profiles, IPFix (NetFlow), and DNS service profiles.
Prisma Configuration Abstraction
Prisma configuration abstraction allows IT teams to build policies, which can be distributed (abstracted) as interchangeable building blocks that can be reused throughout the business. All policies are defined and configured within the portal to the controller - simply build the policies and abstract them to the site. One key element is to create a simple policy stack per site, which essentially takes the default rules created (path steering and QoS), but also builds on further rules as required.
When a branch site is brought up, the encrypted tunnel will auto-build to a designated hub site.
One of the key areas of value surrounds multi-tenancy, which enables the entire SD WAN cloud controller architecture to be offered to multiple customers if you're a managed service provider or simply require complete separation between businesses. We note the Prisma architecture also includes MicroService, which enables high availability and elasticity with automatic scaling (due to the virtualized environment).
We recommend looking the Prisma cloud controller status page which shows the current availability of their service.
The Palo Alto Prisma SD WAN platform is focussed on machine learning and automation and is one of the key pillars of their SASE solution. The proposition is based around the following 3 pillars:
- Application defined (Visibility, policy and path decisions at the application layer)
- Autonomous using machine learning and AIOps
- Cloud delivered branch services
One of the core benefits of the Palo Alto SD WAN solution is their deep visibility into layer 7 (the application layer) with performance insights and traffic steering. So bandwidth utilization can be examined at the site level and per application with statistics across latency and jitter, allowing IT administrators to manually adjust traffic steering as required.
AIOps can automate network health metrics and will proactively identify issues, which can then create new policies. Prisma SD WAN can also correlate network issues to determine the root cause, which, in turn, helps with troubleshooting and reduction of support tickets.
CloudBlades is an API platform for integration of third-party services. For example, multi-cloud into AWS, Azure, and Google Cloud or integration with SaaS apps, including Office 365 or Salesforce. Access is also available to operations, e.g., ServiceNow, so CloudBlades can be automated to create tickets.
Prisma offers an extensive range of ION appliances with zero-touch deployment and cloud configuration. Palo Alto SASE, SSE, and remote users.
Prisma SD WAN is fully integrated into Prisma Access (the Palo Alto SASE platform), which combines the two products. The Access product provides cloud security with machine learning across threat protection.
Palo Alto Prisma Access SASE, SSE and Remote Users
Palo Alto provide their own Prisma SASE and SSE security directly as part of the SD WAN product, they are also integrating other vendors into the dashboard and cloud based networks via API connections. It also important to note that Palo Alto are still using the gateways to optimize connectivity and access to each 3rd party vendor.
The goal is to provide a cloud-based Zero Trust solution with a complete SASE and SSE capability which include ZTNA, CASB, Secure Web Gateway and Firewall as-a-service (FWaaS) with AIOps.
There are 4 new innovations across Prisma SASE as follows:
- SaaS Security Posture Management (SSPM)
- New ML-powered Security Services
- AIOps for SASE
- SD WAN appliances
SSPM performs the task of securing SaaS applications, which essentially covers 90% of the applications used within the enterprise. Palo Alto recognizes the huge amount of settings within each application, which means there are various vulnerabilities. In short, anywhere there is a gap, there's an opportunity to be hacked.
With SSPM (part of their SASE CASB solution), Palo Alto has added security-focused checks with a prevention-first approach across a significant amount of SaaS applications. The majority of standard SASE vendor policies do not continue to meet the growth of new SaaS applications.
When using SSPM, we could view all SaaS applications with a posture summary based on all of the Palo Alto security settings. But more importantly, we could also see any applications that are potentially going to put the business at risk.
Once a security setting is applied, the security is locked in place to apply the policy based on the current risks is held without drift.
Machine learning analyzes the actual payloads, which have a much more invasive approach based on what the solution actually learns on a 24/7 basis. The ML approach is dealing with threats, which include phishing and also the advanced threat techniques that attackers are using to control devices (command and control protocols). Using inline ML, Palo Alto is stopping threats in real-time.
DNS attacks are also another strong point of the Palo Alto threat protection solution.
AIOps helps predict anomalies and the forecast of capacity to prevent disruptions, improvement of security posture, and automate troubleshooting and remediation. The core of AIOps is how simple it is to troubleshoot issues - simply ask a question to understand the flow of that particular issue.
What is Palo Alto SASE ZTNA 2.0?
Palo Alto is heavily marketing their ZTNA 2.0 product as their primary security product to meet the demand of remote users. The typical approach routes traffic via a broker to authenticate without any internal traffic inspection, which would mean once connected, there is no posture assessment or detection of exploits.
ZTNA 2.0 builds upon the granular inspection of standard ZTNA 1.0 by providing further constant tunnel inspection for malware, misbehaviors, and data loss.
All security policies are managed by the central controller with complete separation between ION devices using TLS encryption. The data plane is completely separate from the controller; they operate independently based on the policies that have been configured. The actual controller is not needed for day-to-day operation of the ION device.
Prisma implements an Authorization Chain of Trust by way of a certificate that has been shipped with the device. The activation is completed by way of manual user authorization, which generates a specific ID with a customer install certificate that initiates the connection with the controller. The device must be assigned with the appropriate policies, which then enables the initial claiming process. VPN tunnels are then brought up using VPN keys, which are installed within the ION - note the controller can be disconnected for 72 hours as enough keys are provided.
Four sessions are established between the ION and controller:
- MRL (Message Routing Layer) to provide connectivity between the ION and controller
- Flows and statistics
- Logs
- Remote Access
Prisma SD WAN software and upgrades occur approximately every 3 months - note that the upgrade does not take the ION data plane off-line.
What are Palo Alto features? |
Palo Alto feature description |
Does Palo Alto offer their own network? |
No but the solution is available by a large number of carriers with their own IP backbone. |
What managed services does Palo Alto offer? |
Palo Alto sells via authorised channel partners and service providers. |
Does Palo Alto support complex or simple requirements? |
Palo Alto is capable of supporting standard SD WAN requirements but is more aligned to larger Enterprise businesses. |
What SASE and SSE security is offered by Palo Alto? |
Comprehensive SASE and SSE which includes ZTNA, CASB, SWG and NGFW all delivered via a cloud-native platform. |
What are the main features supported by Palo Alto SD WAN? |
SaaS application security, traffic steering and granular QoS policies. |
How does Palo Alto access the Cloud? |
Palo Alto supports multi-cloud access and is configured to support and connect with all leading cloud vendor solutions. |
What is the Palo Alto SLA? |
Typically defined by carriers and resellers. |
Who is Palo Alto?
Palo Alto Networks is a well-known cybersecurity solutions provider that offers a comprehensive suite of security products and services to safeguard organizations from cyber threats. Founded in 2005, the company is headquartered in Santa Clara, California, and has been leading the industry with its advanced next-generation firewall technology, which provides unparalleled protection against advanced cyberattacks and network security breaches.
Apart from its innovative firewall technology, Palo Alto Networks also offers a range of other security products, including endpoint protection, cloud security, threat intelligence, and security analytics, which are designed to complement and strengthen an organization's overall security posture.
Palo Alto Networks caters to a diverse range of industries, including healthcare, financial services, government, and education, providing customized security solutions that meet the specific needs of each industry.
Why should your business should consider Prisma (Palo Alto) SD WAN?
- Customers with limited IT staff will benefit from their AIOps platform which offers AI troubleshooting with ongoing analysis of security posture, application use and threats.
- Companies which use a large amount of SaaS applications will benefit from the Palo Alto Prisma CASB which applies granular security to in excess of 100 known apps and services.
- Multi-cloud accèss is a focus of Prisma, if your business is using AWS, Azure and Google Cloud, Prisma applies their CNAPP solution (Cloud Native Applications Protection Platform).
- If your companies is considering a service provider, Prisma is one of the most used vendors - they provide threat intelligence services to over 70 carriers.
- ZTNA 2.0 is helping remote users by applying continuous zero trust with improved granular inspection of each application.
What products does Palo Alto SD WAN include?
The main product features Palo Alto offers are as follows:
Palo Alto product |
Product description |
Prisma SASE |
ZTNA 2.0, CASB, SWG, SD WAN and AIOps. |
Prisma Access |
Prisma access brings everything together under one platform, essentially a unified security product deployed as a cloud-native service. |
Prisma SD WAN |
SD WAN by Prisma is powered by the Palo Alto AIOps platform to offer application traffic steering, QoS, SASE and SSE with continuous learning. |
Network Security |
Palo Alto are known for their Next generation Firewall capabilities. Under the network security product, the company is offering SASE, NGFW and CDSS via their Nova product. |
Cloud Delivered Security |
Choose each element as required which includes advanced threat protection, Wildfire, advanced URL filtering, DNS security, IoT Security, SaaS security and Enterprise DLP. |
Endpoint Protection |
The Palo Alto Cortex platform is based on XDR (Extended Detection and Response) which utilises AI learning to constantly protect against Malware. |
What is Palo Alto's Gartner SD WAN Magic Quadrant status?
Palo Alto is a Gartner Magic Quadrant leader.
Who are Palo Alto's main competitors?
Fortinet, Versa and Meraki are alternatives to consider. Palo Alto is capable of granular configuration which is a match for the capability of Fortinet. Versa is also focussed on security and equally cost effective so should make your shortlist. Meraki is perhaps not a natural competitor but the Cisco Umbrella portfolio does offer significant security capability.
What are the benefits (pros) and drawbacks (cons) of Palo Alto?
Benefits (pros) |
Drawbacks (cons) |
Excellent SASE capability created by their strong history as a security vendor. |
Fragmented product set which is demonstrated by their multiple overlapping products. |
Some of the latest security enhancements such as ZTNA 2.0 show their goal of continuing as a leading security vendor. |
Features and products appear to be aimed at the larger Enterprise market, smaller businesses may be better suited to alternative solutions. |
Excellent cloud-native capability, portal is simple to use and quick to deploy services. |
Palo Alto solutions are typically sold by service providers (large carriers) and MSPs which is a good fit for larger organisations but may limit their supported product set. |
Recommended resource for Palo Alto Networks: Find your local sales contact, download the latest Palo Alto service PDF or book a demo, visit Palo Alto on the Netify Marketplace.
8. Fortinet Review
We initially began with Fortinet by viewing the Fortinet Manager orchestration portal which displays icons to quickly access each element of the solution. Fortinet Analyzer is also built into the Fortinet SD WAN orchestration platform enabling IT teams to quickly view statistics.
To add a branch office, we began by utilizing the new and straightforward four-step SD WAN Overlay Wizard to develop a dual-hub SD WAN Overlay. Defining hubs and branches is all that's necessary, followed by completing some fundamental LAN and WAN information.
Upon completion, the wizard will generate the required provisioning templates and place them in a newly formed template group - there are template groups created automatically for both hubs and branches.
These template groups can now be used for easy provisioning or push down configuration changes to many devices at once. Next, I provisioned a third branch to the test SD WAN. For this, I used another new feature that streamlines provisioning, which is the device Blueprint.
The Performance SLA health checks supply continuous evaluations and SLA thresholds, which are subsequently utilized to create steering decisions.
Application identification operates across 5,000 applications, with Fortiguard Labs adding and updating more each day. If you have developed any applications in-house, you can add custom application signatures and utilize them for application steering.
It's worth noting that you have the option to group applications together into application groups or even direct whole categories of applications. There are options available to assign applications - the "Best Quality" option enables automatic application steering based on the metric that is deemed most important. This can include latency jitter, packet loss, available bandwidth, or even a weighted combination of these factors. This feature enables improved voice and video quality even when packet loss occurs.
Fortinet Analyzer provides analytics for both security and networking purposes via a global map that displays SD WAN sites.
The sites are color-coded so that admins can easily identify which ones are experiencing problems. With a quick glance, you can view a real-time snapshot of the latency, jitter, and packet loss of each site.
There are several useful analytic charts and graphs available in Fortitude. You can view the bandwidth usage, SD WAN quality, and current active path per SD WAN rule. Furthermore, there are historical graphs for each performance SLA that displays latency, jitter, and packet loss.
Fortinet has two predefined SD WAN monitors, one of which is the Secure SD WAN monitor that displays essential metrics on a per-site basis. You can access the branch one analytics for the past four hours, and the time range can be customized to as little as five minutes or up to several months.
This particular SD WAN monitor contains an abundance of useful metrics. At the top, you can view a real-time snapshot of key network metrics for each member, while scrolling down will reveal the amount of bandwidth being consumed. You can also view the historical performance chart, as well as the SD WAN rules utilization chart, which graphically represents the paths utilized by each application.
Moving on, the next chart provides information on the applications that consume the most bandwidth, while the following one displays the top SD WAN SLA issues, alerting admins of potential network problems. The next three charts provide key information on passively measured applications, offering great insight into how your applications are performing.
IT admins have the ability to measure and steer based on the MOS score, which is a metric that represents the perceived quality of a call. Finally, you have detailed graphs on measured results for performance SLAs, which can assist in determining if the network was the root cause for application issues during troubleshooting.
The SD WAN Summary Monitor is also available in Fortitude, which displays alerts, SLA issues, top applications, and top sites consuming bandwidth, providing an overview of your entire SD WAN at a glance.
Fortinet SASE, SSE and Remote Users
FortiGuard Labs threat intelligence is a crucial aspect of Fortinet's all-in-one SASE solution, which allows inspection of dia traffic for users. Activation of this feature requires navigating to the NGFW Firewall policy and selecting the security layers you wish to enable, such as AV, IPS, and SSL inspection.
You don't have to send your traffic to the cloud or integrate with another solution to secure remote users. Instead, you can use cloud-delivered security services hosted by Fortinet using FortiSASE.
What makes FortiSASE unique is that it's powered by the same FortiOS and FortiGuard AI-powered security services as our on-prem FortiGates. This allows for a genuine single-vendor SASE solution, enabling customers to extend SWG Firewall as a Service DLP, IPS, and ZTNA to secure the remote workforce.
To ensure secure internet access, remote users connect to Fortinet SASE through SSL VPN for security inspection. For clientless mobile users, a PAC file is used to leverage SWG functionality for traffic inspection. Layer Seven content inspection is defined in Security Profiles and applied to VPN or SWG policies for secure private access. The solution offers secure access to internal resources, applications, and hosts. FortiSASE tags are centrally defined and pushed to the FortiGates configured with ZTNA rules, serving as ZTNA gateways.
Alternatively, FortiSASE can integrate with Fortinet Secure SD WAN, where it becomes part of the SD WAN overlay. This allows FortiSASE to utilize SD WAN and provide the best path for remote users accessing internal resources.
It's worth noting that Fortinet Secure SD WAN also offers integrated SD-Branch capabilities. The solution seamlessly integrates with FortiSwitches, FortiAPs, and FortiExtenders and manages them under the same console from FortiManager. You can create various switch and WiFi templates for mass provisioning and configuration updates. The solution offers a comprehensive feature set and detailed per-branch visibility. With its natural integration with FortiGates, it provides additional security fabric automation capabilities that are only possible when both security and networking components are built on top of a unified OS.
What are Fortinet features? |
Fortinet feature description |
Does Fortinet offer their own network? |
No, Fortinet does not offer network access but their solutions are available via selected service providers. |
What managed services does Fortinet offer? |
All Fortinet managed services are available from authorised resellers and managed service providers. |
Does Fortinet support complex or simple requirements? |
Fortinet is very capable when dealing with both simple and complex requirements. |
What SASE and SSE security is offered by Fortinet? |
Complete SASE solution with NGFW, CASB, SWG, ZTNA and threat protection delivered via their Fortinet security fabric. |
What are the main features supported by Fortinet SD WAN? |
Next Generation Firewall with network security. |
How does Fortinet access the Cloud? |
AWS, Azure and Google Cloud are all accessible via the Fortinet solution with API integration via their respective marketplaces. |
What is the Fortinet SLA? |
Fortinet offers a 99.999% SLA across their core cloud infrastructure but the overall SLA will be provided by their partners. |
Who is Fortinet?
Fortinet is a global leader in cybersecurity solutions, catering to businesses, government organizations, and service providers with an extensive range of network security products.
Established in 2000, Fortinet is headquartered in Sunnyvale, California, USA. The company's cutting-edge solutions encompass firewall, intrusion prevention, antivirus, endpoint security, and secure access products. Additionally, Fortinet provides cloud-based security services and SD WAN solutions, enabling organizations to safeguard their networks and digital assets from the growing menace of cyber threats.
Trusted by businesses of all sizes and across diverse sectors, Fortinet's top-of-the-line products and services offer comprehensive security solutions to counter emerging cybersecurity challenges.
Why should your business should consider Fortinet SD WAN?
- Customers with advanced security requirements with the need to apply granular control to policies will benefit from using Fortinet.
- If your company requires WAN edge hardware solutions, Fortinet remains an excellent choice due to the high performance of their hardware.
- Highly experienced security vendor, recognised for their capabilities by Gartner and Forrester.
- Good choice for co-managed SD WAN as their platform is not the simplest to setup and configure when compared to other vendors.
- Smaller organisations will benefit from Fortinet by engaging with the right partner to deliver secure, cost effective solutions.
What products does Fortinet SD WAN include?
The main product features Meraki offers are as follows:
Fortinet product |
Product description |
Network Security |
Next generation Firewall with SASE capability which majors on IPS. |
Enterprise Networking |
Fortinet approach to both the WAN and LAN with hardware to support 4G/5G and secure work from home solutions. |
ZTNA for Remote Users |
Identity Access Management (IAM), Identity as-a-service and PAM (Privileged Access Management). |
Cloud Security |
Virtual network firewall, DDoS (Denial of Service) protection, workload protection and cloud security posture management. |
Security Operations |
Analytics and reporting, SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automation, and Response) with Endpoint detection and response and XDR (Extended Detection and Response). |
Cybersecurity Services |
Content security, Web security, device security and Sandbox with real time threat protection provided by FortiGuard. |
What is Fortinet's Gartner SD WAN Magic Quadrant status?
Fortinet is a Gartner Magic Quadrant leader.
Who are Fortinet's main competitors?
Fortinet are a highly capable security vendor. The most natural competitors are Palo Alto, Versa and Meraki. Palo Alto (Prisma) is a comparable security first vendor with strong SASE capability. Meraki and Versa are broad based in comparison but features align and both are cost effective.
What are the benefits (pros) and drawbacks (cons) of Fortinet?
Benefits (pros) |
Drawbacks (cons) |
Well priced solution for small and medium sized businesses. |
Not the simplest interface to use when deploying Fortinet as a DIY solution. |
Strong history of security with recognition by industry experts including Gartner. |
Generally not recognised as a solution for complex large Enterprise solutions. |
Huge range of partners which enable locally delivered and supported services. |
Continue to evolve their security solutions with new features to keep up with global threats. |
Recommended resource for Fortinet: Find your local sales contact, download the latest Fortinet service PDF or book a demo, visit Fortinet on the Netify Marketplace.
9. Barracuda Networks Review
Barracuda is unique because of the way in which the SD WAN provider is heavily integrated into the global Azure backbone. In this way, they are different from companies such as Cato, Aryaka, and traditional carriers since they are actually traversing the globe via Azure. We tested their SD WAN platform to see how simple it was to set up an initial SD WAN solution.
To begin with, we obtained a Barracuda Cloud Control account by visiting BCC.BarracudaNetworks.com, while we created an Azure account at Portal.Azure.com. Once we had both accounts, we logged into the Azure portal and selected the marketplace. We found Barracuda and chose the Barracuda CloudGen One service, which provides CloudGen One management. Here, we were provided with a unique name for the service and a valid phone number before subscribing. Once we subscribed, we logged in with our Barracuda username and password to access the CloudGen One management console portal.
We managed to set up three hubs in Microsoft Azure - one in US East, one in Europe West, and one in Japan East. These hubs will serve as our test backbone for Barracuda's cloud and WAN. To begin, we went to the Azure marketplace and searched for Virtual WAN. We chose the standard type since it supports hub-to-hub connections. After the deployment was complete, we pinned it to the dashboard for easy access later. In short, we created three hubs, one for each region, giving each hub a private address space. Once all three were created, we had our global backbone set up using virtual WAN in Microsoft Azure.
Upon logging in using the details we created, I was directed to the CloudGenius Management console. It is still empty as we have not defined any gateways or sites, and virtual One is not yet available. In order to proceed, I clicked on the Generate Token option located on the right-hand side to get the token required for the process. After copying the token, I moved to the Azure Marketplace. By clicking on the hyperlink, I was redirected to Portal.Azure.com, and the Barracuda CloudGen One gateway was displayed in the marketplace.
With the above step complete, I defined some key details which included the resource group, region, and application name, which will also be visible in the CloudGen One management console. Then, I selected the virtual One hub, defined the scale unit, pasted the token, and clicked on view and create. The final step is to accept the terms and conditions before clicking on create. The gateway is created and connected to the cloud and one environment after a few minutes.
After successfully deploying the first gateway, I proceeded to create the second one, following the same process as the first gateway. Since the process is identical for all three gateways, I sped up the video for the convenience of viewers. Once all three gateways are deployed, I stayed on the Azure Portal dashboard. The dashboard shows the virtual one and the managed applications, which are the Barracuda Cloud M One gateways.
I connected to the Istios hub, and here I can see the NVA or network virtual appliance, which is Barracuda, and that is our CloudGen One gateway. Lastly, I closed the portal and went to the management console, where I could view the three gateways that are already connected to Hub inside.
Barracuda SASE, SSE and Remote Users
It's interesting to hear about the collaboration between Microsoft and Barracuda to create a secure SD WAN service through the vWAN product. The goal was to make it easy for customers to deploy the solution, regardless of the number of locations, through a zero-touch service that allows branch office appliances or VMs to self-register into an orchestration service.
Barracuda's SD WAN technology, which has been developed over a decade, provides multi-transport capabilities to give customers resiliency and integrates it into their vWAN platform, allowing customers to deploy their hubs or pops wherever they are needed. The service integrates security capabilities, including next-generation firewall capabilities, secure web gateway capability, and fine-grained policies for site-to-site and site-to-cloud use cases.
The Barracuda SASE integration with Azure vWAN allows Barracuda to embrace this evolving best practice principle where policy enforcement can be done in the cloud and pushed out to the edge.
Overall, it's an exciting space to be playing in - the collaboration between Microsoft and Barracuda to create a global secure SD WAN service through the vWAN product seems to be a step in the right direction and is unique compared to other vendor solutions.
Barracuda's Zero Trust Solution offers ongoing device compliance checks and access control to provide industry-leading security levels.
The solution's security features are comprehensive, with Barracuda's Threat Intelligence Network analyzing threat information from millions of sources for the most up-to-date view of the global threat environment. Centralized management allows for easy configuration, policy setting, and maintenance of IT infrastructure without forcing data to be funneled through Barracuda's cloud.
Barracuda also supports Edge Compute capabilities, enabling low-latency processing and pre-filtering of telemetry data for commercial and industrial use cases.
Although Barracuda is not actually providing SASE or SSE security, they are integrating each solution into the dashboard and cloud-based networks via API connections. It is also important to note that Barracuda is still using the gateways to optimize connectivity and access to each vendor.
It is anticipated that Barracuda will continue to invest in key areas such as Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE), cloud-based reporting, and Extended Detection and Response (XDR) to further enhance their offerings.
What are Barracuda features? |
Barracuda feature description |
Does Barracuda offer their own network? |
No, they rely on the Azure global data centers to deliver their solution. |
What managed services does Barracuda offer? |
Barracuda offers a fully managed platform via a number of partners but also directly from the vendor. |
Does Barracuda support complex or simple requirements? |
Barracuda is a good fit for the SME market and therefore does not have the natural capability to support large Global Enterprise business. |
What SASE and SSE security is offered by Barracuda? |
Email protection, Web application Firewall, Next Generation Firewall, CASB, Web security and filtering. |
What are the main features supported by Barracuda SD WAN? |
Cloud Firewall with SD WAN to ensure the highest level of service quality (QoS), WAN optimization technologies such as advanced data caching, network traffic compression, and network link pooling are implemented. The traffic is also prioritized to ensure sufficient bandwidth is available for business applications at all times. |
How does Barracuda access the Cloud? |
Native with AWS and highly recommended for companies that are fully embedded into AWS. Barracuda also offer solution to access Azure and Google Cloud. |
What is the Barracuda SLA? |
Barracuda offer specific SLA's per product. |
Who is Barracuda?
Barracuda is an expert cloud-based networking services provider that offers innovative Software-defined Wide Area Networking (SD WAN) solutions. Established in 2012, Barracuda was acquired by VMware in 2017.
Barracuda's SD WAN technology ensures secure and optimized connectivity for businesses across their distributed branches, data centers, and cloud environments. By delivering SD WAN via the cloud, Barracuda empowers enterprises to seamlessly connect to cloud-based applications and services, ensuring unmatched performance and reliability, while reducing overall costs.
Why should your business should consider Barracuda SD WAN?
- Barracuda is natively integrated within Microsoft Azure - customers using the Azure marketplace and data centres should consider their solution which will maximise network traffic performance.
- Cost effective and capable of meeting the needs of most medium to large North American businesses. (Note, Barracuda is not a natural choice for UK based businesses)
- Companies which rely on Office 365 can benefit from the integration with Azure.
- Simple to use configuration with good statistics and reporting.
- Their CloudGen platform can be deployed immediately via the Azure Marketplace.
What products does Barracuda SD WAN include?
The main product features Barracuda offers are as follows:
Barracuda product |
Product description |
Barracuda Email Protection |
Ant-spam, Anti-malware and advanced threat protection, phishing and impersonation protection, account takeover protection, domain fraud protection, web security and Zero Trust. |
Barracuda App and Cloud Security |
WAF-as-a-service, Web application firewall, Advanced bot protection, API security and cloud security guardian. |
Barracuda Network Security |
CloudGen Firewall, SD WAN, ZTNA, Industrial security, Web security and filtering. |
Barracuda Data Protection |
Data backup, cloud backup and data inspector to scan Office 365 for malware. |
What is Barracuda's Gartner SD WAN Magic Quadrant status?
Barracuda is a Gartner Magic Quadrant niche player.
Who are Barracuda's main competitors?
In some ways, Barracuda stands alone due to their native partnership with Microsoft Azure. Consider Cato and Aryaka as alternatives to using the Azure backbone, both offer private backbone connectivity. Cato and Aryaka also fit with the mid-market which is exactly the focus market for Barracuda SD WAN.
What are the benefits (pros) and drawbacks (cons) of Barracuda?
Benefits (pros) |
Drawbacks (cons) |
Good fit for smaller companies requiring cost effective SD WAN services. |
Lacks integration with 3rd party security vendors. |
One of only a few SD WAN providers with native integration into Azure. |
Barracuda will support AWS and GCP but adoption generally fits with Azure. |
Strong support for Industrial IoT protection. |
Roadmap is not as clear with regards to SASE and SSE, |
Recommended resource for Barracuda: Find your local sales contact, download the latest Barracuda service PDF or book a demo, visit Barracuda on the Netify Marketplace.
10. Forcepoint Review
We began by using the actual Forcepoint orchestrator, which is essentially the SD WAN management center. The benefit of this center is that it can manage digital devices regardless of their location or the platform being used.
In addition to branch offices, the solution can also be deployed in cloud locations, which include AWS, Google Cloud Platform, or Azure, allowing for the deployment of secure SD WAN edge infrastructure devices in data centers and public cloud locations. The same management platform is used for all these different deployments, making it a platform-agnostic solution for secure SD WAN edge infrastructure.
The SD WAN section of the Forcepoint solution allows for link-agnostic deployment, meaning any combination of links can be used in the environment with no limitation on the number of links that can be used. The intelligent application routing capability allows for the routing of traffic based on the type of application and the desired path. The overlay network also constantly monitors the overall performance of the links and provides real-time counters for monitoring the SD WAN overlay network performance.
The solution also provides both real-time and historical visibility to all the events that are happening over the SD WAN environment, and this visibility includes statistical reporting and real-time logging. For deployment of sites, the solution offers a true cloud-based zero-touch provisioning.
The advanced security features of the solution include granular security controls with full man-in-the-middle capabilities, which allow for decryption of TLS and inspection before re-encryption. The solution is very granular with the definitions for web traffic, and it also allows for white-listing of personalized and indescribable data such as financial data and healthcare information. The deep inspection and file filtering capabilities offer full IPS and IDS capabilities to protect against malware and worms.
Overall, the Forcepoint Secure SD WAN solution fits well with the notion of using a SASE approach to connect and protect distributed organizations. It allows for the centralized visibility and control of the organization's digital devices, no matter their location or platform.
Forcepoint guarantees that your business-critical applications will always have the best performance and availability - SD WAN application routing ensures that, for example, none of the non-business applications can take priority over the business application. So we are not only looking at the tier packet loss and latency, but also the overall capital link and then the health zone with very advanced application routing available for cloud applications and on-premise hosted applications.
In addition, Forcepoint is looking at the overall network layer with application health monitoring, which provides the benefit that IT admins can actually pinpoint any problems they might have with the application itself, whether it occurs in the cloud, in the network, or in the endpoint itself. So not only do you look at the network level information, but you also receive the application latency and protocol.
Forcepoint SASE, SSE and Remote Users
Forcepoint One is easy to manage and easy to use. Administrators log in to the Force One console to set security policies and monitor what is happening. This unified portal in the cloud makes setting security policies easy.
Once in the portal, you can control how people access and use your data on the web to enforce your acceptable use policies, prevent uploading of sensitive data, and defend against potential malware in cloud and SaaS apps to control how, where, and when your managed cloud apps and data are used even from BYOD and unmanaged devices and in internal private applications in data centers or private clouds.
Within each policy, you can quickly specify what actions to take in each situation. To keep attackers out and sensitive data in, you can allow certain groups of people to log into cloud apps such as Microsoft 365 from a personal device but not be able to download files.
This data protection works in both directions. With a few clicks, you can prevent users from uploading sensitive files into unmanaged websites like Dropbox or personal email. Force One comes preconfigured with a wide range of geographic and industry-based DLP patterns that can be added to a policy in seconds.
It also helps keep people safe from malware and Internet attacks as they surf the web and use unmanaged web applications. With Forcepoint One, you can enforce your corporate web usage policies anywhere so that remote users don't engage in prohibited activity that could put your organization at risk but also allow for safe access to websites they need to use, but that you're concerned might not be safe.
As is often the case for lawyers, insurance adjusters, financial organizations, and others having to look up information on the internet, our remote browser isolation provides true zero trust browsing, including sanitizing downloaded files so that they can be opened without risk.
And browsing is fast. Instead of detouring traffic through a separate cloud service, our security is enforced locally on the managed device so that traffic can go directly to the website. With this unique distributed architecture, browsing is up to twice as fast as other web security solutions.
This same threat protection and data security can be applied to private applications in your internal data centers or private clouds. With Forcepoint's Zero Trust Network Access (ZTNA), you can control who can access your apps while freeing your users from the pain of VPNs.
You can prevent users from uploading malware into your line of business apps and limit who can download sensitive data, such as personally identifiable information, managing access and use of corporate data on the web, in the cloud, and in private apps all in one place.
Forcepoint and Office 365
Typically, organizations adopt Office 365 because they want to take advantage of the boost in productivity they can get from it, such as sharing files, having meetings, conducting business with people dispersed geographically, and exchanging files and content to make their business happen.
Forcepoint DLP and Office 365 work together to secure each component of the solution. In a demo of a file transfer over MS Teams, we configured a Forcepoint DLP policy to understand the sub-application part of Office 365 where the file has been transferred, ensuring that the upload of the file won't go through.
If the file was deemed confidential or sensitive, Forcepoint provides better control over how those files are exchanged by tailoring policies specifically for cloud applications in Office 365. Another example is using OneDrive - you may not want that in Teams or in SharePoint.
Forcepoint provides the granularity to be able to switch because they are very different applications. Office 365 is just a general suite, and Teams, SharePoint, and OneDrive have unique needs in terms of how you interact with people. This is a tremendous benefit that Forcepoint provides to customers, giving them the ability to have granular control and visibility.
In the demo, we could see how easy it was to apply extended granularity, and the DLP policies can be tailored to suit the customers' needs, not just what they came up with.
What are Forcepoint features? |
Forcepoint feature description |
Does Forcepoint offer their own network? |
No, Forcepoint do not operate their own network infrastructure. |
What managed services does Forcepoint offer? |
Forcepoint offers DIY, co-managed and fully managed SD WAN products & services. |
Does Forcepoint support complex or simple requirements? |
Forcepoint is not recommended for larger complex Global Enterprise deployments. |
What SASE and SSE security is offered by Forcepoint? |
Cloud-native SSE solution which offers complete control of all aspects of their security capabilities. Forcepoint offer CASB, SWG, ZTNA, RBI with a focus on DLP. |
What are the main features supported by Forcepoint SD WAN? |
Application QoS with traffic steering and excellent reporting dashboard which provides insights into network uptime and application performance. |
How does Forcepoint access the Cloud? |
Forcepoint are focussed on securing Office 365 applications within the Azure platform. |
What is the Forcepoint SLA? |
Forcepoint customers are backed by comprehensive 99.9% SLA across most products - details of which are located here. |
Who is Forcepoint?
Forcepoint is a renowned cybersecurity company that specializes in providing effective and reliable solutions to help businesses safeguard their crucial data and networks from potential internal and external threats. Established in 2016, Forcepoint is the result of a merger of three cybersecurity giants - Raytheon Cyber Products, Websense, and Stonesoft.
With its extensive range of products and services, Forcepoint caters to the diverse security needs of organizations. Its offerings include cloud access security brokers, web and email security, insider threat protection, data loss prevention, and network security. These solutions are strategically designed to ensure that companies can protect their confidential data, intellectual property, comply with regulations, and prevent cyberattacks.
Not limited to a particular industry, Forcepoint serves a broad range of sectors such as government, healthcare, financial services, and retail, to name a few. Its global presence can be felt across the United States, Europe, and Asia Pacific, where it has established offices to cater to its clientele spread across 150 countries.
Why should your business should consider Forcepoint SD WAN?
- Companies which are heavily invested within the Office 365 eco-system will benefit from Forcepoint's capability to secure each element of the solution.
- Existing Firewall customers of Forcepoint will benefit from the progression of adding additional SD WAN, SASE and SSE features.
- Focus on DLP (Data Loss and Prevention) scanning across files and transfer of data occurring on the network.
- Forcepoint are aligned to verticals which includes Government, Critical Infrastructure, Finance, Healthcare and Energy.
- Forcepoint offer GDPR compliance across their solutions.
What products does Forcepoint SD WAN include?
The main product features Forcepoint offers are as follows:
Forcepoint product |
Product description |
Forcepoint Data Security |
Forcepoint's data security offers DLP, Data visibility, Risk-adaptive DLP and Insider threat protection. |
Forcepoint SASE and SSE Cybersecurity |
CASB, ZTNA, SWG, RBI and ZT CDR delivered by their Cloud-native platform. |
Forcepoint Network Security |
SD WAN and Net Generation Firewall with remote worker security. |
Forcepoint Government Cross Domain Solutions |
Secure data transfer, High speed verifier, Data Diode, Data Guard, High speed guard, Insider threat protection, data analyser, SimShield, WebShield, Trusted Tin Client and Remote, Trusted gateway system. |
What is Forcepoint's Gartner SD WAN Magic Quadrant status?
Forcepoint is a Gartner Magic Quadrant niche player.
Who are Forcepoint's main competitors?
Forcepoint lead with their SASE+SD WAN and SSE features. As a vendor, their capability is comparable to HPE Aruba in respect of features. Both companies began by offering a broad based capability across SD WAN. The Forcepoint value proposition is designed to reduce complexity which aligns with Cato and Versa which both offer out of the box capability.
What are the benefits (pros) and drawbacks (cons) of Forcepoint?
Benefits (pros) |
Drawbacks (cons) |
Good for companies preferring on-premises security capabilities. |
SASE platform not as advanced when compared to other vendors. |
Great for Office 365 with highly granular protection. |
Limited application performance and optimization features. |
Specific support for Government and companies with strong GDPR compliance requirements. |
|
Recommended resource for Forcepoint: Find your local sales contact, download the latest Forcepoint service PDF or book a demo, visit Forcepoint on the Netify Marketplace.