Call a Specialist Today! 844-294-0778

SD-WAN: Secure, High-Performance, Simple
Easily adopt an end-to-end SD-WAN architecture with natively integrated, world-class security and connectivity

Palo Alto Networks SD-WAN

The effects of the cloud on network and security transformation are undeniable. As the number of devices at branch locations grows and applications become more bandwidth-intensive, businesses are forced to spend more to accommodate demand. As a result, traditional wide area network (WAN) architectures with multiprotocol label switching (MPLS), which tend to eat up bandwidth as they backhaul traffic from branches to the cloud, render legacy approaches ineffective.

Software-defined wide area networking (SD-WAN), an approach that uses commodity links and allows you to intelligently manage as well as control connectivity between branches and cloud instances, is now a necessity for distributed enterprises. According to Gartner, by 2023, more than 90% of WAN edge infrastructure refreshes will be based on vCPE platforms or SD-WAN vs. traditional routers.1 However, with its benefits, SD-WAN also brings many challenges, such as lack of security, unreliable performance, and complexity. When security is an afterthought, it tends to be either subpar or bolted on, introducing management complexity. Moreover, network performance becomes less reliable because enterprises use the congested internet as the WAN middle mile—and when they try to address this by building their own SD-WAN hub infrastructures, they run into complexity. Ultimately, enterprises turn to multiple vendors or service providers to solve performance issues, which increases costs while decreasing control and visibility.


Secure Branch Connectivity Directly from Your Firewall

Solve the problems of traditional SD-WAN solutions with industry-leading:



Get industry-leading security natively integrated to SD-WAN.



Minimize latency and ensure reliability to deliver exceptional end-user experience.



Easily enable SD-WAN on your existing firewalls.

Secure SD-WAN by Palo Alto Networks

Palo Alto Networks SD-WAN offering lets you easily adopt an end-to-end SDWAN architecture with natively integrated, world-class security and connectivity. Using Prisma™ Access as the SD-WAN hub, you can optimize the performance of your entire network. This minimizes latency and ensures reliability, resulting in an exceptional user experience at the branches. You can consume our secure Prisma Access SD-WAN hub as a service, eliminating the complexity of building your SDWAN hub infrastructure, or you can build the hub and interconnect infrastructure yourself using Palo Alto Networks Next-Generation Firewalls. Regardless of your deployment model, our tight integration will allow you to manage security and SD-WAN on a single, intuitive interface.

 Palo Alto Networks SD-WAN cloud-based approach

Figure 1: Palo Alto Networks SD-WAN cloud-based approach

Optimized Connectivity for Improved User Experience

Palo Alto Networks SD-WAN lets you measure and monitor specific paths as well as dynamically move sessions to the optimal path, guaranteeing the best branch user experience. You can simply enable the SD-WAN subscription on your Next-Generation Firewalls and begin intelligently, securely routing branch traffic to your cloud applications.

Greater Performance with SD-WAN Hub

SD-WAN leverages commodity links, such as broadband internet, LTE, and more. However, while these links are cost-effective, they lack the reliable performance of dedicated, private links.

With Prisma Access acting as the SD-WAN hub, users can essentially go through a private network, bypassing the congested, unpredictable internet. By using a reliable, cloud native global backbone as your WAN middle mile, you ensure the best performance and user experience.

Central Management for Security and Connectivity

Eliminate the need to manage multiple, disparate consoles from different vendors by using Panorama™ network security management for both security and connectivity. Integrated SD-WAN configuration and monitoring allows you to leverage the familiar Panorama user and application workflow, cutting the time you need to spend reconfiguring policies and visualizations. Additionally, you get granular SD-WAN monitoring data and a dedicated configuration tree, giving you greater visibility into your network.

Simplified Branch Onboarding

Provisioning a new branch requires IT staff to configure and deploy appliances. Doing this on a large scale, and at distributed locations, makes branch onboarding costly and slow.

With zero touch provisioning (ZTP), you can automate tedious onboarding processes. Appliances can be drop-shipped to your branch locations, where they are powered up and connected to the internet. To complete onboarding, administrators simply need to register on a web portal. Then, administrators can immediately start managing deployment and configuration from a single location through Panorama.

Flexible Deployment Options

Palo Alto Networks supports multiple SD-WAN deployment options, including mesh, hub-and-spoke, and cloud-based deployments. Furthermore, you can consume Prisma Access SD-WAN hub as a service or simply enable the SD-WAN subscription on your Next-Generation Firewalls.