Transcription
Comparison chartCisco publicSD-WAN Competitive Comparison ChartCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Comprehensivetraditional routingservices. Smoothmigration withfeatures relevantto SD-WAN on thesame platform.Unified imagecommon acrosstraditional routingand SD-WAN.No investmentprotectionfor smoothermigration inrelation to SDWAN on sameplatform. Limitedtraditional routingfeature set.Enabling SD-WANdoes not requireadding to, orchanging, existinginfrastructure.No investmentprotectionfor smoothermigration inrelation to SDWAN on sameplatform. Limitedtraditional routingfeature set.Requires addingnew hardware touse SD-WAN.Enabling SD-WANdoes not requireadding to, orchanging, existinginfrastructure.Limited traditionalrouting feature set.Smooth migrationto SD-WAN on thesame platform.Completetraditional routingservices available.Appliances builtto service core,edge, and cloudlocations. Widerange of formfactors withphysical and virtualofferings.Appliances builtto service core,edge, and cloudlocations.Appliances builtto service core,edge, and cloudlocations.Appliances builtto service core,edge, and cloudlocations.Appliances builtto service core,edge, and cloudlocations.Appliances builtto service core,edge, and cloudlocations.Appliances builtto service core,edge, and cloudlocations.NetworkingSupports traditionalrouting and SD-WANon the same platformCore, edge, and cloudSD-WAN 2021 Cisco and/or its affiliates. All rights reserved.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Dedicatedcontrol, data,and managementplane componentsfor scalability andperformance,offering anSDN-compliantarchitecture.Flexibility ofmatchingarchitecture tobusiness Intent.Cloud-hosteddeploymentmanaged by CiscoCloud Ops team.Integrated controland data planecomponents Legacy combinedcontrol and dataplane architecture.Dedicatedcontrol, data,and managementplane components.Integrated controland data planecomponents limitflexibility.Integrated controland data planecomponents rauthenticationwith zero-touchprovisioning for allcomponents. Onetouch provisioningfor air-gappednetworksand MSPs.LimitedMultiple touchpoints to enableZTP process. Asit is based onFirewall enablingSD-WAN,it requiresmanual policyconfigurations.LimitedMultiple touchpoints.The ION devicesare pre-configuredto authenticateto the portal andsupport zerotouch provisioningand deployment.LimitedPurpose-builtSD-WAN ArchitectureTrue zero-touchprovisioning 2021 Cisco and/or its affiliates. All rights reserved.Requires additionalauthenticationsteps to provision.EdgeConnectdevices arepreconfigured,however requiresadditionalauthenticationsteps to provision.Requires additionalauthenticationsteps to provision.
Comparison chartCisco publicActive-active dualrouter SD-WANtopologyAdvanced routingprotocols forbrownfieldintegrationsCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Allows for activeactive networkingto provide higherthroughput andgreater reliability.Capability tohorizontally scalewith easy-to-usefeatures.Does not tional WANswitch required,which createsdependencies.Allows for activeactive networkingbut requires anadditional switch,which createsdependencies.Does not supportactive-activeconnections.Does not iveconnections.Extendsadvanced routingintelligence,such as EIGRP,OSPF, RIP, andBGP, into cloudenvironments,allowing for faster,more reliableconnectivity tocloud workloads.Supported withdual stack.Capability to alsodo underlay/overlay routing.Flexible policy andattribute supportfor easy routingmanipulation.LimitedAdvanced routingprotocols suchas BGP, OSPFsupported butdoes not providethe most efficientpath selection.LimitedSupportsadvanced routingprotocols,including BGPand OSPF.LimitedSupportsadvanced routingprotocols,including BGP andOSPF, but doesnot provide themost efficient pathselection. 2021 Cisco and/or its affiliates. All rights reserved.Advanced routingprotocols suchas BGP, OSPFsupported butdoes not providethe most efficientpath selection.Supportsadvanced routingprotocols likeBGP but lacksadvanced routingsupport forprotocols suchas OSPF.Supportsadvanced routingprotocols, suchas BGP, butlacks support forprotocols suchas OSPF.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Dynamic pathselectionautomaticallysteers criticalapplications aroundnetwork problems.Microsegmentationand identitybased policymanagementdrive consistentmultidomain policyenforcement fora uniform userexperience.LimitedPolicies for SDWAN and firewallare managedseparately,creatingcomplexities interms of trafficengineering andpassing downcentralized controland data planepolicies.LimitedLimitedLimitedPolicies can becreated andreused frombusiness intentperspective, butlimitations exist inmicrosegmentationand multidomainpolicy enforcement.Has the abilityto trafficengineer basedon applicationaware policy, butlimitations exist inmultidomain policyenforcement.Has the abilityto trafficengineer basedon applicationaware policy, butlimitations exist inmicrosegmentationcapabilities andmultidomain policyenforcement.Has the ability totraffic-engineerbased on routingattributes,security policy,and applicationpolicy, butlimitations exist inmultidomain policyenforcement.Automatedregistration andcreation forIPsec tunnels toUmbrella SecureInternet Gateway(SIG) with guidedworkflowson vManage.Completeintegrationwith CiscoAnyConnect,Cisco Duo, etc.LimitedNo guidedworkflows for SIGintegrations.No support forautoregistration orcreation of IPsectunnels for SASE,because they relyon third-partyintegrations.Support forcomplete SASEintegration.LimitedLimitedSupport forcomplete SASEintegrationwith PrismaSD-WAN andPrisma Access.Complexitiesin API-basedCloudBladesintegration. Noguided workflowsfor SIG integration.Support forcomplete SASEintegration withSD-WAN-enabledPAN-OS NGFWand PrismaAccess. No guidedworkflows for SIGintegration.Extensible PolicyFrameworkPolicy could bepassed in theform of perdevice profiles butwould be limitedin terms of trafficengineering fordata plane.Complete SD-WAN/SASE Integration 2021 Cisco and/or its affiliates. All rights reserved.Workflows toSIG vendors withnative SIG offeringstill a work inprogress.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Provides WANoptimizationservices includingTCP optimization,data redundancyelimination,FEC, and packetduplication.LimitedLimitedLimitedProvides limitedWAN optimizationservices,including FEC.Does not provideWAN optimizationservices.LimitedProvides limitedWAN optimizationservices,including FEC.Provides WANoptimizationservices includingTCP optimization,data redundancyelimination,and FEC.Fully integratedUTM securitycapabilitiesin vManage,includingenterprise firewallwith applicationawareness,Snort IPS, URLfiltering, AMP FileAnalysis, threatgrid sandboxing,Cisco UmbrellaDNS security, SSLand Talos threatintelligence.LimitedIntegratedNGFW featureswith IPS/IDS/ApplicationControl/AMP capabilities.Lacks securityintegrations in theSD-WAN console.IntegratedNGFW featureswith IPS/IDS/ApplicationControl/AMP capabilities.LimitedIntegrated NGFWfeatures with IPS/IDS/applicationcontrol/AMP/URL filtering/DNS Securitycapabilities.Requires additionallicensing.WAN optimizationProvides limitedWAN optimizationservices,including FEC.Provides limitedWAN optimizationservices, includingTCP optimization,packet duplication,and FEC.SecurityRemote Office BranchOffice On-premsecurity services 2021 Cisco and/or its affiliates. All rights reserved.Basic statefulfirewall.Only offers basiczone-basedfirewall. Nointegrated securityfeatures such asIPS/IDS/AMP/URLfiltering.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Custom siliconroot of trust inhardware providesembedded defenseagainst foundationalattacks and backdoors. The CiscovEdge Routershave a factoryinstalled TrustedPlatform Module(TPM) chip with asigned certificate.This built-insecurity helpsensure automated,foolproofauthentication ofany new CiscovEdge Routersjoining the networkand is a majoradvantage whendeploying tensof thousands ardware withembeddeddefense unknown.Custom siliconwith embeddeddefense unknown.Commercialoff-the-shelfhardware withtrustworthysolution unknown.Commercialoff-the-shelfhardware withtrustworthysolution unknown.Commercialoff-the-shelfhardware withtrustworthysolution unknown.Commercialoff-the-shelfhardware withtrustworthysolution unknown.Proven, scalableMPLS/VRF-likeend-to-endsegmentationwith support formulti-segmenttopologies edLimitedVRF-basedsegmentationsupported withno dynamicand mentationcapabilities withcomplex VDOMsconfigurationswith no dynamicand flexiblemulti-segmenttopologies creation.VRF-stylesegmentation,but with routinglimitations in OSPFand Peer Priority.Proven, scalableMPLS/VRF-likesegmentation fromLayer 2 to Layer 7.Limitedsegmentationcapabilities.Providesscalable VRF-likesegmentationbut no flexiblemulti-segmenttopologiescreation.Custom SiliconSegmentation 2021 Cisco and/or its affiliates. All rights reserved.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Can detectmalware bymatchingencrypted SHApatterns withoutdecryption.Cannot detectencryptedmalware.LimitedCannot detectencryptedmalware.Provides TLS/SSLtraffic encryption.Cannot detectencryptedmalware.Can detect malwareby decrypting,inspecting, andcontrolling inboundand outboundSSL and SSHconnections.Globally recognizedthreat intelligence(TALOS) with theability to deployincident responseservices.No threatintelligence.Provides threatintelligencecapabilities.No threatintelligence.Provides threatintelligence andmonitoring.No threatintelligence.Provides threatintelligencecapabilities as anadd-on.Transportindependenceprovides intelligentpath selectionto leading SaaSapplications basedon performancemetrics and bestpath selection,such as Office365, SIG, loadbalancing, CiscoWebex, etc.LimitedLimitedLimitedLimitedLimitedSaaS optimizationbased on manualapplication rulecreation throughDIA broadbandpaths tocolocations.Basic SaaSoptimization withmanual SLAcreation for everyapplication.Transportindependenceprovides intelligentpath selectionto leading SaaSapplications basedon performancemetrics and bestpath selection.Basic SaaSoptimization withmanual SLAcreation for everyapplication.Basic SaaSoptimization withmanual applicationrule creation forevery application.Basic SaaSoptimization withmanual SLAcreation for everyapplication. Needsadditional SaaSsecurity platformfor advanced SaaSoptimization.Encrypted trafficanalysisNot a robustETA solutionacross networkinfrastructure/devices.Threat intelligenceCloudSaaS Connectivity 2021 Cisco and/or its affiliates. All rights reserved.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Guided workflowsfor automateddeployment ofCisco SD-WANCloud OnRamp forIaaS connectivity.LimitedManual ither manualgateways orshared resources.Either manualgateways orshared resources.Manual gateways,shared resources,or complex APIintegration throughCloudBlades.Either manualgateways orshared resources.Simplified networkmanagement withtraffic aggregationthrough colocationhubs to cloudworkloads, withguided workflowsfor mitedLimitedLimited colocatedaggregation.Limited colocatedaggregation.Limited colocatedaggregation.Limited colocatedaggregation.Limited colocatedaggregation.Limited colocatedaggregation.Guided workflowsfor automateddeployment acrossvarious CloudService Providers(CSPs), such asAmazon WebServices (AWS),Microsoft Azure,and Google CloudPlatform (GCP).LimitedLimited workflowsfor dManualdeployment acrossvarious CSPs.Manualdeployment acrossvarious CSPs.Manualdeployment acrossvarious CSPs orthrough complexCloudBlades APIintegration.Manualdeployment acrossvarious CSPs.IaaS ConnectivityEither manualgateways orshared resources.Automation onlywith MicrosoftAzure ty 2021 Cisco and/or its affiliates. All rights reserved.Partnership withMicrosoft AzurevWAN. Guidedworkflows.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Provides IoT/OT automationwith integratedbranch storageand compute.Supported byCisco Catalyst8200 Series.LimitedNo edgeVNF hostingcapabilities.No edgeVNF hostingcapabilities.LimitedNo edgeapplicationhostingcapabilities.No edgeapplicationhostingcapabilities.Visibility across theinternet, the cloud,and SaaS with thenative integrationof CiscoThousandEyeson compatibleCisco Catalyst8200 Series andCisco Catalyst8300 Series EdgePlatforms.LimitedNo edgeapplicationhostingcapabilities.No ty across theinternet, the cloud,and SaaS with thenative integrationof Prisma AccessADEM.LimitedEdgeStorageVNFs can bedeployed onVMware SD-WANEdge appliances.VNFs can bedeployed on VersaSD-WAN Edgeappliances.Multi-Cloud Visibility 2021 Cisco and/or its affiliates. All rights reserved.No edgeapplicationhostingcapabilities. VNFscan be deployedon VMwareSD-WAN Edgeappliances.No edgeapplicationhostingcapabilities. VNFscan be deployedon Versa SD-WANEdge appliances.Needs integrationwith PrismaAccess forvisibility across theinternet, the cloud,and SaaS throughADEM, whichmakes integrationhighly complex.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Cisco Catalyst8000 EdgePlatforms offerrich voice servicesin SD-WAN andtraditional IOS XEsoftware featurestacks. Cisco isthe only SD-WANvendor to nativelyintegrate analog/digital IP directlyinto single CPE. InSD-WAN mode,the Cisco Catalyst8300 Series alsoprevents internaland externaloutages usingSRST. The seriesalso continues tosupport a long listof traditional IOS XEvoice use cases.LimitedNo edgeapplication-hostingcapabilities.No native voiceintegration.No native voiceintegration.No native voiceintegration.No native voiceintegration.Advanced cellularcapabilities asa transport linksupported withdeploymentflexibility of built-inmodule, card orexternal gatewayon Cisco Catalyst8000 Series.Cellular capabilitiesas a transport link.Cellular capabilitiesas a transport link.No significantcellular support.LimitedLimitedNo significantcellular support.Cellular supporton limited model(CSG1000).Cellular support onlimited model (oneION 1200 model).Supports cellularcapabilities in5G-based NGFW.Voice integrationNo edgeapplication-hostingcapabilities. VNFscan be deployedon VMwareSD-WAN Edgeappliances.Advanced LTESolutions 2021 Cisco and/or its affiliates. All rights reserved.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo AltoNetworks(PAN-OSNGFW)Ruggedized SDWAN options,for adverseand industrialenvironments.No ruggedizedSD-WAN options.RuggedizedSD-WAN options.No ruggedizedSD-WAN options.No ruggedizedSD-WAN options.No ruggedizedSD-WAN options.RuggedizedSD-WAN options.Uses advancedwireless frequencyand protocoltechnology.Uses advancedwireless frequencyand protocoltechnology.Uses advancedwireless frequencyand protocoltechnology.No advancedwirelesscapabilities.Uses advancedwireless frequencyand protocoltechnology.No advancedwirelesscapabilities.Dependence onthird parties toenable features.No advancedwirelesscapabilities.Dependence onthird parties toenable features.Does have5G-ready NGFWhardware.Cross-domainintegrations,common QoSpolicies betweenCisco ACI andSD-WAN. ExtendTrustSec SecurityGroup Tags (SGTs)/metadata fromWAN to campus todata center.Unifies data centerpolicies withedge needs.No data centerintegration.No data centerintegration.No data centerintegration.No cross-domainintegration.No cross-domainintegration.Industrial SD-WANWi-Fi/5G-readyData centerintegration(Common policiesacross domains) 2021 Cisco and/or its affiliates. All rights reserved.
Comparison chartCisco publicCiscoVMwareFortinetSilver PeakVersaPalo AltoNetworks(PrismaSD-WAN)Palo nd policyenforcementthrough scalablegroup tags foruser groups.LimitedLimitedMinimal Layer 2microsegmentationand policyenforcement.Minimal Layer 2microsegmentationand policyenforcement.Supportsmicrosegmentationand policyenforcementthroughscalable zones.Supportsmicrosegmentationand policyenforcementthroughscalable zones.Nomicrosegmentationand policyenforcement.Supportsmicrosegmentationand policyenforcementthroughscalable zones.Microsegmentation 2021 Cisco and/or its affiliates. All rights reserved. Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: https://www.cisco.com/go/trademarks.Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R) C83-743414-01 11/21
WAN on same platform. Limited traditional routing feature set. Enabling SD-WAN does not require adding to, or changing, existing infrastructure. No investment protection for smoother migration in relation to SD-WAN on same platform. Limited traditional routing feature set. Requires adding new hardware to use SD-WAN. Enabling SD-WAN does not require
