| This guide compares the best SD-WAN vendors, evaluating them on key factors like security, performance, and ease of use. Top providers include Aryaka, Cato Networks, and Palo Alto Prisma, each excelling in areas like global coverage, unified security, and AI-powered optimisation, helping businesses choose the right solution for their needs. |
The very best SD-WAN solutions for your network – tested and evaluated by Netify.
Table of Contents
Our team has tested, reviewed and compared the best SD-WAN vendors and managed service providers which fit the needs of most UK and North American businesses, with national and global requirements.
Software Defined Wide Area Network (SD-WAN) solutions offer a significant improvement to network performance, scalability and security features when compared with traditional WAN networks. However, choosing the best SD-WAN provider can be a difficult task, especially given how many different features and requirements your business might have.
We’ve assessed and compared SD-WAN platforms for their performance across every area IT decision makers should consider: management interface, application performance, network security, network resilience, support, features, reporting and overall capability. The best SD-WAN vendors and providers made the cut for this guide, and we have applied ratings across each key area.
Vendor Analysis Overview
Best SD-WAN Vendor Use Cases and Features Comparison Matrix
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor Name | Best Use Case | Key Features |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Fortinet | Best for Network Security | Application-Aware Routing, Unified SASE, Automation, App Path Insights, Identity-Based Firewall |
| 2 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Cisco Catalyst | Best for Large Enterprises/Complex Use Cases | Application-Aware Routing, Cloud OnRamp, WAN Optimisation, Identity-Based Firewall, Multiregion Fabric for MSPs |
| 3 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Aryaka | Best for Managed Services & Coverage in China | Unified SASE, WAN Edge Infrastructure Optimisation, Multicloud Support, Simple Management, Global PoP Network |
| 4 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Cisco Meraki | Best Value | ZTP, CCTV Support, Sensor Integration, SASE Integration |
| 5 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | HPE Aruba EdgeConnect | Best for Medium-Sized Enterprises | Dynamic Path Selection, Unified SASE, WAN Optimisation, Cloud Vendor Integration, Enhanced Monitoring |
| 6 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Cato | Best for Ease of Use | Global PoP Network, Unified SASE, ZTP, Templated Configuration |
| 7 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Velocloud | Best for Cloud Integrations | App Path Insights, Global PoP Network, Multicloud Support, Application Control |
| 8 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Prisma (Palo Alto) | Best for Advanced AI Networking | Application-Aware Routing, Unified SASE, Strong Cloud Management |
| 9 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Barracuda | Best for Microsoft Azure Integrations | Azure Cloud-Native, Strong Cloud Management, App Path Insights |
| 10 | hyelland | 20/12/2024 03:53 PM | hyelland | 20/12/2024 03:53 PM | Versa Networks | Best for Enterprises Managing Multiple Entities | Multicloud Support, ZTP, SASE Integration, App Path Insights |
| Vendor Name | Best Use Case | Key Features |
Detailed Vendor Reviews
The following reviews detail the top SD-WAN providers in order to best-place their use case. Features, customer opinions and price insights are provided to assist navigation of the SD-WAN market.
Best for Network Security
We are particularly impressed by Fortinet’s potential for scalability and cost-efficiency in enterprise environments, noting that in large deployments of over 1000+ units, Fortinet could offer substantial savings in comparison to separate firewall and SD-WAN architectures. Further to this, when combining Next Generation Firewall and SD-WAN at the edge, Fortinet offers better functionality and cost than other solutions.
The GUI design of Fortinet is well-optimised for businesses with internal expertise. Whilst Fortinet’s solution does require significant technical know-how to implement properly, the GUI interface is intuitive for experienced networking professionals. Despite posing quite a notable learning curve, we’d stress that this is not primarily due to the complexity of the interface but rather due to Fortinet’s extensive SD-WAN feature set.
However, for businesses also looking to maximise their network performance, it’s worth considering that Fortinet lacks true full-mesh topology with always-on dynamically discovered tunnels, like some of the other vendors in this list. On a more positive note, Fortinet utilises custom-built ASICs (Application-Specific Integrated Circuits) that enable high-performance networking alongside integrated security, making the solutions ideal for businesses prioritising both speed and security.
Given the security focus of Fortinet, it can be important for businesses across many sectors to understand any security limitations that may be present. And with that in mind, the majority of Fortinet’s vulnerabilities are within SSL VPN functionality, although Fortinet has depreciated this capability. Given that it has been disabled in newer models, unless businesses absolutely require SSL VPN, Fortinet still offers a solution, via their IPsec VPN capabilities.
Use Cases
For industries that are heavily regulated where sensitive data is used, such as healthcare and financial services, utilising an SD-WAN vendor with advanced security capabilities is a must.
One of the best showcases for this is Nuffield Health, a healthcare provider that chose to implement Fortinet’s SD-WAN solution. They gained improved performance for their Electronic Health Record (EHR) systems, with improved network security through encryption and segmentation and AI-driven diagnostic capabilities. The implementation of Fortinet at Nuffield reduced operational costs and improved scalability to meet industry demands.
In a similar fashion, CEC Bank who have over 1000 locations and 7000 employees, achieved a 50% reduction in application response times and significantly improved network reliability.
Pricing Insights
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware | Licensing |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:17 PM | hyelland | 20/12/2024 09:17 PM | FortiGate-40F: £950 (3-year support). | Annual licenses for SD-WAN features starting at $540. |
| 2 | hyelland | 20/12/2024 09:17 PM | hyelland | 20/12/2024 09:17 PM | FortiGate-60F: £1,250 (3-year support). | Mixed licensing bundles can reduce costs by up to 50%. |
| 3 | hyelland | 20/12/2024 09:17 PM | hyelland | 20/12/2024 09:17 PM | FortiGate-100F: £5,350 (3-year support). | |
| 4 | hyelland | 20/12/2024 09:17 PM | hyelland | 20/12/2024 09:17 PM | FortiGate-200F: £12,250 (3-year support). |
Best for Large Enterprises/Complex Use Cases
Key Features |
Application-Aware Routing, Cloud OnRamp, WAN Optimisation, Cloud Vendor Integration, Identity Based Firewall, App Path Insights |
For large organisations with thousands of sites, typically this means that operations are distributed across multiple geographical regions. One of the key benefits of Cisco SD-WAN is it’s connectivity capabilities, branded as Cisco Multi-Region Fabric, designed for utilising multiple network underlays. This can include premium middle mile, cloud provider’s backbone, Multiprotocol Label Switching (MPLS) or even internet.
One of the best ways that organisations can save on operational costs is via leveraging public clouds, which necessitates simplified cloud connectivity and implementation within any chosen SD-WAN solution. Cisco Catalyst is particularly beneficial for organisations due to automated cloud integration offerings – supporting common public clouds such as Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform, allowing for quicker cloud migrations.
And, whilst Fortinet is our recommendation for entirely security-focused organisations, Cisco Catalyst also offers its own advanced security offerings. This comes in the form of native integrations for Cisco’s Talos, designed for securing large networks through threat intelligence and detection. Similar to the Talos integrations, Cisco Catalyst’s modularity with other Cisco products means that organisations can maintain compatibility across legacy and new systems whilst upgrading their network capabilities
Unfortunately tailoring of Cisco SD-WAN for complex environments has, in turn, garnered a more complicated experience for the end user. From difficulties in initial setup to the general interface, Cisco is often noted for being harder to work with and entry-level support staff can be left confused (especially for those new to Cisco).
Arguably the most important observation we’ve made with Cisco Catalyst is that the underlying systems have extensive features that very few but the largest networks will ever use, therefore non-large enterprises often don’t feel the full benefit from the feature set. Given the high licensing costs of Cisco and the significant initial investment required in order to get it up and running, we would only really recommend Cisco SD-WAN for larger organisations or businesses with complex requirements.
Use Cases
Being one of the more complex SD-WAN providers, the use cases tend to be across the vast majority of industries, with the size/complexity of the network requirements primarily determining the return on investment that Cisco Catalyst can provide.
According to Cisco themselves, NASA has reported that “the Catalyst 9000 has exceeded NASA’s mission-critical requirements for security and segmentation…and at twice the performance”. This isn’t the only positively reported case study for the Catalyst 9000 though, with Bath Spa University deploying both Catalyst 9136 series Wi-Fi 6E access points and Catalyst 9000 Series Switches to enable new learning models.
Pricing Insights
Whilst features, support levels and costs are all dependent on the hardware and license tier, we’ve given an overview of different product and licensing tier costs to assist in your evaluations, however service providers and partners may provide more tailored pricing or potential discounts for solutions.
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware | Licensing |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:15 PM | hyelland | 20/12/2024 09:15 PM | 8500 Series (High-Performance): $34,954 to $251,250 | Essentials: 3-Year Term: Approximately $354.87 5-Year Term: Approximately $1,064.60 |
| 2 | hyelland | 20/12/2024 09:15 PM | hyelland | 20/12/2024 09:15 PM | 8300 Series (Branch Office Deployments): $4,955 to $9,975 | Advantage: 3-Year Term: Approximately $1,064.60 5-Year Term: Approximately $1,774.33 |
| 3 | hyelland | 20/12/2024 09:15 PM | hyelland | 20/12/2024 09:15 PM | 8200 Series (Small to Mid-Size Branches): ~$1,425 USD | Premier: 3-Year Term: Approximately $1,064.60 5-Year Term: Approximately $1,774.33 |
General Customer Feedback
The switches are praised for being easy to configure, set up, and install. They also offer excellent documentation and technical support.
A significant criticism involves Cisco’s power supply design choices. Each new switch model comes with modified power supply units, forcing customers to purchase new PSUs rather than using existing compatible ones.
Some users note that newer switch models feel lighter and less sturdy compared to older versions, suggesting a potential decrease in material quality.
Best for Managed Services & Coverage of China
Key Features |
Application-Aware Routing, Unified SASE, WAN Optimisation, Multicloud Support, Simple Management, Global PoP Network |
By utilising a managed approach, Aryaka focuses on managing everything about your network for you, reducing the complexity of internal administrator workloads. However this service can be quite expensive, especially when utilising higher bandwidth and therefore the Return on Investment (ROI) should be evaluated to determine if lessened network responsibilities are worth the increased price.
One of the more common criticisms of Aryaka’s SD-WAN solution is that it lacks functionality in comparison to other vendors on this list. We’d argue that this is primarily within the security department, with other managed offerings like Cato outperforming Aryaka on this front. However there is a saving grace for Aryaka’s security, with native edge security support meaning that businesses don’t have to send all traffic to a gateway, allowing for security in edge-based architectures like Internet of Things (IoT) and mobile workforces.
Given that other systems provide better security and managed services, we’d therefore focus attention onto Aryaka for businesses that have sites that are more geographically distributed, especially across Asia. Further to this, Aryaka Network-as-a-Service (NaaS) may be more relevant for performance-sensitive internal applications and private networks due to its ability to significantly reduce jitter and latency, therefore showing a clear indication of Aryaka’s commitment to performance.
Use Cases
The optimisation of network communications, combined with our pre-existing knowledge of Aryaka’s global backbone of Points of Presence (PoPs), leads us to recommend Aryaka for sectors requiring global connectivity (such as manufacturing and retail), especially those operating within the China region.
An example of Aryaka being used for manufacturing is a medium-sized industrial manufacturer (name blinded to protect their confidentiality) resolved application performance issues for remote users in China and Singapore. The primary benefit of implementing Aryaka SD-WAN was that Microsoft 365 access performance was greatly improved and it reduced their Total Cost of Ownership (TCO) for the network by between 10-25%, therefore showing the potential savings involved with using Aryaka.
Another great example is NVIDIA, who utilised Aryaka to accelerate performance by 80% globally and 10X in China. This, in turn, led to increased productivity and improved collaboration among end-users as a result of stable, reliable connectivity for end-users and enabled quicker deployment of new sites. Further to these benefits, NVIDIA’s IT organisation saved both time and money by moving to Aryaka:
Saved an estimated 25-50% of administrator time, allowing the team to focus on other priorities
Decreased their network total cost of ownership through reduced staffing and training costs and lessened time spent on incident resolution
Pricing Insights
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware Costs | Licensing |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:12 PM | hyelland | 20/12/2024 09:12 PM | No additional hardware costs | Entry-level options starting at $150 per site per month (including connectivity, security, and management.) |
Customer Feedback
Primary billing vector is bandwidth through their backbone and any traffic not through the backbone has very limited visibility.
Best Value
Key Features |
Zero Touch Provisioning, CCTV Support, Sensor Integration, SASE Integration, Application Control |
The ease of the dashboard makes Meraki an excellent choice for organisations seeking a more straightforward deployment process or for greater operational efficiency when it comes to network management. With how intuitive Meraki’s dashboard is, port configuration is an easy task and overall it really is well put together for smaller businesses.
One of the smaller benefits of managing a Meraki solution is that software patching is easier than other solutions in this list, making updates and immediate remediations processes a breeze for network administrators.
Meanwhile the cloud-first approach significantly improved cloud service connectivity and this makes it the ideal choice for businesses utilising cloud platforms for Software-as-a-Service (SaaS) applications.
When compared to Cisco’s other product, Cisco Catalyst, it’s clear that Meraki is limited in its feature set. To make matters worse, public forums and general consensus suggest that Meraki’s support is lacking with simple problems being left unresolved and technicians reported to have a lack of understanding. This can be largely put down to switches lacking important features and, as some reports highlight, basic functions can be broken on some models. These issues don’t make for good reading as Meraki is generally much more expensive in comparison to other SD-WAN vendors.
On the upside though, we were very impressed by the scalability of Cisco Meraki. Deployment of new locations is simple and saves both time and cost in comparison to other vendors. We’d therefore suggest that this scalability will enable small businesses to grow into large enterprises, utilising a network architecture that comfortably grows to meet the changes in demands.
Use Cases
Meraki SD-WAN is specifically designed for small to medium-sized enterprises with lean IT operations.
Therefore, it seems obvious why the Lake District National Park Authority deployed Meraki SD-WAN across their 13 sites. The solution allowed them to simplify their network management, become PCI compliant via improved security and upgrade their remote management capabilities. To top it all off, during implementation, a minimal downtime of just 10 minutes per site was experienced, highlighting just how easy the switchover was.
Within a healthcare environment, Sage Dental implemented Meraki SD-WAN across 60 locations, resulting in zero downtime compared to previous daily outages, improved network resilience with no impact during regional internet outages, improved performance of cloud-based practice management tools and successful standardisation of network policies, procedures and architectures across all locations for quicker management.
Pricing Insights
Whilst we can’t offer insights into every hardware cost, some examples are detailed below. Every Meraki hardware component requires a cloud license to be managed, with license periods available in 1, 3, 5, 7 and 10 year terms.
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware Costs | Licensing |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:18 PM | hyelland | 20/12/2024 09:18 PM | MS220-8 switch: $985.00 | Entry-level deployment: $17,000 for a 3-year Enterprise License covering three sites with redundancy. |
| 2 | hyelland | 20/12/2024 09:18 PM | hyelland | 20/12/2024 09:18 PM | MS220-8P switch: $1,255.00 | Advanced Security License: $23,000 for three locations with redundancy over 3 years. |
| 3 | hyelland | 20/12/2024 09:18 PM | hyelland | 20/12/2024 09:18 PM | MS220-48FP switch: $5,935.00 | Enterprise deployment: Approximately $98,000 for licensing, support, and redundancy over 3 years. |
Customer Feedback
Customers have a generally good experience but find that they outgrow Meraki’s security options. This may mean that businesses will need to consider security solutions that can be bolted on, as and when the network requirements necessitate it.
Best for Medium-Size Enterprises
Key Features |
Application-Aware Routing, Dynamic Path Selection, Zero Touch Provisioning, Unified SASE, WAN Optimisation, Cloud Vendor Integration, Enhanced Monitoring |
One of the best ways that Aruba offers improved efficiency is through its de-duplication, compression and traffic acceleration capabilities. Whilst the GUI doesn’t make these as easy as other vendors to harness, once implemented the performance benefits are substantial.
In a similar theme, we noted that deployment was more difficult than with other vendors, however the integrations with SASE and traffic engineering capabilities were ideal for improving the confidentiality, integrity and availability of networked systems.
The overall take away from Aruba is that Aruba can be more complex and costly than other solutions in this list but, when paired with internal expertise with the know-how of getting it up and running, Aruba can be considered better value for money, especially for medium-sized enterprises.
Use Cases
We’d argue that Aruba is designed to fit most medium-sized enterprise use cases.
Assessing HPE Aruba within a manufacturing environment, we look to its implementation at a global power solutions manufacturer. By deploying EdgeConnect SD-WAN across all physical locations and cloud environments (AWS, Azure, Google Cloud), the manufacturer gained:
Sub-millisecond failover between redundant connections
Secure local internet breakout through bolt-on Zscaler integration
Reduced equipment maintenance costs by consolidating network infrastructure
More flexibility to deploy WAN on-demand for specific projects
And for a global real estate organisation, Cushman & Wakefield, improvements were needed for their outdated network architecture. With 50,000 employees across 400 offices in 60 countries, Cushman & Wakefield implemented EdgeConnect, deploying 377 EdgeConnect appliances across 220 business locations, such as all their branch offices, eight data centres in four global regions and applying dual broadband links in order to replace the costly, legacy MPLS circuits they previously used. This meant that they too gained sub-millisecond failover between links for continuous application availability, with improved application performance and user experience, global collaboration capabilities and more efficient customer service delivery across geographical regions.
Pricing Insights
Pricing varies based on bandwidth requirements, hardware model and license tier, pricing examples are displayed below:
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware | Licensing |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:11 PM | hyelland | 20/12/2024 09:11 PM | EC-10104 (For small branches): $1,099.00 | Foundation: Value-centric option with essential SD-WAN and NGFW features |
| 2 | hyelland | 20/12/2024 09:11 PM | hyelland | 20/12/2024 09:11 PM | EC-10108 (For small to medium branches): $2,599.00 | Advanced: Maximum performance with advanced SD-WAN and NGFW features (recommended for most customers) |
| 3 | hyelland | 20/12/2024 09:11 PM | hyelland | 20/12/2024 09:11 PM | EC-S-P (For large branches): $8,313.54 | On-Premise: Maximum performance for on-premise deployment |
| 4 | hyelland | 20/12/2024 09:11 PM | hyelland | 20/12/2024 09:11 PM | Monthly pricing typically ranges from $100 to $300 per month |
Best for Ease of Use
Key Features |
Application-Aware Routing, Global PoP Network, Zero Touch Provisioning, Unified SASE, SASE Integration, Templated Configuration, Enhanced Monitoring |
For businesses looking for a simplified management system and perhaps do not have a dedicated network management expert, Cato is an ideal contender.
Cato Networks integrates SD-WAN with a comprehensive suite of security services, utilising a cloud-native architecture and providing security and performance improvements. Particularly suited for businesses moving towards a secure, distributed cloud model, Cato’s selling point is its user-friendly interface for management and configuration of the network. By moving everything to a single cloud native platform, Cato offers customers with full insights into network traffic for heightened control and improved understanding of network congestion areas.
Particularly beneficial to cloud and performance-focused businesses, the backbone and last mile optimisations to all directions of traffic including SD-WAN to SaaS (for publicly hosted applications) is a standout feature for Cato Networks. This means packet-loss mitigations for applications like Microsoft Teams, Zoom and other real-time services, making sure your business no longer drops out of all important calls due to metrics like network latency and jitter.
Whilst we have little negative comments to make about Cato’s solution itself, we have noted that generally the documentation can be slightly lackluster. Further to this, some customers have reported that customer support is poor in comparison to other solutions, with slow response times and expectation that customers have to handle some work themselves, which introduces inefficiencies.
As Cato is fully managed, it does mean that control is largely taking away from business’ internal IT teams, therefore if greater control is a requirement for your business, Cato is not necessarily the ideal solution for you. We’ve seen customers report their desire to PXE boot with Cato, which would work far easier with other solutions on this list, such as Cisco Catalyst SD-WAN being more ideal for provisioning of custom edge devices.
Use Cases
For the TAG Heuer Porsche Formula E Team, implementing Cato was ideal as it allowed the race team to reduce their network equipment footprint at race events. With such a heavy reliance on networking at these events, ensuring that interruptions from latency, jitter and packet loss were minimised was essential due to the intricacies of racing. Once implemented, Cato reduced the packet loss that Porsche Formula E experienced to below 1% from a previous 5%. Whilst on paper this doesn’t sound that impressive, for the team this was a significant improvement and helped to achieve their business goals. Further to this, Cato enabled the team to gain faster file transfers and more responsive application experiences, as well as simplified security management (with built-in XDR capabilities) to offer all-round network improvements.
Within a manufacturing environment, Haulotte, a global equipment manufacturer experienced a 50% reduction in network costs compared to MPLS, improved Microsoft Teams performance after Office 365 migration and simple plug-and-play deployment across locations. This meant that they could deploy to 300 home users in less than a day during COVID-19 for increased agility.
Pricing Insights
Cato’s licensing structure includes various components, such as site bandwidth licenses, security add-ons (e.g: Threat Prevention, Cloud Access Security Broker) and support services. Each component may have its own pricing model, often based on factors like bandwidth allocation, number of users or specific service requirements.
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware Cost | Annual Costs |
|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:15 PM | hyelland | 20/12/2024 09:15 PM | No additional hardware costs | Average $36,500 |
Customer Feedback
Given the cloud-native architecture of Cato, we’d argue that the following quote best summarises customer feedback on Cato: “For anybody who is looking into Cato is to consider their environment. If they have a scenario where it is 80% cloud-based and 20% internal traffic, then Cato is a good choice. If on the other hand, they have internal applications with a data centre then other solutions may make more sense.” – Alexander Asimov, IT Manager at Diamond Braces
Best for Cloud Integrations
Key Features |
Application-Aware Routing, App Path Insights, Global PoP Network, Cloud Vendor Integration, Multicloud Support, Application Control |
The global backbone and easy-to-use management system liken this solution to Cato and Aryaka, however the ability to implement external security services and multiple cloud environments provides this solution a wider range of functionality (albeit at the cost of greater management complexity).
This means that the VeloCloud SD-WAN solution is far easier to setup and the GUI is much better than many of the other vendors on this list. Whilst we wouldn’t class it as easy as Cato, we would suggest that it’s designed to fit all industries, rather than specialising in a single one.
Due to this, we’d argue that VeloCloud’s strong point is its cloud integration capabilities, which enables easy connectivity for multiple cloud environments. This is backed up by VeloCloud’s asymmetric routing capabilities enabling connections to cloud services using multiple internet service providers (ISPs) or paths.
Unfortunately VeloCloud is very much dependent on its cloud and has a more basic feature set in comparison to other vendors. This means that the solution lacks the in-depth control that other solutions offer, with no next-generation firewall or Unified Threat Management (UTM) capabilities pre-packaged with the base SD-WAN solution.
For security, VMware SASE offers access to their global network of POP locations (VMware edge gateways) with VMware’s Unified Endpoint Management (UEM) server, which enforces the required profiles and configurations. This defines specific access policies for allowed and blocked websites, which demonstrated the ability of VMware SASE to block access to certain websites as per the configured policies to secure branch-offices and remote users.
More worryingly than the lack of features, we’ve noted reports of customers suggesting that path rules don’t always work, which we haven’t experienced ourselves but suggests that path rule configurations are more difficult to setup for complex use cases. Therefore, organisations should consider this factor prior to selecting the SD-WAN provider to use.
Use Cases
We’d recommend VMware SD-WAN to businesses seeking a solution with a trade-off between usability and functionality.
Redmond, a leading sea salt brand in the United States, were expanding and had an increased need to operate voice and multiple virtual desktops at once. They chose VMware as their SD-WAN solution to replace ageing branch infrastructure. As a result, they achieved high-quality Voice over Internet Protocol (VoIP) calls and virtual desktops company-wide, increased performance for internet-bound traffic by 50% and significantly reduced Operating Expenses (OpEx).
Pricing Insights
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware | Bandwidth Costs (1yr Subscription) | Other Capabilities |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:20 PM | hyelland | 20/12/2024 09:20 PM | Edge 710: Supporting up to 1 Gbps throughput | 50 Mbps: $1,299.26 200 Mbps: $3,081.15 500 Mbps: $5,345.36 1 Gbps: $7,336.93 | Work From Home Options: Basic WFH subscription: £468.60/year. WFH Pro subscription: £1,428.20/year |
| 2 | hyelland | 20/12/2024 09:20 PM | hyelland | 20/12/2024 09:20 PM | Edge 4100/Edge 5100: Supporting up to 30 Gbps and 100 Gbps throughput respectively | 2 Gbps: $9,007.39 10 Gbps: $22,818.64 |
Customer Feedback
Since being bought by Broadcom, customers have complained that the Velocloud support department has been significantly affected and customer experience has suffered greatly.
Best for Advanced AI Networking
Key Features |
Application-Aware Routing, Unified SASE, Zero Touch Provisioning, Strong Cloud Management |
Prisma’s AI-driven management, reduces the workload for network administrators and assists with deployment, enabling enterprises to quickly deploy large scale networks with complex performance and security needs.
For businesses focused on network performance capabilities, one of the ways that Prisma can meet performance demands is through its private backbone and last mile offerings. This is essential for ensuring consistent and reliable connectivity for your most important applications.
The customer experience for Palo Alto Network’s solution is mixed, with Virtual Appliances having very good customer responses, whilst others reporting that they find the solution more difficult to deploy, configure and maintain than other SD-WAN infrastructures.
Often pitted against Fortinet for large, security-focused enterprises, Palo Alto’s solution is more expensive and complex than security-focused alternatives like Fortinet’s all-in-one solution. The need to have both Palo Alto NGFW and an ION for on-premises solutions or IONs to Prisma Access to enable internet traffic breakouts also show the limitations of the base solution. On top of this, customers have seen sharp price increases, with reports of firewall pricing up 18% in 2021 and 24% in 2024.
Use Cases
While we wouldn’t consider Prisma to be as in-depth as Cisco Catalyst, the solution does combine many advanced features into a more friendly user-interface than other complex solutions. In our opinion this was a good trade-off between detail and usability for businesses that can dedicate more resources to network management.
One example implementation of Prisma is Asana, a software company that achieved significant operational improvements, such as a 40% reduction in operating costs. By consolidating multiple work management systems, Asana were able to deploy Prisma SD-WAN to 5,800 users in under 6 months and improved cross-functional collaboration between IT, marketing and R&D teams.
Meanwhile, in the financial services industry, a global wealth management firm implemented Prisma SD-WAN to improve connectivity to their AWS cloud security infrastructure. The implementation included:
Transit Gateway integration for improved network architecture
Centralised management
Infrastructure-as-Code deployment using Terraform
Enhanced threat protection and network visibility
Pricing Insights
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Hardware | Per Device Cost | Per Bandwidth Costs |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:19 PM | hyelland | 20/12/2024 09:19 PM | ION-2000: For small branch deployments | This model requires a separate license for each SD-WAN device deployed at branch or data centre sites. | This model allows organisations to purchase a pooled bandwidth allocation shared across multiple sites, offering flexibility to accommodate varying network demands. |
| 2 | hyelland | 20/12/2024 09:19 PM | hyelland | 20/12/2024 09:19 PM | ION-3000/ION-5200: For large branch deployments | ||
| 3 | hyelland | 20/12/2024 09:19 PM | hyelland | 20/12/2024 09:19 PM | ION-9000: For large data centre deployments |
Best for Integrations with Microsoft Azure
Key Features |
Zero Touch Provisioning, Azure Cloud-Native, Strong Cloud Management, App Path Insights |
With many businesses moving towards a cloud-first strategy, by combining Barracuda CloudGen Firewall and SD-WAN into a single offering within Azure services, businesses can gain improved cloud application performance. Unfortunately the firewall implementation is lacking in quality in comparison to other SD-WAN providers’ security offerings on this list.
Overall, the solution is lacking in features, therefore lending itself to being primarily targeted to Microsoft Azure-focused use cases. Further to this, Barracuda have a reported history of backdoor access issues, which suggests that Barracuda isn’t ideal for businesses with a heavy security focus or operate in an industry with regulatory demands.
On the upside, Barracuda’s proprietary BPM (Barracuda Private Mesh) tunnel is a VPN technology specifically developed to address limitations commonly associated with traditional IPsec (Internet Protocol Security). This allows SD-WAN capabilities, such as dynamic multipath selection and adaptive failover for minimised latency and jitter.
Use Cases
For businesses that have a heavy reliance on Microsoft Azure Cloud Services for their daily operations, the integrations between Barracuda SD-WAN and Azure means that Barracuda must be a contender when choosing an SD-WAN solution.
Further to this, Barracuda could also be considered an ideal solution for small to medium-sized enterprises, especially when considering the low-cost that Barracuda is offered at.
One example case study is Hubo, a Belgian DIY retailer, a major retail chain with 150 shops. Hubo achieved automated deployment to reduce store setup time to minutes, improved visibility for monitoring network performance, greater Azure cloud application performance, simplified global ruleset management across all locations and strengthened VPN capabilities (especially through their BPM feature).
In a healthcare environment, Snell implemented Barracuda CloudGen Firewall and SD-WAN, resulting in centralised management, successful prioritisation of business-critical traffic, ability to use multiple uplinks simultaneously, secure and constant data centre connectivity and improved network visibility.
Pricing Insights
Pricing for Barracuda varies based on factors such as deployment scale, specific features and service levels. We’ve seen figures such as £84.69 per unit, with additional OS management available from £75 per month per host.
Further to this, as a security bolt-on, a CloudGen Firewall subscription can be purchased for $220/month.
Best for Enterprises Managing Multiple Entities
Key Features |
Zero Touch Provisioning, Multicloud Support, SASE Integration, App Path Insights |
Whilst the solution is ideal for lots of small sites with low bandwidth requirements, due to Versa SD-WAN having significant strength in security monitoring and reporting capabilities, Versa actually becomes an ideal candidate for enterprises managing multiple entities. Especially given that their overlay routing is BGP-based/L3VPN. This means that businesses can gain more control over advanced routing policies, making it ideal for enterprises managing multiple enterprises.
Unfortunately, we’ve found that Versa Director isn’t the best GUI to work with and this made configuration/policy management a rather difficult task. We also noted that the SASE implementation was lacking in comparison to other vendors, therefore we’d stress that Versa should really be used by businesses that have internal expertise.
Whilst we didn’t experience this issue ourselves, customers report issues with code stability and security features that don’t work as expected. We would anticipate that this is due to the complexity of Versa’s SD-WAN solution.
Use Cases
Versa can be considered one of the more in-depth solutions in this comparison, with detailed analytics that are of similar detail to both Cisco Catalyst and Palo Alto’s Prisma SD-WAN. This, alongside a unified SASE solution, provides organisations with both a high-level networking and security in a single software stack.
This makes Versa Networks SD-WAN ideal for large scale organisations and service providers where multi-tenancy support is a need, along with plenty of in-depth analysis of network telemetry or security monitoring.
Within the Healthcare Sector, BMI Healthcare, a UK private hospital network, implemented Versa SD-WAN to optimise bandwidth allocation for critical applications like patient management and telemedicine. To ensure that connections to applications didn’t drop out, Versa enhanced BMI’s redundancy and failover capabilities to ensure zero downtime for critical healthcare systems.
However, in the Financial Services sector, a Fortune 1000 enterprise with 357 sites and 10.5k+ users couldn’t offer remote users access direct connectivity to the cloud and needed to use virtual desktops to do so. With Versa SD-WAN and SASE, the enterprise implemented on-premises architecture for branches allowing remote direct connection to the closest branch from a home office. This made branches the equivalent of a gateway, with a 50x increase branch bandwidth capacity, 200% improvement in app performance, 4x reduction in blackouts and 100% compliance with regulations.
Pricing Insights
Pricing: Licenses range from $2,065 to $81,000.
Hardware: Starts at $1,000 for small branches.
Comparison Matrix
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Overall | Feature Set | Application Routing | Reporting | Portal | Cost | SASE Integration | Cloud Capabilities |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Fortinet | 4★ | 5★ | 3.5★ | 4★ | 4★ | 4★ | 4★ | 4★ |
| 2 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Cisco Catalyst | 4★ | 5★ | 4.5★ | 3.5★ | 3★ | 3★ | 4★ | 5★ |
| 3 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Aryaka | 3.5★ | 3.5★ | 3.5★ | 4★ | 4★ | 3★ | 3★ | 3.5★ |
| 4 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Cisco Meraki | 4★ | 4★ | 3.5★ | 3.5★ | 4★ | 4★ | 4★ | 4★ |
| 5 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | HPE Aruba | 3.5★ | 3.5★ | 3.5★ | 4★ | 3.5★ | 4★ | 4★ | 3★ |
| 6 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Cato | 4.5★ | 3★ | 4★ | 3.5★ | 5★ | 4★ | 5★ | 4★ |
| 7 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Velocloud | 3.5★ | 2★ | 2★ | 3★ | 4.5★ | 4.5★ | 3★ | 4.5★ |
| 8 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Prisma | 4★ | 4★ | 4★ | 4★ | 3.5★ | 2★ | 4★ | 3.5★ |
| 9 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Barracuda | 3★ | 2★ | 4★ | 3.5★ | 3★ | 2★ | 4★ | 4★ |
| 10 | hyelland | 20/12/2024 09:34 PM | hyelland | 20/12/2024 09:34 PM | Versa Networks | 3.5★ | 3.5★ | 4★ | 4★ | 3★ | 3.5★ | 4★ | 3.5★ |
Customer Reviews and Testimonials
At Netify, we strongly recommend that organisations consider customer testimonials when selecting a vendor. We’ve included an overview of different vendor reviews below to assist with the selection process:
| wdt_ID | wdt_created_by | wdt_created_at | wdt_last_edited_by | wdt_last_edited_at | Vendor | Review Source | Review Quote |
|---|---|---|---|---|---|---|---|
| 1 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Fortinet | Fortinet | “We had a delightful experience while the whole Fortinet SD-WAN experience. We were wonderfully surprised on the features of the product and would recommend this further across people in similar industries.” |
| 2 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Cisco Catalyst | Gartner Peer Insights | “Overall very pleased with the product. Product development has been getting much better in recent years and the support side has improved quite a bit as well. Very feature rich product and the road map looks promising as well.” |
| 3 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Aryaka | Gartner Peer Insights | “It’s been a real good partnership with Aryaka. Their sales team, pre-sales team, post sales team, and technical support teams have all been very professional with our implementation.” |
| 4 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Cisco Meraki | G2 | “I have been using Cisco Meraki SD-WAN for over a year, and it has significantly transformed our network infrastructure. The cloud-based management interface is incredibly user-friendly, allowing us to configure and monitor our entire network from a singl |
| 5 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | HPE Aruba EdgeConnect | “We installed a silverpeak appliance and failed over to internet for two weeks. Everyone in the building had zero complaints and we saw a reduction of like 70% of bandwidth going on the wire. | |
| 6 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | We used them in conjunction with a 4g modem on remote radiology trucks and reduced their data costs by 60% as well.” | ||
| 7 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Cato | SoftwareReviews | “Cato is a great true Cloud SASE offering, perfect for SMB. It is reliable and enhances performance, making it easy to control and strong in security functions.” |
| 8 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Velocloud | G2 | “One of the solution’s most valuable features is the VMware core automation stack at an SDDC. It includes NSX, the VMware virtualisation layer for the networks (the LAN virtualisation), which works extremely well with the VMware SD-WAN solution and is the |
| 9 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | Prisma | “We essentially run midsize “coffee shop” guest only campuses. All of the app traffic is SaaS or funneled via zero trust gateways. We got dual 10 gigs with utilization ~ 5 to 10% with occasional bursts. | |
| 10 | hyelland | 20/12/2024 09:16 PM | hyelland | 20/12/2024 09:16 PM | For us the most important thing is to be able to identify the best egress/link for a given application. It does that part pretty well. We have dual 9k ions in ha pair + bypass pairs for internet links. |
Frequently Asked Questions (FAQs)
Which SD-WAN vendor is best for small businesses?
Cisco Meraki and HPE Aruba EdgeConnect are excellent options for small to medium-sized businesses.
Cisco Meraki: Known for its intuitive, user-friendly dashboard and easy deployment process. Features such as ZTP and scalable deployment simplify network management, making it ideal for businesses with limited IT resources.
HPE Aruba EdgeConnect: While targeted at medium-sized enterprises, it offers significant benefits for small businesses planning to scale. Its features include Dynamic Path Selection, WAN Optimisation and SASE integration. The AI-powered capabilities enhance efficiency and user experience, making it suitable for businesses with limited internal expertise.
How does pricing vary across providers?
Pricing is largely dependent on a variety of factors such as hardware, deployment scale, licensing and other optional features. For example, VeloCloud charges for Work From Home optional capabilities, therefore organisations should be aware of additional costs that may apply to their chosen solution.
On the other hand, other solutions, such as Cato don’t charge anything additional for hardware as this is included as part of the managed service.
Which vendors offer strong cloud integration?
VeloCloud and Barracuda lead in cloud integration capabilities:
VeloCloud (VMware): Provides multicloud support, flexible cloud connectivity and asymmetric routing for seamless integration across cloud platforms.
Barracuda: Native to Microsoft Azure cloud, delivering improved cloud application performance and streamlined management for Azure-focused environments.
What security features are commonly included in SD-WAN solutions?
SD-WAN vendors typically include:
SASE (Secure Access Service Edge)
AI-Driven Insights
Whilst not so common, vendors do also sometimes offer global backbones and last-mile optimisations for improved performance capabilities.
Which vendors are best suited for global enterprises?
Cisco Catalyst, Aryaka, and Versa Networks are ideal for global enterprises:
Cisco Catalyst: Tailored for large, complex networks with features like Multi-Region Fabric and advanced cloud integration.
Aryaka: Offers global coverage, particularly good in Asia and China, with Points of Presence (PoPs).
Cato: Managed service that offers a global backbone for improved connectivity between regional sites.
Versa Networks: Supports multi-tenancy and provides detailed analytics, making it suitable for enterprises managing multiple entities.
Conclusion
Choosing the right SD-WAN provider is essential to achieving optimal network performance, scalability and security. This guide highlights the best options for various needs, from Fortinet’s security focus to Cisco Catalyst’s suitability for complex, large-scale enterprises. Whether prioritising ease of use, cloud integration or global connectivity, there’s an SD-WAN solution tailored to your business requirements. This analysis should assist to match your goals with the provider that best aligns with your operational needs and growth plans.
