Overview:
The Prisma SD-WAN Instant-On Network (ION) models of hardware and software devices enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN. Built with the intent to reduce remote infrastructure, Prisma SD-WAN enables the cloud-delivered branch.
Enterprises have traditionally deployed multiprotocol label switching (MPLS) networks, using hardware routers, to connect branch offices to centralized data centers. With cloud adoption on the rise, end user applications like videoconferencing and office productivity solutions are increasingly delivered as cloud services. Legacy WAN architectures have debilitating limitations when organizations attempt to migrate to the cloud or utilize commodity internet connections in their branch offices. For SD-WAN, you need a networking solution that:
- Steers traffic and defines networking and security policies from an application-centric perspective, rather than a packet-based one.
- Minimizes manual operations and enables agile DevOps deployments via API integrations.
- Supports the cloud-delivered branch architecture by enabling all branch infrastructure, such as networking and security, to be delivered from the cloud.
Modes of Operation
All aspects of configuration, management, and monitoring of ION hardware and software devices are performed from the multitenant Prisma SD-WAN cloud management portal, eliminating the need to individually configure devices at each location. No additional servers or storage are required.
Managed through the central cloud controller, ION devices include two modes of operation.
In analytics mode, the solution provides end-to-end visibility and analytics of your applications and networks, operating independently of the full suite of Prisma SD-WAN capabilities. ION devices are deployed in the network, at the WAN edge, and automatically begin examining application data on the network to identify the application and measure several key performance indicators of each session. Statistics from your network are stored securely in the Prisma SD-WAN cloud management portal, which can be used to configure ION devices, define applications and sites, and monitor end-toend application performance and availability.
In control mode, Prisma SD-WAN builds on the visibility and analytics foundation set by analytics mode and allows the ION devices to begin intelligently taking action based on policy for performance, compliance, and security. Routing functions, including path selection, prioritization, and security, can be integrated into the ION device to reduce the amount of hardware and operational expense associated with each remote office.
Software Subscriptions
Prisma SD-WAN is licensed as a branch by bandwidth, or with unlimited bandwidth for data center deployments. A software subscription must be selected for each ION device deployed. Options for software subscriptions include 25 Mbps, 50 Mbps, 150 Mbps, 250 Mbps, 500 Mbps, 1 Gbps, 2.5 Gbps, and data center.
Features and Benefits:
Benefits
Prisma SD-WAN ION devices offer:
- Zero-touch provisioning and deployment: Gain the advantage of automatic configuration and device claiming.
- Instant visibility into application performance: Understand how applications are performing and identify the root cause of app performance issues.
- Cloud and SaaS application deployment confidence: Meet the performance and availability demands required, including remote office WAN high availability, bandwidth, consistent latency, and dynamic path selection.
Features
Alongside these benefits, take advantage of:
- Deep SD-WAN analysis: Prisma SD-WAN provides unparalleled, actionable insights into the health and performance of your WAN application and links to help with network planning, problem resolution, and analytics. With instant visibility into application performance, you can better understand your network health and usage to determine more effective policy decisions on your network.
- Network DVR license: With this optional license, you can retain and access up to 90 days of statistics, policy, configuration, alarms, and alerts. Network DVR is licensed per ION device.
- WAN reporting license: With this optional license, you have access to auto-generated and downloadable reports giving network operators insight across various dimensions of their entire Prisma SD-WAN fabric; for example, utilization trends and hotspots to help customers determine if you need to do circuit upgrades or simply adjust your policies.
- Zone-based firewall license: Prisma SD-WAN ION devices include an application-based, zone-based firewall (ZBFW) configured using the same top-down, applicationcentric policies used for performance and path selection, ensuring compliance across different network circuits and interfaces. Our ZBFW is a lightweight security solution used for securing the WAN perimeter and segmenting traffic within a branch site. Further, ION devices can be configured to use on-premises security devices or external, hosted security services to provide further security for remote offices.
- Prisma SD-WAN CloudBlades: The CloudBlades platform enables API-based integration of the branch CPE and provides a centralized platform for programming as well as an app-flow engine at the CPE, access to Prisma SD-WAN telemetry, and secure authenticated API access to Prisma SD-WAN CPE and systems. As a result, businesses can easily enable the cloud-delivered branch and simplify management and operations.
- High availability (HA): ION devices feature the industry’s only HA deployment model that can survive a device failure and still preserve 100% of WAN capacity at a branch site.
At a Glance:
The Era of Network Transformation
It’s no secret that organizations worldwide are undergoing a network transformation. Cloud migration, the need for infrastructure automation, and the availability of cost-effective and high-performance broadband are all fueling this change. With these three fundamental shifts, traditional wide area network (WAN) architectures that rely on multiprotocol label switching (MPLS) networks to connect branch offices to data centers have been rendered ineffective. This has seen the rise of the software-defined wide area network (SD-WAN), which promises to enable organizations to seamlessly embrace the benefits of network transformation and remove any limitations from legacy WAN architectures.
Legacy SD-WAN Solutions Fall Short
Although SD-WAN offers numerous benefits for organizations, legacy SD-WAN approaches bring many challenges. For instance, many rely on force-fitting the traditional packet-based routing model into the cloud-ready enterprise. While this approach technically works, it’s far from optimal and cannot provide the return on investment (ROI) that SD-WAN has to offer. With Layer 3 packet-based policies, organizations are limited in creating application-based networking policies and lack application visibility, making it difficult for networking teams to deliver on application SLAs.
In addition, legacy SD-WAN solutions lack scalability and require constant manual intervention for Day 2 operations. This creates substantial administrative overhead for networking and operation teams, which can increase complexity and costs. To top it all off, legacy solutions require organizations to “bolt on” essential branch services, such as security and visibility. With multiple point products to deploy and manage, organizations struggle to maintain network and security operations while trying to keep costs low.
With all this in mind, it’s easy to see why a new generation of SD-WAN is needed.
The Next Generation of SD-WAN from Palo Alto Networks
Palo Alto Networks takes a fundamentally different approach with Prisma® SD-WAN, the industry’s first and only next-generation SD-WAN solution. Only Palo Alto Networks can provide SD-WAN with an ROI of up to 243%,1 simplify network operations by using machine learning to eliminate up to 99% of network trouble tickets, and improve the end user experience with a tenfold increase in WAN bandwidth at a lower cost than legacy architectures.
Highlights
Prisma SD-WAN provides three key architectural benefits:
- Application-defined: Gain deep application visibility with Layer 7 intelligence for network policy creation and traffic engineering. This can significantly improve the end user experience while enabling network teams to deliver SLAs for all applications.
- Autonomous: Automate operations and problem avoidance using machine learning and data science methodologies. This enables agile DevOps approaches for deployment by leveraging APIs to simplify network operations.
- Cloud-delivered: Enable delivery of all branch services to from the cloud, including networking and security. This can simplify WAN management while increasing ROI.
Lightweight Prisma SD-WAN ION branch appliance
Technical Specifications:
Prisma SD-WAN ION devices come in both hardware and software form factors to meet the needs of any location and deployment scenario. All ION devices are built with FIPS 140-2 as a security baseline. Encryption keys are specific to each customer and device, and they are rotated frequently, ensuring compliance mandates are met.
|
ION 1000 |
ION 2000 |
ION 3000 |
ION 7000 |
ION 9000 |
Use case |
Small remote office |
Small remote office |
Remote office |
Large remote office data center |
Multi-gigabit remote office data center and large campus |
Controller ports |
N/A |
10/100/1000 RJ45 (1) |
10/100/1000 RJ45 (2) |
10/100/1000 RJ45 (2) |
10/100/1000 RJ45 (2) |
WAN/LAN/ internet ports |
10/100/1000 RJ45 (4) |
10/100/1000 RJ45 (5) |
10/100/1000 RJ45*
(up to 12) |
10 GE SFP+ (6)
10/100/1000 RJ45 (8) |
10 GE SFP+ (8)
10/100/1000 RJ45 (8) |
Bypass pairs |
N/A |
1 pair—ports 4/5 |
6 pairs—all ports† |
2 pairs—ports 5/6 and 7/8 |
4 pairs—ports 1/2, 3/4,5/6,7/8 |
Throughput‡ |
Up to 100 Mbps |
Up to 250 Mbps |
Up to 500 Mbps |
Up to 5 Gbps |
Up to 10 Gbps |
Power and mechanical |
36 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
60 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
1 PSU 150 W (AC)
100–240 V, 50–60 Hz
Smart fan |
1+1 redundant PSU 650 W (AC)
90–264 V, 47–63 Hz
Hot swappable fans (4) |
1+1 Hot swappable redundant PSU 450 W (AC)
100-240 V 50-60 Hz
Hot swappable fans (4) |
Certifications |
IEC 60950-1, cULus, FCC & CE Class A |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A |
Operating temperature |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
Storage temperature |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
Operating humidity (non-condensing) |
5% to 90% |
5% to 90% |
5% to 90% |
5% to 95% |
5% to 90% |
Storage humidity (non-condensing) |
5% to 95% |
5% to 95% |
5% to 95% |
5% to 95% |
5% to 95% |
Dimensions (LxWxH in inches) |
7.28” x 5.39” x 1.73” |
5.73” x 6.97” x 1.73” |
16.81” x 11.89” x 1.72” |
21.45” x 17.16” x 1.72” |
17.2” x 19.69” x 1.73” |
Weight |
2.2 lbs (1 kg) |
2.64 lbs (1.2 kg) |
8.8 lbs (4 kg) |
28.6 lbs (13 kg) |
18.6 lbs (8.45 kg) |
* ION 3000 ports can be configured as discrete ports or as fail-to-wire pairs.
† All IONs have an AUX port, which you can connect at a baud rate of 115200 for out-of-band management.
‡ Encrypted throughput is measured with 1400 byte HTTP packets with all features turned on.