Overview:
The Prisma SD-WAN Instant-On Network (ION) models of hardware and software devices enable the integration of a diverse set of wide area network (WAN) connection types, improve application performance and visibility, enhance security and compliance, and reduce the overall cost and complexity of your WAN. Built with the intent to reduce remote infrastructure, Prisma SD-WAN enables the cloud-delivered branch.
Enterprises have traditionally deployed multiprotocol label switching (MPLS) networks, using hardware routers, to connect branch offices to centralized data centers. With cloud adoption on the rise, end user applications like videoconferencing and office productivity solutions are increasingly delivered as cloud services. Legacy WAN architectures have debilitating limitations when organizations attempt to migrate to the cloud or utilize commodity internet connections in their branch offices. For SD-WAN, you need a networking solution that:
- Steers traffic and defines networking and security policies from an application-centric perspective, rather than a packet-based one.
- Minimizes manual operations and enables agile DevOps deployments via API integrations.
- Supports the cloud-delivered branch architecture by enabling all branch infrastructure, such as networking and security, to be delivered from the cloud.
Modes of Operation
All aspects of configuration, management, and monitoring of ION hardware and software devices are performed from the multitenant Prisma SD-WAN cloud management portal, eliminating the need to individually configure devices at each location. No additional servers or storage are required.
Managed through the central cloud controller, ION devices include two modes of operation.
In analytics mode, the solution provides end-to-end visibility and analytics of your applications and networks, operating independently of the full suite of Prisma SD-WAN capabilities. ION devices are deployed in the network, at the WAN edge, and automatically begin examining application data on the network to identify the application and measure several key performance indicators of each session. Statistics from your network are stored securely in the Prisma SD-WAN cloud management portal, which can be used to configure ION devices, define applications and sites, and monitor end-toend application performance and availability.
In control mode, Prisma SD-WAN builds on the visibility and analytics foundation set by analytics mode and allows the ION devices to begin intelligently taking action based on policy for performance, compliance, and security. Routing functions, including path selection, prioritization, and security, can be integrated into the ION device to reduce the amount of hardware and operational expense associated with each remote office.
Software Subscriptions
Prisma SD-WAN is licensed as a branch by bandwidth, or with unlimited bandwidth for data center deployments. A software subscription must be selected for each ION device deployed. Options for software subscriptions include 25 Mbps, 50 Mbps, 150 Mbps, 250 Mbps, 500 Mbps, 1 Gbps, 2.5 Gbps, and data center.
Features and Benefits:
Benefits
Prisma SD-WAN ION devices offer:
- Seamless integration with third-party services using CloudBlades: Automate deployments of
third-party entities, simplifying security, operations, collaboration, and multicloud connectivity
- Zero-touch provisioning and deployment: Gain the advantage of automatic configuration and device claiming.
- Instant visibility into application performance: Understand how applications are performing and identify the root cause of app performance issues.
- Cloud and SaaS application deployment confidence: Meet the performance and availability demands required, including remote office WAN high availability, bandwidth, consistent latency, and dynamic path selection.
Features
Alongside these benefits, take advantage of:
- Integrated 5G: Prisma SD-WAN is expanding its lightweight appliance portfolio to include the ION
1200 with integrated 5G. With this new appliance, organizations can ensure optimal uptime with
5G leveraged as a backup WAN transport for business-critical applications. In addition, businesses
with ATM/kiosks that require cellular as their primary WAN can simply deploy this appliance and
guarantee uptime and productivity.
- Advanced AIOps capabilities: Prisma SD-WAN AIOps capabilities provide rich telemetry of network insights, allowing admins to perform granular trend analysis and create unique network
conditions that can automate tedious manual tasks. AIOps in Prisma SD-WAN can immediately
identify a common parent event among all event alarms. It will also be used for fault analytics capabilities and automated statistical analysis. In addition to event correlation and analysis, admins
can gain greater control over events with automatic prioritization, allowing them to easily pinpoint issues and reduce time to resolution.
- Autonomous Digital Experience Management (ADEM): Palo Alto Networks Prisma SASE with
ADEM capabilities now extends to both mobile users and branch users, allowing organizations
to gain end-to-end visibility and segment-wise insights across the entire SASE service delivery
path regardless of where their users are located. ADEM on Prisma SD-WAN can help ensure the
best digital experience for branches by providing observability in the cloud and across multiple
WAN paths.
- CloudBlades: The CloudBlades platform enables the seamless integration of branch services into
the SASE fabric without needing to update your branch appliances or controllers, eliminating
service disruptions and complexity. This API-based integration of the branch CPE provides a
centralized platform for programming as well as an app-flow engine at the CPE, access to Prisma
SD-WAN telemetry, and secure authenticated API access to Prisma SD-WAN CPE and systems.
As a result, businesses can easily enable the cloud-delivered branch and simplify management
and operations
At a Glance:
The Era of Network Transformation
It’s no secret that organizations worldwide are undergoing a network transformation. Cloud migration, the need for infrastructure automation, and the availability of cost-effective and high-performance broadband are all fueling this change. With these three fundamental shifts, traditional wide area network (WAN) architectures that rely on multiprotocol label switching (MPLS) networks to connect branch offices to data centers have been rendered ineffective. This has seen the rise of the software-defined wide area network (SD-WAN), which promises to enable organizations to seamlessly embrace the benefits of network transformation and remove any limitations from legacy WAN architectures.
Legacy SD-WAN Solutions Fall Short
Although SD-WAN offers numerous benefits for organizations, legacy SD-WAN approaches bring many challenges. For instance, many rely on force-fitting the traditional packet-based routing model into the cloud-ready enterprise. While this approach technically works, it’s far from optimal and cannot provide the return on investment (ROI) that SD-WAN has to offer. With Layer 3 packet-based policies, organizations are limited in creating application-based networking policies and lack application visibility, making it difficult for networking teams to deliver on application SLAs.
In addition, legacy SD-WAN solutions lack scalability and require constant manual intervention for Day 2 operations. This creates substantial administrative overhead for networking and operation teams, which can increase complexity and costs. To top it all off, legacy solutions require organizations to “bolt on” essential branch services, such as security and visibility. With multiple point products to deploy and manage, organizations struggle to maintain network and security operations while trying to keep costs low.
With all this in mind, it’s easy to see why a new generation of SD-WAN is needed.
The Next Generation of SD-WAN from Palo Alto Networks
Palo Alto Networks takes a fundamentally different approach with Prisma® SD-WAN, the industry’s first and only next-generation SD-WAN solution. Only Palo Alto Networks can provide SD-WAN with an ROI of up to 243%,1 simplify network operations by using machine learning to eliminate up to 99% of network trouble tickets, and improve the end user experience with a tenfold increase in WAN bandwidth at a lower cost than legacy architectures.
Highlights
Prisma SD-WAN provides three key architectural benefits:
- Application-defined: Gain deep application visibility with Layer 7 intelligence for network policy creation and traffic engineering. This can significantly improve the end user experience while enabling network teams to deliver SLAs for all applications.
- Autonomous: Automate operations and problem avoidance using machine learning and data science methodologies. This enables agile DevOps approaches for deployment by leveraging APIs to simplify network operations.
- Cloud-delivered: Enable delivery of all branch services to from the cloud, including networking and security. This can simplify WAN management while increasing ROI.
Lightweight Prisma SD-WAN ION branch appliance
Technical Specifications:
Prisma SD-WAN ION devices come in both hardware and software form factors to meet the needs of any location and deployment scenario. All ION devices are built with FIPS 140-2 as a security baseline. Encryption keys are specific to each customer and device, and they are rotated frequently, ensuring compliance mandates are met.
|
ION 1000 |
ION 1200 |
ION 1200 5G |
ION 2000 |
ION 3000 |
ION 7000 |
ION 9000 |
Use case |
Small remote office |
Enterprise small branch |
Enterprise small branch, ATM/Kiosks |
Small remote office |
Remote office |
Large remote office data center |
Multi-gigabit remote office data center and large campus |
Controller ports |
N/A |
N/A |
N/A |
10/100/1000 RJ45 (1) |
10/100/1000 RJ45 (2) |
10/100/1000 RJ45 (2) |
10/100/1000 RJ45 (2) |
WAN/LAN/ internet ports |
10/100/1000 RJ45 (4) |
10/100/1000 RJ45 (4) |
10/100/1000 RJ45 (4) |
10/100/1000 RJ45 (5) |
10/100/1000 RJ45*
(up to 12) |
10 GE SFP+ (6)
10/100/1000 RJ45 (8) |
10 GE SFP+ (8)
10/100/1000 RJ45 (8) |
Bypass pairs |
N/A |
N/A |
N/A |
1 pair—ports 4/5 |
6 pairs—all ports† |
2 pairs—ports 5/6 and 7/8 |
4 pairs—ports 1/2, 3/4,5/6,7/8 |
Throughput‡ |
Up to 100 Mbps |
250 Mbps |
250 Mbps |
Up to 250 Mbps |
Up to 500 Mbps |
Up to 5 Gbps |
Up to 10 Gbps |
Power and mechanical |
36 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
25 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
40 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
60 W power adapter (AC)
100–240 V, 50–60 Hz
Fanless |
1 PSU 150 W (AC)
100–240 V, 50–60 Hz
Smart fan |
1+1 redundant PSU 650 W (AC)
90–264 V, 47–63 Hz
Hot swappable fans (4) |
1+1 Hot swappable redundant PSU 450 W (AC)
100-240 V 50-60 Hz
Hot swappable fans (4) |
Certifications |
IEC 60950-1, cULus, FCC & CE Class A |
IEC 62368-1, cTUVus, FCC, CE B, RoHS |
IEC 62368-1, cTUVus, FCC, CE B, RoHS |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A, BIS, CCC, KCC |
IEC 60950-1, cULus, FCC & CE Class A |
Operating temperature |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F 3000m altitude
(0° C to 40° C) |
32° F to 104° F 3000m altitude
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
32° F to 104° F
(0° C to 40° C) |
Storage temperature |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
-4° F to 158° F
(-20° C to 70° C) |
Operating humidity (non-condensing) |
5% to 90% |
10% to 90% |
10% to 90% |
5% to 90% |
5% to 90% |
5% to 95% |
5% to 90% |
Storage humidity (non-condensing) |
5% to 95% |
10% to 90% |
10% to 90% |
5% to 95% |
5% to 95% |
5% to 95% |
5% to 95% |
Dimensions (LxWxH in inches) |
7.28” x 5.39” x 1.73” |
6.42” x 9.53” x
1.73” |
6.42” x 9.53” x
1.73” |
5.73” x 6.97” x 1.73” |
16.81” x 11.89” x 1.72” |
21.45” x 17.16” x 1.72” |
17.2” x 19.69” x 1.73” |
Weight |
2.2 lbs (1 kg) |
3.69 lbs. (1.6 kg.) |
3.75 lbs. (1.7kg.) |
2.64 lbs (1.2 kg) |
8.8 lbs (4 kg) |
28.6 lbs (13 kg) |
18.6 lbs (8.45 kg) |
* ION 3000 ports can be configured as discrete ports or as fail-to-wire pairs.
† All IONs have an AUX port, which you can connect at a baud rate of 115200 for out-of-band management.
‡ Encrypted throughput is measured with 1400 byte HTTP packets with all features turned on.