* [Blog](https://www2.paloaltonetworks.com/blog)
* [SASE](https://www2.paloaltonetworks.com/blog/sase/)
* [Product Features](https://www2.paloaltonetworks.com/blog/sase/category/product-features/)
* Secure SD-WAN: Best Pract...

# Secure SD-WAN: Best Practices from Palo Alto Networks and CloudGenix

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fsecure-sd-wan%2F)  
[](https://twitter.com/share?text=Secure+SD-WAN%3A+Best+Practices+from+Palo+Alto+Networks+and+CloudGenix&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fsecure-sd-wan%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fsase%2Fsecure-sd-wan%2F&title=Secure+SD-WAN%3A+Best+Practices+from+Palo+Alto+Networks+and+CloudGenix&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/sase/secure-sd-wan/&ts=markdown)  
\[\](mailto:?subject=Secure SD-WAN: Best Practices from Palo Alto Networks and CloudGenix)  
Link copied  
By [CloudGenix](https://www.paloaltonetworks.com/blog/author/cloudgenix/?ts=markdown "Posts by CloudGenix")  
Sep 26, 2019  
4 minutes  
[Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)  
[best practices](https://www.paloaltonetworks.com/blog/tag/best-practices/?ts=markdown)  
[SD-WAN](https://www.paloaltonetworks.com/blog/tag/sd-wan/?ts=markdown)  
[secure SD-WAN](https://www.paloaltonetworks.com/blog/tag/secure-sd-wan/?ts=markdown)

By now, most organizations have extended their IT infrastructure to the cloud. And many are using multiple clouds. ESG, in a recent webinar presented by CloudGenix and Palo Alto Networks, shared findings from a survey of 600 senior IT decision makers showing that 76% of respondents had already deployed multi-cloud environments, and nearly as many -- 67% -- were already using SaaS-delivered business applications.

ESG also talked about the challenges of not only ensuring network performance in these complex multi-cloud environments, but also making sure that SaaS-delivered apps are always on, are always secure, and always perform how employees need them to -- especially employees in remote office locations.

In a traditional network architecture, applications are housed in an on-premise data center. Remote office workers access those apps via MPLS VPN connections. Routers enable the underlying network between geographically diverse locations, and firewalls deployed at both the central data center and at each remote office create a security perimeter.

But this approach simply doesn't work in the world of cloud. Here's why:

* Cost -- more routers are needed to deploy and manage as well as additional MPLS fees.
* Complexity -- already overcommitted teams must manage multiple systems to fulfill network and security needs across multiple locations, and traditional MPLS-based networks are notoriously hard to provision or modify.
* Performance -- with the rise of SaaS-based apps comes a need to not only ensure that networks are performing as needed, but that the apps critical for employees and customers are as well.
* Security -- data breaches and attacks are part of today's reality, and in the world of cloud services where data is traveling over the public internet, there is no fixed perimeter to patrol.

## **Opportunities and Obstacles of SD-WAN**

Many organizations have adopted SD-WAN solutions to solve for these issues, but they too present their own challenges. Most solutions require multiple hardware products for SD-WAN and security, which once again means more complexity and more cost. Some solutions that have separate roadmaps for features related to network and security, making it near impossible for an organization to simultaneously meet both networking *and* security needs.

So how can organizations cost-effectively and securely meet the needs of remote branch offices? In reality, overcoming the challenges presented by centralized network architecture or legacy SD-WANs means re-imagining remote office IT infrastructure. It needs to be cloud-delivered rather than based on complex hardware or software stacks, and:

* WANs have to be unconstrained and highly reliable
* Security has to be pervasive across multi-cloud, SaaS, and data centers
* Unified Communications as a Service (UCaaS), voice, and video have to be highly reliable
* Multi-cloud access has to be high-speed
* IT operations have to be proactive

## **Next-gen WANs: The CloudGenix Autonomous WAN**

The CloudGenix Autonomous SD-WAN uses global intelligence to deliver performance and security SLAs for all applications over any WAN-type. By providing app-policies aligned to business intent, direct access to multi-cloud and dev-ops frameworks, it delivers significant productivity gains and cost-savings compared to gen-1 SD-WAN alternatives.

Our new joint solution with Palo Alto Networks -- and validated by ESG in the [Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix](https://www.brighttalk.com/webcast/14983/369799) webinar -- combines [CloudGenix Autonomous WAN](https://www.paloaltonetworks.com/network-security/sd-wan) with Palo Alto Networks Prisma Access, enabling organizations to deploy best-of-breed secure SD-WAN that is pre-integrated, requires no additional hardware or software to provision at the remote office, and lays the foundation for a zero-trust security architecture.

The joint secure SD-WAN solution enables organizations to:

* Apply traffic policy to application traffic. No longer are they restricted to applying policy within the on-premise network. L3 is insufficient in a multi-cloud, hybrid model. L3 -- L7 is ideal.
* Ensure consistent performance and high availability by automatically monitoring performance metrics against threshold, minimizing the need for manual intervention.
* Create policies in the cloud once and deploy them everywhere without the need for backhauling traffic to a controller
* Via an easy-to-use platform, integrate other services to be used in conjunction with SD-WAN and deploy them with a few clicks

To hear experts at Palo Alto and ESG talk more about this solution, as well as explain the 7 best practices for a secure SD-WAN, check out the [on-demand webinar](https://www.brighttalk.com/webcast/14983/369799) Secure SD-WAN: 7 Best Practices from Palo Alto Networks and CloudGenix now.

For a more in-depth look at Secure SD-WAN with CloudGenix and Prisma Access, [watch a demo here](https://www.brighttalk.com/webcast/14983/398469).

*** ** * ** ***

## Related Blogs

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)

[#### Grading Your Vendor: Best Practices for Security With Your SD-WAN Deployment](https://www2.paloaltonetworks.com/blog/sase/best-practices-for-security-with-your-sd-wan-deployment/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown)

[#### Networking Field Day](https://www2.paloaltonetworks.com/blog/sase/networking-field-day/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown)

[#### Delivering Agility and Performance with Prisma SD-WAN Innovations](https://www2.paloaltonetworks.com/blog/sase/delivering-agility-and-performance-with-prisma-sd-wan-innovations/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Day 2 Operations Simplified with the Power of AI](https://www2.paloaltonetworks.com/blog/sase/day-2-operations-simplified-with-the-power-of-ai/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [SD-WAN](https://www.paloaltonetworks.com/blog/sase/category/sd-wan/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Securing your Branches with Zero Compromise](https://www2.paloaltonetworks.com/blog/sase/securing-branches-zero-compromise/)

### [Product Features](https://www.paloaltonetworks.com/blog/sase/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/sase/category/use-cases/?ts=markdown)

[#### Delivering Flexible Connectivity for Today's Branches](https://www2.paloaltonetworks.com/blog/sase/delivering-flexible-connectivity-for-todays-branches/)

### Subscribe to Sase Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language