Home » Blog » SD-WAN Leaders Analysis Report
Logos for the six SD-WAN leaders with a vs. in the middle
Gartner’s most recent Magic Quadrant for SD-WAN identified six vendors as leaders in the market. These vendors qualify as leaders due to numerous factors, including their influence in the market, a demonstrated ability to adapt to changing customer requirements and innovate to anticipate future needs, and solid SD-WAN product offerings that serve most use cases and verticals. This report uses Gartner’s Magic Quadrant and independent analysis to compare the six SD-WAN leaders based on their features, security, versatility, and other key factors.

Comparing SD-WAN leaders

Leading SD-WAN Vendor

Key Takeaways

Cisco

    • Cisco Catalyst SD-WAN (formerly Viptela) and Cisco Meraki SD-WAN products include SD-WAN appliances, integrated security, and centralized management and orchestration

    • Cisco has a proven track record of aligning its SD-WAN feature roadmap with the ever-changing needs of enterprise customers

    • Catalyst and Meraki are different products with entirely separate management platforms, reducing scalability and versatility

Fortinet

    • Fortinet Secure SD-WAN includes physical and virtual NGFW appliances, multi-cloud on-ramp access, and centralized orchestration

    • Fortinet’s SD-WAN offering is extensible with the addition of AI-powered security bundles for a single-vendor SASE solution

    • Fortinet’s limited support for third-party integrations creates vendor lock-in and prevents companies from deploying a unified, multi-vendor SASE solution

HPE (Aruba)

    • HPE’s Aruba EdgeConnect SD-WAN and Aruba EdgeConnect SD-Branch products include physical and virtual appliances with centralized management and orchestration

    • Aruba SD-WAN offerings include performance optimization, cloud on-ramping, and enhanced operational capabilities

    • SD-WAN and SD-Branch offerings target different use cases, which could cause confusion, though both are managed by the same Aruba Central platform

Palo Alto Networks

    • Palo Alto Network’s Prisma SD-WAN includes Instant-On Network (ION) edge appliances and centralized orchestration, while the PAN-OS branch firewall can be upgraded with limited SD-WAN capabilities

    • Prisma provides robust SD-WAN features like cloud on-ramp access and autonomous digital experience management

    • Each product is managed separately and comes with limitations to either security or SD-WAN functionality

Versa Networks

    • Versa Networks offers the on-premises Secure SD-WAN and cloud-based Versa Titan products, which include physical or virtual appliances and centralized orchestration

    • Versa Networks offers a robust SD-WAN feature set, including strong routing and application steering, cloud on-ramping, and integrated security

    • Versa’s high price point and limited geographic presence make it unsuitable for customers in certain regions

VMware

    • VMware VeloCloud SD-WAN includes edge appliances, optional gateway points of presence (POPs), and a cloud-based orchestrator

    • VeloCloud SD-WAN integrates with VMware’s SASE platform as well as other products for cloud security and AIOps

    • VMware SD-WAN lacks native SD-Branch functionality and offers fewer integrated security features for the standalone SD-WAN product

Cisco

Cisco offers two different SD-WAN products: Cisco Catalyst SD-WAN (formerly Viptela), which targets enterprise customers, and Cisco Meraki SD-WAN, which targets mid-size organizations with lean IT operations. Each product is an entirely separate offering managed by different software platforms, making it difficult for a customer to mix-and-match products to adapt to new use cases or start with Meraki and then scale up to Catalyst during an aggressive growth period.

Catalyst SD-WAN is an advanced solution with integrated security, support for cloud on-ramp access, and integrations with ThousandEyes for monitoring and analytics as well as Cisco SSE products for a single-vendor SASE solution. Meraki SD-WAN is a more streamlined option, offering unified management of Meraki infrastructure with integrated security, zero-touch provisioning, and support for machine learning analytics.

Cisco SD-WAN - Pro's
  • Catalyst SD-WAN offers advanced features like multi-cloud on-ramp access and SSE integrations
  • Meraki SD-WAN provides a more streamlined experience with features like zero-touch provisioning to simplify lean IT operations
  • Cisco’s SD-WAN feature roadmap typically aligns with the current and future needs of enterprise customers
Cisco SD-WAN - Con's
  • Catalyst and Meraki are separate products with different management platforms, making it more challenging to use both
  • Based on Gartner’s reported client interactions, Cisco’s customer experience rating is lower than other vendors in this category

Fortinet

Fortinet’s Secure SD-WAN solutions run on FortiGate physical and virtual NGFW (next-generation firewall) appliances, tightly integrating networking and security in a consolidated platform. In addition to a centralized orchestrator, Fortinet SD-WAN includes zero-touch provisioning and multi-cloud on-ramp access. It also enables single-vendor SASE with the addition of optional, AI-powered security bundles. However, Fortinet’s limited third-party integrations create vendor lock-in and prevent customers from building a unified, customized, multi-vendor SASE solution.

Fortinet SD-WAN - Pro's
  • Fortinet combines SD-WAN functionality with NGFW appliances for a tightly integrated, consolidated experience
  • Fortinet offers zero-touch provisioning and multi-cloud on-ramp access to further streamline SD-WAN operations
  • Fortinet enables single-vendor SASE with options for AI-powered security bundles
Fortineet SD-WAN - Con's
  • Fortinet has limited integrations with third-party SSE vendors, preventing customers from unifying their multi-vendor SASE deployment
  • Gartner reports that Fortinet’s customer experience rating is below average compared to other SD-WAN vendors in the Magic Quadrant

HPE (Aruba)

HPE (Aruba) has two SD-WAN offerings: EdgeConnect SD-WAN, which is a standalone SD-WAN product, and EdgeConnect SD-Branch, which builds upon the SD-WAN platform by adding software-defined management for wired and wireless branch LANs. Both products run on physical and virtual NGFW appliances for integrated security functionality, and both are managed by the same central orchestrator. Additional features include multi-cloud on-ramp access, unified management of Aruba networking solutions, and integrations with Aruba SSE products for single-vendor SASE.

It’s notable that HPE (Aruba) is one of only two vendors named as Gartner SD-WAN leaders for all six years of the SD-WAN Magic Quadrant’s existence – the other is VMware.

HPE (Aruba) SD-WAN - Pro's
  • Aruba offers two tightly integrated products combining SD-WAN and NGFW functionality for converged networking
  • Aruba’s SD-Branch solution extends software-defined control and zero-trust security to wired and wireless branch LANs
  • Aruba’s products include multi-cloud on-ramp access and integrations with Aruba SSE for single-vendor SASE
HPE (Aruba) SD-WAN - Con's
  • Aruba’s two different SD-WAN offerings may confuse customers who are unfamiliar with SD-Branch technology
  • Gartner noted that Aruba’s geographic strategy lacked details, so it may not reach customers in all locations

Palo Alto Networks

Palo Alto Networks offers a dedicated SD-WAN product called Prisma SD-WAN, as well as an SD-WAN upgrade for its PAN-OS branch NGFW solution.

Prisma SD-WAN is part of Palo Alto’s Prisma SASE platform, which was one of the industry’s first complete, single-vendor SASE solutions. The SD-WAN component uses Palo Alto’s Instant-On Network (ION) edge appliances that include integrated, cloud-delivered security, AIOps, SD-Branch, cloud on-ramp access, and autonomous digital experience management (ADEM).

Palo Alto’s SD-WAN plugin integrates with PAN-OS branch firewalls to provide an SD-WAN overlay with centralized orchestration. It uses separate management software (called Panorama) from the Prisma platform. Essentially, each SD-WAN product targets different use cases and has different limitations. Prisma offers more advanced SD-WAN functionality but weaker on-premises security features (though this can be addressed by hosting Prisma on hardened third-party devices), whereas the PAN-OS platform offers strong branch security features but a more basic SD-WAN overlay.

Palo Alto Networks SD-WAN Pros
  • Prisma SD-WAN offers advanced features like cloud-delivered security, AIOps, SD-Branch, cloud on-ramp access, and ADEM
  • Palo Alto’s SD-WAN plugin for PAN-OS provides a simpler upgrade path for existing NGFW customers
  • Based on Gartner’s reporting client interactions and Peer Insights data, Palo Alto has an above-average customer experience rating
Palo Alto Networks SD-WAN Cons
  • Palo Alto customers must choose between robust SD-WAN with limited branch security or advanced on-premises security functionality with limited SD-WAN
  • Gartner clients reported that Palo Alto Prisma SD-WAN has higher pricing compared to other vendors

Versa Networks

Versa Networks provides two SD-WAN options, Versa Secure SD-WAN and Versa Titan, which are entirely separate platforms with different orchestrators. Versa Secure SD-WAN offers a fully-featured SD-WAN overlay including advanced features such as multi-cloud on-ramp access, AIOps, a wide range of integrated security functionality like CASB and NGFW, and automated zero-touch provisioning.

Versa Titan is a cloud-managed, single-vendor SASE platform for leaner IT operations, providing a basic SD-WAN overlay that’s tightly integrated with cloud-based security features. Titan is an entirely separate product offering and platform targeting an entirely different use case. It offers a more streamlined experience, and it’s more affordable than Versa Secure SD-WAN, according to Gartner analyst assessment and Peer Insights data.

Versa Networks SD-WAN Pros
  • Versa Secure SD-WAN is packed with advanced networking and security features like multi-cloud on-ramp access, AIOps, integrated security, and application steering
  • Versa Titan offers a streamlined, unified SASE platform with a basic SD-WAN overlay for lean IT operations
  • Gartner is optimistic about Versa Networks’ product roadmap and ability to meet changing customer requirements
Versa Networks SD-WAN Cons
  • Based on information from Gartner analysts and Peer Insights data, Versa Secure SD-WAN has a higher-then-average price point in the industry
  • Versa Networks lacks a strong global presence and may not reach customers in all regions or countries

VMware

VMware offers the VeloCloud SD-WAN product, which includes edge networking appliances (physical and virtual), optional gateway points of presence (POPs), and a centralized, cloud-based orchestrator. The VMware Edge Cloud Orchestrator software also integrates with other VMware products like VeloCloud Web Security and the VMware Edge Intelligence AIOps platform. VMware’s SD-WAN offering is also part of VMware’s VeloCloud SASE solution, which uses security functionality from Symantec (owned by Broadcom, the same parent company as VMware).

However, the VeloCloud SD-WAN product itself lacks many of the advanced features natively available in competing solutions, such as integrated security and SD-Branch. Despite these limitations, VMware is the only other vendor besides HPE (Aruba) to achieve Gartner SD-WAN leader status for six consecutive years.

VMware SD-WAN Pros
  • VMware VeloCloud SD-WAN includes optional features like gateway POPs and integrations with other VMware products for security and AIOps
  • VeloCloud SD-WAN is part of VMware’s VeloCloud SASE solution that uses Symantec security features to deliver unified SASE
  • VMware has a strong customer experience rating based on Gartner client interactions and Peer Insights data
VMware SD-WAN Cons
  • VMware VeloCloud SD-WAN lacks many of the advanced features natively offered by competing vendors, such as multi-cloud on-ramp access and SD-Branch
  • The standalone VeloCloud SD-WAN product has limited integrated security functionality unless expanded with additional services

A peek into the future of SD-WAN

Gartner’s SD-WAN Magic Quadrant predicted that by 2026, 60% of new SD-WAN purchases will be part of a single-vendor SASE solution, an increase of 45% from 2023. However, extensibility and vendor choice still factored into Gartner’s ratings of current SD-WAN leaders. Closed ecosystems with limited integrations prevent organizations from adapting to new use cases and changing requirements with the speed and agility needed to stay competitive.

Companies can avoid vendor lock-in by deploying vendor-neutral edge infrastructure that supports third-party SD-WAN and SASE solutions. For example, the Nodegrid platform from ZPE Systems provides powerful, consolidated branch networking functionality that integrates (or even directly runs) other vendors’ software for SD-WAN, security, AIOps, and more. Plus, Nodegrid provides out-of-band (OOB) management to ensure 24/7 remote management access and network resilience.

Deploy SD-WAN leaders with Nodegrid

Nodegrid provides a powerful, vendor-neutral foundation to simplify SD-WAN deployment and enable unlimited extensibility, future-proofing branch network operations. Request a free Nodegrid demo to see how it works with your chosen SD-WAN solution.

Get a Demo

ZPE Systems delivers innovative solutions to simplify infrastructure managment at the datacenter, branch, and edge. Learn how our Zero Pain Ecosystem can solve your biggest network orchestration pain points.  
Watch a Demo Contact Us