Best SD-WAN Vendors and Solutions

A software-defined WAN (SD-WAN) offers a simple way to merge the networks of a multi-site business into one. Individual networks that serve one location are called “local area networks” (LANs); networks that cover multiple sites are called “wide area networks” (WANs).

Using the internet to facilitate communication between LANs does not create a WAN. In a WAN, all of the links are private, even though they are laid over long distances.

Here is our list of the best SD-WAN vendors:

  1. VMWare SASE SD-WAN EDITOR’S CHOICE An SD-WAN option offered by VMWare in its SASE platform, you can also choose to have the full SASE service with a cloud-based firewall built-in. Combining this with the popular VMWare server hypervisors you can virtualize your entire infrastructure. This is a SaaS platform with on-site appliances.
  2. Citrix SD-WAN Provided by a major virtualization systems producer, this service is more than just a SASE with the firewall turned off. Use it to improve traffic flows for interactive applications. Offered as a SaaS platform or as a service on AWS, GCP, and Azure.
  3. FortiGate Secure SD-WAN This is a SASE by another name and is provided by a major firewall producer. Offered as a physical appliance, a virtual appliance or as a SaaS package.
  4. Aruba EdgeConnect This SD-WAN system is provided by a division of Hewlett Packard. It can integrate with other products, including firewalls to create a SASE. Offered as a physical appliance or a ritual appliance.
  5. Aryaka Networks This is a managed service so your newly integrated WAN will be run by a team of technicians that remove the need for you to employ your own network admin staff.
  6. Lumen SD-WAN This was formerly CenturyLink SD-WAN and it is a managed network service available for a major US internet service provider. A co-managed option is available.
  7. Versa Secure SD-WAN This SD-WAN system can be upgraded to a SASE by including an optional firewall system. Each site needs a physical appliance installed on it in order to participate. The system has a multi-tenancy architecture to suit MSPs.
  8. Cato SASE Cloud A secure SD-WAN service from the owner of a high-speed backbone owner that can channel your traffic down its own infrastructure. Requires a proprietary gateway on each site.
  9. Cisco Meraki SD-WAN An SD-WAN service implemented through Meraki gateway appliances and coordinated through a Cloud hub.
  10. Oracle SD-WAN A Cloud-based hub that requires a physical or a virtual appliance operating on each included LAN. Firewall services can be added on.
  11. Palo Alto Prisma Available as an SD-WAN or a higher SASE, which is called Prisma Access. This is a cloud service with local agents on each included which can be loaded onto an appliance.

Why use an SD-WAN?

Buying all of the cable to link two sites together and getting permission to lay that cable over public and private land is very expensive and complicated. One solution is to lease a line from a telecommunications company. However, this strategy is also costly.

The most cost-effective medium to connect sites together is over the internet. SD-WANs deploy techniques to create a private network link over the internet.

This is known as an “overlay network” and it counts as a private line, even though the physical medium is not owned by the business operating the network. This is how SD-WAN got its name, it converts internet-connected LANs into a WAN through software methods.

SD-WANs require a device to connect to the internet. The system can be created by channeling all internet-bound traffic through a server that runs the WAN-creating software and then on to the network’s gateway. This is called a virtual solution. The other option is to buy a special appliance that is a gateway with the SD-WAN software embedded in it.

SD-WANs and UCaaS

Thanks to the cloud, businesses don’t need to buy and manage the software to create an SD-WAN solution, nor the hardware required to run communications software or a special appliance. A Cloud-based SD-WAN system is officially called “Unified Communications as a Service,” or UCaaS.

UCaaS is an edge service that takes care of all routing for your business. All traffic from all of your sites is channeled to the UCaaS server, which acts as a hub. The SD-WAN software on the cloud server routes company traffic through to the appropriate site and sends regular internet traffic destined to other organizations through a gateway.

The connections between sites are all secured with encryption. The IP packets that travel between sites and the cloud-based hub are hidden with encapsulation. This carries the original network packet inside an outer packet. All of the original packet, including its header is encrypted.

Network administrators get access to a console on the UCaaS server and can get traffic statistics from it, even watching live feedback on traffic flows.

More about SD-WAN Technology

The SD-WAN software, whether hosted on a computer, embedded in an appliance or based on the cloud provider’s server, enables the address space of all participating LANs to be unified. This is what makes the WAN.

The internet is a separate address space and its inclusion in the system breaks the requirements for the definition of a private WAN. However, the encapsulation procedures of the SD-WAN bridge that address-related problem, enabling the network software to ignore the underlying internet’s addressing requirements.

You can read more about the methodology in creating a software-defined WAN in the article “What is SD-WAN?”

The best SD-WAN vendors

Thanks to UCaaS, you have cloud services to consider when looking for an SD-WAN solution as well as on-site solutions in the form of appliances or software. We have put together a shortlist of the best SD-WAN vendors, which includes all of these options.

Our methodology for selecting an SD-WAN solution 

We reviewed the best SD-WAN vendors and analyzed their tools based on the following criteria:

  • A cloud-based system
  • A browser-based console for management tasks
  • Automated address pool segmentation per site
  • Secure connections over the internet managed by VPNs
  • A system that allows underlying connection to change without needing to remap network addresses
  • A free trial or a demo system for a cost-free assessment opportunity
  • A faultless service that is easy to implement and is delivered at a fair price

With these selection criteria in mind, we examined the SD-WAN products of the leading network virtualization vendors in the business and came up with a collection of services that we are happy to recommend.

You can read more about these solutions in the following sections.



VMWare is the world’s largest server virtualization provider. The software-defined WAN is a very similar concept to virtualization because both remap physical resources through the way the software presents them to the human user. So, it makes sense for VMWare to get into this field.

Key Features

  • Cloud Integration: Seamlessly connects on-premises VMware implementations with cloud services.
  • SASE Upgrade Path: Offers a smooth transition to a full Secure Access Service Edge (SASE) model.
  • Multi-Site Capability: Easily integrates multiple physical sites with cloud platforms.
  • Transport Flexibility: Supports various underlying transport technologies for versatility.
  • Appliance Requirement: Each site requires a dedicated VMware appliance for optimal performance.

Why do we recommend it?

VMware SASE SD-WAN gives you a number of options over your system virtualization because this cloud-based service links up with on-site implementations of VMware on your own servers. So, you can completely virtualize your entire IT infrastructure through a combination of VMware tools. You can opt to create a virtual network by implementing an SD-WAN or add on a cloud firewall to create a full SASE. This is a very competent virtualization package from a reliable and trusted brand.

The VMWare SD-WAN system is available in a UCaaS format, as an appliance, or a combination of the two. The cloud service can overlay a WAN on internet connections and the appliance has multiprotocol label switching (MPLS) capabilities as well. The system is able to link together physical sites and also bring cloud resources into the WAN.

Who is it recommended for?

Anyone would benefit from the use of VMware’s system for creating an SD-WAN. While the concept of a virtual network seems to be a big-business concept, it is actually a very appropriate mechanism for small businesses that use remote staff on contract. You can forge a virtual office with this VMware system, even to the extent of having one corporate IP address to front the underlying reality of an internet-based, dispersed team working on their own computers. A big advantage of setting this virtual system up with WMware tools is that the products are well documented and there are lots of free training videos on using the system.


  • Trusted Virtualization Expert: Built by VMware, a leader in enterprise virtualization solutions.
  • MPLS Support: Uses multiprotocol label switching for faster and more efficient data routing.
  • VMware Ecosystem Integration: Seamlessly integrates within the broader VMware ecosystem.
  • Intuitive Interface: Features a clean, user-friendly interface for ease of management.


  • Platform Compatibility: May encounter integration challenges with non-VMware platforms.
  • Specialized Hardware Need: Requires specific VMware appliances at each site, potentially increasing setup costs.

As a very successful virtualization provider, WMWare has the resources and the know-how to make its SD-WAN products robust, reliable, and efficient. The opportunity of integrating all network infrastructure through VMWare products, which include cloud resources, is a very tempting proposition. These qualities make VeloCloud our top pick for SD-WANs.


VMWare SASE SD-WAN is our top pick for an SD-WAN solution because VMWare is the leading producer of hypervisors in the world and they know what they are doing with network virtualization thanks to their vast experience of implementing local virtual switches as part of their VM infrastructure. Extending the capabilities of VMWare across your entire WAN management system makes sense, particularly if you use VMWare products already on your servers or on cloud platforms. Choose to add on firewall services to get the full SASE package.

Official Site:

OS: Cloud-based or physical appliance

2. Citrix SD-WAN

Citrix SD-WAN dashboard - Configuration view

Citrix is the second-largest provider of virtualization software in the world. The commercial and technical logic of fitting SD-WANs into the product list of a VM producer is just as compelling with Citrix as it is for VMWare. (The Citrix line of cloud and networking services was named NetScaler until recently.)

Key Features

  • SaaS Flexibility: Offers both SaaS and other cloud platform integrations.
  • Traffic Management: Efficiently manages and optimizes traffic flows across networks.
  • VoIP Optimization: Special traffic shaping features tailored for superior VoIP performance.
  • MSP Design: Tailored for Managed Service Providers, enhancing service offerings.

Why do we recommend it?

Citrix SD-WAN is a strong contender for the number one spot in this review because it is provided by another leader in the field of virtualization. The Citrix Xen service enables you to create VMs and it is particularly suitable for creating thin clients. With the SD-WAN system, you can extend virtual desktops to all devices on any of your sites and even on mobile devices. Even without the Xen Server integration, this is a great tool for inter-site traffic management.

The service is delivered from the cloud platform and it manages all traffic from all of the client’s business sites and cloud resources. It can implement QoS prioritization by identifying the applications of passing traffic and accelerating time-critical interactive applications, such as VoIP.

Other benefits of the Citrix service include failover procedures that reroutes traffic automatically if a network fault is identified.

Who is it recommended for?

You can use this virtual network system with or without on-site server virtualization. This system is resident in the cloud whether you take it as a SaaS package or run the software on your own cloud account. This system is good for those businesses that run a virtual office and also for large businesses that have multiple sites and want to consolidate inter-site traffic for the best possible service delivery, such as VoIP optimization.


  • Virtualization Giant: Developed by Citrix, a global leader in virtualization technology.
  • Advanced QoS Features: Supports Quality of Service for prioritized traffic management.
  • Robust Failover Systems: Enhances network reliability with effective failover mechanisms.
  • MSP-Friendly: Ideal for businesses looking to resell SD-WAN services.


  • Complex Configuration: The setup process can be intricate and less intuitive for beginners.

Citrix SD-WAN is also available as an appliance and as a cloud-resident virtual appliance for your own team to manage in-house. The system is also available as a multi-tenanted product aimed at managed service providers.

3. FortiGate Secure SD-WAN

FortiGate Secure SD-WAN

Fortinet made its name through the excellence of its network security software. It builds security features into its FortiGate Secure SD-WAN. This product is an adaptation of the company’s top-selling firewall appliance, FortiGate.

Key Features

  • Flexible Deployment: Available as SaaS, virtual, or physical appliance.
  • Cloud Compatibility: Optionally runs on major platforms like AWS or Azure.
  • Application Prioritization: Enhances performance with application-level traffic management.

Why do we recommend it?

FortiGate Secure SD-WAN is part of a multi-site package offered by the leading firewall appliance provider. Fortinet is very focused on its hardware firewall products and it is only recently that it has branched out into virtual appliances and cloud-based services. The classic FortiGate firewall device can for a gateway for a site as part of the SD-WAN solution. The device then interprets all of the SD-WAN addresses that connect the wider network into local addresses on the network that it protects.

The FortiGate Secure SD-WAN is available as an appliance, a cloud service, or as a virtual machine. This is the Fortinet firewall with added SD-WAN capabilities. The WAN management tools in this package can create WANs across the internet. Features include WAN optimization and application prioritization.

Fortinet produces a long list of FortiGate appliance models with the main difference between them being the data throughput capacity that each can handle. The software version can run on AWS and Azure servers either as a SaaS package or on a “bring your own license” basis.

Who is it recommended for?

Hardware firewalls are less appealing to small businesses and startups because they create a high upfront cost. However, the virtual deployment options make the FortiGate SD-WAN more accessible. Fortinet offers a number of deployment options, including the addition of a Firewall-as-a-Service package to create a SASE.


  • Security Expertise: Leverages Fortinet’s extensive experience in network security.
  • FortiGate Integration: Seamlessly works with Fortinet’s range of firewall products.
  • Cloud Versatility: Supports both AWS and Azure, offering flexibility for cloud-based operations.


  • Additional Management Tool: Requires FortiManager for comprehensive WAN management, adding complexity.

A companion product provides WAN management and monitoring functions. This is called FortiManager and it is also available as an appliance, as a virtual machine, and as cloud-based services resident on AWS and Azure servers.

4. Aruba EdgeConnect

aruba Central

Aruba EdgeConnect is part of a suite of network support hardware that creates, improves, and monitors SD-WANs. The system is available as an appliance or as a virtual machine.

Key Features

  • Deployment Options: Can be installed as a virtual or physical appliance.
  • Integrated Firewall: Includes a robust firewall for enhanced network security.
  • WAN Optimization: Features advanced technology for WAN traffic enhancement.

Why do we recommend it?

Aruba Networks is the first network specialist provider on our list. The Aruba EdgeConnect SD-WAN service is a competent implementation of the SD-WAN concept and it can be expanded into a SASE. Aruba isn’t the largest network software provider but it has established a reputation for innovation that puts it among the market leaders. This tool can provide traffic optimization and can create multiple virtual networks simultaneously to create separate VLANs for different types of traffic across the internet between and through sites.

This system is an edge service and it can conduct more tasks than just creating an SD-WAN. Other features of this appliance include a firewall and a WAN optimizer. It is able to create several WAN overlays, creating separate streams for important, time-critical traffic, such as VoIP and interactive video applications.

As well as traffic shaping measures, the Aruba EdgeConnect monitors for connection stability and quality. Multiple simultaneous connections also provide redundancy to protect against link failure over the internet. The system compensates for jitter and out-of-sequence packets by correcting transmission errors and irregularities.

The system comes with an attractive console, which shows live traffic statistics, both as data and as visualizations.

Who is it recommended for?

The Aruba system is particularly good at managing VoIP traffic. It follows all of the packets of a VoIP or live video conferencing connection and ensures that they run at a regular rate, eradicating jitter. So, any business that is heavily reliant on the virtual WAN for interpersonal communications should prioritize the Aruba Networks system when examining options for an SD-WAN or a SASE implementation. The interface for the tool is attractive and easy to use, so you don’t need to be a networking expert to set up an SD-WAN with this tool.


  • User-Friendly Interface: Known for its exceptionally intuitive and easy-to-use interface.
  • Flexibility in Installation: Offers both appliance and virtual machine deployment options.
  • Advanced Traffic Management: Equipped with traffic shaping and detailed traffic analysis tools.
  • Jitter Correction: Excels in managing and correcting jitter for VoIP connections.


  • Limited UTM Features: May lack some advanced Unified Threat Management functionalities.

5. Aryaka Networks

Aryaka Networks

Aryaka is a managed service provider of network services, including an SD-WAN system. As this is a remote-based system, you don’t need to install any network management software on your site or buy appliances. Your sites connect to the Aryaka server via VPNs and then all switching between sites or to the internet is taken care of there.

Key Features

  • Managed Service: Provides fully managed SD-WAN, simplifying network management.
  • Included Technicians: Comes with expert support, reducing the need for in-house expertise.
  • Traffic Optimization: Implements traffic shaping for efficient network performance.

Why do we recommend it?

Aryaka Networks is a managed service, so you don’t need to have any networking experts on staff to use this SD-WAN system. The service is easy to enroll in because the connections between your sites all go through the Aryaka Networks cloud servers. Always-on VPN services secure the connections between your sites and the Aryaka Networks hub. The technicians of Aryaka Networks then set up the SD-WAN and monitor its performance. The remote team will automatically detect the different types of traffic that your users generate and adjust network settings accordingly.

You don’t need to keep on-site technicians to manage your WAN because the services of the Aryaka Network operators are included in the subscription price of the SD-WAN.

Aryaka excludes MPLS options and channels all traffic through its servers over the internet. As network data passes through the Aryaka servers, they apply traffic shaping measures including application prioritization and QoS procedures.

Who is it recommended for?

This system is a good option for small businesses and any organization that would find it difficult to keep a network management team on the payroll. Managed service providers are becoming widely used and are recognized as an efficient way to maximize the use of hard-to-find experts, so the network specialist services of Aryaka Networks offer just another option that a lightweight outsourcing company can select.


  • Hassle-Free Setup: Offers SD-WAN as a fully managed service, eliminating complex installations.
  • User-Friendly Dashboard: Provides a web-based dashboard for easy monitoring from anywhere.
  • Effortless Management: Ideal for businesses looking to minimize their networking complexities.


  • Higher Cost: Managed services generally come at a premium compared to DIY solutions.
  • Less Control: Businesses might have limited customization and control over the network.

Although all of the network management is included in the price, Aryaka Networks customers get access to a system console that gives them live views on traffic flows and analytical tools.

6. Lumen SD-WAN

CenturyLink SD-WAN dashboard - services view

Lumen offers a fully managed or co-managed SD-WAN service. Until recently, Lumen was known as CenturyLink and it is one of the largest ISPs in the United States. The SD-WAN is part of the company’s business services division that works on top of its Internet infrastructure.

Key Features

  • Management Options: Offers both fully managed and co-managed SD-WAN services.
  • LAN Management: Includes LAN management capabilities for comprehensive network control.
  • Application Prioritization: Implements application-based traffic prioritization for enhanced performance.

Why do we recommend it?

Lumen SD-WAN is another managed service but this provider offers a co-managed option. Therefore, this system is a direct competitor to Aryaka Networks and also has a version that Aryaka Networks doesn’t offer. Lumen is a new band but the business is long established and originally had a name that is very well known to American internet consumers – CenturyLink. As SD-WANs are all about managing the way traffic flows across the internet between business sites, this provider has an excellent knowledge base on how to improve internet traffic flows.

What that means is that the service includes technicians to set up the WAN and monitor the dashboard of the system while the WAN is in operation. That managed service means that the subscriber not only doesn’t need to install software or run suitable hardware but doesn’t even need onsite technicians.

The managed SD-WAN service is certainly a good option for small businesses. Larger businesses can also benefit if their IT strategy is working towards doing away with an internal network altogether and relying on cloud services. In this plan, the SD-WAN system will end up substituting for the internal network as well as the connections between sites.

Whether you take the managed service option or not, the Lumen SD-WAN system will create priorities for speed-sensitive applications and will monitor all connections to look out for failure, which the Lumen service can workaround. Lumen is also able to offer add-on security measures to the SD-WAN service.

Who is it recommended for?

The core market for this system is the same as that for Aryaka Network, so small businesses and companies that want to outsource a lot of expert tasks would like this SD-WAN package. Very large businesses that have their own network managers for internal traffic but want to bring in outside consultants for inter-site connections should consider Lumen SD-WAN. The Lumen SD-WAN co-managed option is a lot cheaper than hiring a firm of consultants to set up your SD-WAN and train your staff.


  • Flexible Management: Provides options between full and co-managed services for tailored control.
  • No On-Site Requirement: Eliminates the need for on-site technicians and hardware investment.
  • QoS Support: Ideal for mission-critical applications requiring stringent Service Level Agreements (SLAs).


  • Small Business Orientation: More beneficial for smaller businesses with limited IT resources.
  • Add-On Security: Basic package lacks advanced security features, available separately.

If you want to manage the SD-WAN system yourself and pass on the managed service option, the Lumen package has a useful dashboard, which is accessed through any browser. The dashboard shows live traffic flows and also has analytical tools that work on historical data to let you plan your future capacity needs.

7. Versa Secure SD-WAN

Versa Secure SD-WAN

Versa Secure SD-WAN is part of the Versa SASE service. It can be seen as a lower tier package to the higher SASE plan. Although this system is labeled secure, it doesn’t include FWaaS for traffic to destinations outside the WAN, which is included in the SASE edition. As well as being a good tool for IT Operations departments, this package is good for MSPs because it has a multi-tenancy architecture built into it.

Key Features

  • MSP-Friendly Architecture: Designed with a multi-tenant architecture for Managed Service Providers.
  • Site Appliances Required: Each network site requires a Versa Networks appliance.
  • Managed Service Option: Available as a managed service for ease of deployment and maintenance.

Why do we recommend it?

Versa Secure SD-WAN is an interesting product to consider immediately after discussing Aryaka Networks and Lumen SD-WAN because while they are managed service providers that offer SD-WANs, this is an SD-WAN system for use by managed service providers. The scope of this package is very interesting because it enables MSPs to get into a new field of service that not many of them offer right now. Versa Networks also offers a SASE solution and the elements of network virtualization and security available in the company’s toolkit can also be configured as a Zero Trust Access system.

Each LAN that is going to be managed by the SD-WAN needs a proprietary physical appliance from Versa Networks. Cloud resources can be included by activating an integration on your account for AWS, GCP, Azure, or cloud-based SaaS systems.

You can set up a range of underlying infrastructure elements to support the overlay network and that can include MPLS, regular internet service, and LTE. Switching carriers later makes no impact on applications because the SD-WAN software instantly connects its permanent surface topology through to whatever physical layer you specify.

Who is it recommended for?

The multi-tenant architecture is optional, so this isn’t just a tool for managed service providers – IT departments can use it for corporate WAN management. This is a tool that is suitable for use by large organizations with multiple sites rather than small businesses operating a virtual office strategy. This isn’t an out-of-the-box solution and any company adopting this platfo4m will need experts to define and build a customized WAN security strategy.


  • Carrier Flexibility: Offers a static overlay network adaptable to changing carrier contracts.
  • Wide Asset Integration: Includes wireless and cloud assets in the WAN configuration.
  • MSP Oriented: Particularly suitable for Managed Service Providers looking to expand services.


  • Appliance Dependence: Necessitates the purchase of a physical appliance for each site, adding to costs.

You can start with the base SD-WAN service and then add on other features, such as the next-generation firewall to build up a SASE.

8. Cato SASE Cloud

Cato SASE Cloud

Cato Networks operates a high-speed internet backbone service and also runs a range of cloud services for network and communications businesses. Among those network services, the company provides an SD-WAN system.

Key Features

  • Backbone Access: Direct connection to a high-speed internet backbone for faster data transfer.
  • Hardware Requirement: Implementation requires a Cato Networks physical appliance.
  • Traffic Shaping Capabilities: Advanced features for optimizing network traffic flow.

Why do we recommend it?

Cato SASE Cloud is a platform of network trunking and hardware appliances with different network and application security management services rather than a straightforward SASE system. So, you can use these components to create an SD-WAN, to implement Zero Trust Access, or to go for the full SASE strategy. Cato Networks is a highly respected high-speed internet backbone provider.

The SD-WAN is implemented through an appliance. This is called the Cato Socket and it routes all business traffic over a local connection to the nearest access point of the Cato backbone. The software embedded in the socket applies a range of services, including QoS procedures, traffic shaping, application prioritization, and packet duplication to overcome packet loss.

Not all traffic is sent over the private backbone. Where that line is too distant to be a viable carrier, the Socket chooses MLPS and internet transport options to reach nearby WAN sites.

The Socket coordinates with cloud-based processes run on the Cato servers to provide better routing and traffic management services and also to add a security layer to transmissions.

Who is it recommended for?

Cato Networks is a company that caters to network specialists and they don’t go to any lengths to sugarcoat their technical products with marketing. The audience for this system is very competent in technical issues and so you would really need to be a networking specialist to find this package of products accessible. That means the package isn’t a ready-to-go plug-and-play system for the owner-managers of small businesses. This is a solution that needs to be run by a large in-house team of technical experts, and it requires hardware purchases, which creates upfront costs so it is designed for use by large corporations. The advantage that Cato Networks has over its rivals is that it can offer very high transfer speeds between sites.


  • Comprehensive Services: Offers a suite of network services including high-speed backbone and cloud communication.
  • Simplified SD-WAN Implementation: Utilizes a preconfigured application socket for easy setup.
  • Enhanced Traffic Management: Features traffic shaping, QoS, and packet duplication for a robust network experience.


  • Self-Management Required: Lacks a fully managed option, necessitating in-house technical expertise.
  • Limited Training Resources: May not provide extensive product training, requiring prior knowledge.

9. Cisco Meraki SD-WAN

Meraki SD-WAN

Cisco’s Meraki division provides cloud services to businesses, including an SD-WAN system. Cisco is a major supplier of network equipment and also supplies many of the routers on the internet.

Key Features

  • Enhanced Security: Offers strong connection security, leveraging Cisco’s expertise.
  • Reputed Brand: Part of Cisco’s widely respected network equipment portfolio.
  • Infrastructure Masking: Simplifies complex sporting infrastructures for easier management.

Why do we recommend it?

Cisco Meraki SD-WAN is a product of the definitive router manufacturer for the internet. Cisco provides excellent security tools within the proprietary operating systems of its routers and Cisco Neraki is an add-on software package that enhances those on-device capabilities and makes cross-device network management a lot easier to implement. In the case of SD-WANs, you are looking at coordinating device activities across networks and possibly over very long distances of internet, so it is a necessary service if you want to coordinate your Cisco devices to create a virtual network.

What users like most about this service is that the console is easy to access from anywhere through a browser and the system is easy to learn.

The interface makes setting policies and implementing them very easy. Each branch link to the cloud SD-WAN manager via a Meraki MX appliance, which has VPN client software loaded onto it in order to ensure transmission security. All of the work of selectively switching traffic between sites or out to the internet is taken care of by the Meraki SD-WAN service.

Who is it recommended for?

The big advantage that Cisco has over its rivals is its excellent training facilities. The company has very highly respected online courses and gaining a qualification at the end of one of these courses is career enhancing. Thus, most networking experts are familiar with Cisco products and how to use their security features to improve protection for business activities. Therefore, it will be very easy for a well-qualified network administrator to implement an SD-WAN with the Cisco Meraki system. Less-qualified technicians might struggle with this product.


  • Easy Installation: Compatible with Meraki MX appliances for straightforward deployment.
  • Feature-Rich: Supports a variety of VPN configurations for diverse network needs.
  • Accessible Connectivity: Facilitates easy establishment of secure network connections.


  • Scalability Challenges: May face difficulties in scaling configurations for large numbers of sites.
  • Complex Customization: Custom configurations can be intricate and challenging to implement.

10. Oracle SD-WAN

Oracle SD-WAN

Oracle stresses its SD-WAN service’s ability to link up the cloud services used by its clients to their LANs. At the same time, the service will connect different sites together. The Oracle’s SD-WAN is cloud-based and communicates with all client sites and resources over the internet, so it doesn’t have any MPLS capabilities.

Key Features

  • Reliable Failover: Focuses on strong reliability with robust failover mechanisms.
  • Versatile Deployment: Available as SaaS, virtual, or physical appliance.
  • Edge Integration: Can be integrated with other edge services for a comprehensive solution.

Why do we recommend it?

Oracle SD-WAN is a device-based product that is provided by Oracle Talari appliances. The company also decided to offer its SD-WAN services from the Cloud. This product isn’t so easy to find on the Oracle website anymore and seems to be in the process of being phased out.

Oracle paid close attention to failover procedures and stresses its reliability goals. The SD-WAN system can be expanded into a full “edge” service. This includes a cloud-based firewall and traffic optimization measures. Edge services can also be deployed as a virtual machine or as an appliance.

Another SD-WAN related service offered by Oracle is its WAN monitoring system, called SD-WAN Aware. This service is also delivered from the Cloud.

Who is it recommended for?

Oracle SD-WAN is a system that aims to unify hybrid systems that include both cloud-based and on-premises resources. A key feature of this product is reliability, so it is particularly interesting for businesses that stress high availability and rely on the SD-WAN to manage VoIP traffic.


  • Effective Visualization Tools: Provides clear network visualizations for easy monitoring.
  • Redundant Failover: Ensures robust site redundancy with reliable failover systems.
  • Edge Service Capability: Can operate effectively as part of a larger edge service network.


  • Complex Reporting: Reporting features may be complex and not easily customizable.
  • Dashboard Setup: Setting up custom dashboards and metrics can be overly complicated.

11. Palo Alto Prisma

Palo Alto Prisma SD-WAN

Palo Alto Prisma is an edge service that is available in two formats. The Prisma SD-WAN welds LANs together into a unified WAN. There is also a SASE package available, called Prisma Access. The system needs Prisma-active routers to be installed on sites or get the Prisma client software loaded onto your existing gateways.

Key Features

  • SASE Upgrade Path: Offers an upgrade option to a more comprehensive SASE solution.
  • Privacy Protection: Ensures connection privacy across the network.
  • Wireless Integration: Also covers wireless network systems within its scope.

Why do we recommend it?

Palo Alto Prisma is provided by a leading network security systems provider. The company is particularly prominent in the field of firewalls. There is a cloud firewall system that can be added on to the Prisma package to create a SASE. While operating on the cloud, the Prisma system requires the involvement of gateway-based software on each site. This helps to channel all traffic through the Palo Alto servers where it is switched either for forwarding to other sites or out to third-party destinations. Thus, whether you implement the Palo Alto firewall or not, you get your entire organization fronted by a Palo Alto edge server. Channeling all traffic through the edge service also gives you options for traffic management, such as load balancing and WAN optimization.

Almost all of the work of implementing the SD-WAN is performed on the Palo Alto cloud server. The seat of the Prisma service is home to a range of edge services, such as load balancing, traffic shaping, and data loss prevention.

Who is it recommended for?

Despite being the product of a very advanced cybersecurity specialist, Palo Alto Prisma is very accessible. The system is straightforward and easy to conceptualize – you just channel all traffic from each site to the Palo Alto server. Therefore, you don’t need to be an expert with knowledge of cutting-edge networking technology to implement an SD-WAN with the Palo Alto Prisma system. A nice feature of this package is that it will also logically merge your wireless networks into the SD-WAN.


  • Centralized Management: Features a cloud-resident console for streamlined network management.
  • SSL Offloading: Enhances network performance with SSL offloading capabilities.
  • Traffic Protection: Offers robust protection for inter-site traffic, enhancing security.


  • Opaque Pricing: Palo Alto does not publicly disclose detailed pricing information, which can complicate budgeting.

The Prisma system can include wireless networks and cloud resources. You can get a test drive of both the Prisma Access and Prisma SD-WAN services.

Set an SD-WAN strategy

Your starting point on your SD-WAN buyer’s journey is to decide whether you want to host the SD-WAN software, buy a specialized appliance to implement the WAN connections, or opt for a cloud-based SD-WAN service. As you can see from our list, we have looked into all three deployment methods and found solutions for each.

Once your strategy is sorted out, your search becomes a lot easier. Our shortlist of the best SD-WAN vendors should help to speed up that process.


What is an SD-WAN appliance?

An SD-WAN appliance is a replacement for a traditional network router. It implements all of the connection management for an entire LAN to link through to remote sites.

What is the difference between SD-WAN and MPLS?

Multiprotocol Label Switching (MLPS) is a routing algorithm that selects a neighboring router to pass data onto by its short path label rather than by looking at a routing table. SD-WAN works with IP addresses and so is easier to route over the internet. The SD-WAN just manages the address differences when accessing an endpoint on a remote network so it seems to be resident on the local network.

What are the weaknesses of SD-WAN?

SD-WANs do have weaknesses. They require more planning than a traditional WAN system and some monitoring systems might not be able to communicate with the SD-WAN service/appliance or properly interpret the address space that it creates.

Which three business problems does SD-WAN address?

Not all SD-WAN systems are equal. However, the SD-WAN process offers opportunities to bundle many services together. A good SD-WAN system will also include network security protection. Another advantage is that it can optimize speeds for different types of traffic traveling between sites. Thirdly, SD-WANs can easily integrate new sites because all of the addressing issues are solved by remapping them within the SD-WAN.

What layer does SD-WAN use?

Going by the OSI stack numbering, SD-WAN can operate on Layer 2 and Layer 3. Some experts explain this duality by labeling SD-WAN Layer 2.5 technology.

Does SD-WAN replace a VPN?

A VPN establishes a single connection across the internet and channels all traffic along that connection. An SD-WAN manages multiple simultaneous connections. It can use different technologies for each, including a VPN.