Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

SD-WAN Vendors Comparison Chart

How Cisco stacks up to the SD-WAN competition

See how Cisco outperforms Huawei, HPE, Fortinet, and others. With innovations in software-defined networking, NFV, and integrated security, Cisco offers a more extensive solution and provides a foundation for intent-based networking. 

SD-WAN

Cisco

VMware

Fortinet

Silver Peak

Versa

Expand all

Networking

Software upgrade to SD-WANEnabling SD-WAN Does not require adding to, or changing, existing infrastructure.Requires adding new hardware to use SD-WAN.Enabling SD-WAN does not require adding to, or changing, existing infrastructure.Requires adding new hardware to use SD-WAN.Requires adding new hardware to use SD-WAN.
Enabling SD-WAN Does not require adding to, or changing, existing infrastructure.Requires adding new hardware to use SD-WAN.Enabling SD-WAN does not require adding to, or changing, existing infrastructure.Requires adding new hardware to use SD-WAN.Requires adding new hardware to use SD-WAN.
Core, edge, and cloud SD-WANReliable appliances built to service core, edge, and cloud locations.LimitedLimitedLimitedLimited
Reliable appliances built to service core, edge, and cloud locations.
Transport-independent control planeExtend cost-savings with the ability to use any transport from any location.
Extend cost-savings with the ability to use any transport from any location.
True zero-touch provisioningSimplify network expansions and upgrades with automated appliance activation and provisioning. LimitedRequires additional authentication steps to provision.LimitedRequires additional authentication steps to provision.LimitedRequires additional authentication steps to provision.LimitedRequires additional authentication steps to provision.
Simplify network expansions and upgrades with automated appliance activation and provisioning. Requires additional authentication steps to provision.Requires additional authentication steps to provision.Requires additional authentication steps to provision.Requires additional authentication steps to provision.
Active-active SD-WANAllows for active-active networking to provide higher throughput and greater reliability.Does not support active-active connections.Allows for active-active connections.Does not support active-active connections.Does not support active-active connections.
Allows for active-active networking to provide higher throughput and greater reliability.Does not support active-active connections.Allows for active-active connections.Does not support active-active connections.Does not support active-active connections.
Advanced routing protocolsExtends advanced routing intelligence, such as EIGRP and BGP, into cloud environments, allowing for faster, more reliable connectivity to cloud workloads.LimitedLacks centralized management for advanced routing, but does provide BGP on a per-VPN basis.Does not support advanced routing protocols for efficient path selection.Does not support advanced routing protocols for efficient path selection.LimitedHas some advanced routing protocol support, but does not provide the most efficient path selection.
Extends advanced routing intelligence, such as EIGRP and BGP, into cloud environments, allowing for faster, more reliable connectivity to cloud workloads.Lacks centralized management for advanced routing, but does provide BGP on a per-VPN basis.Does not support advanced routing protocols for efficient path selection.Does not support advanced routing protocols for efficient path selection.Has some advanced routing protocol support, but does not provide the most efficient path selection.
WAN optimizationProvides optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.Provides optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.
Provides optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.Provides optimizational remedies for high-latency link environments.Does not provide optimizational remedies for high-latency link environments.

Security

Value chainProduct design, construction, shipment, maintenance, and disposal considered secure. Offers alerts to tampering.No value chain protections for physical products or software.No value chain protections for physical products or software.No value chain protections for physical products or software.No value chain protections for physical products or software.
Product design, construction, shipment, maintenance, and disposal considered secure. Offers alerts to tampering.No value chain protections for physical products or software.No value chain protections for physical products or software.No value chain protections for physical products or software.No value chain protections for physical products or software.
ROBOFully integrated UTM security capabilities in vManage, including enterprise firewall with application awareness, Snort IPS, URL filtering, AMP NGAV, Cisco Umbrella DNS security, and Talos threat intelligence.LimitedPartial security capabilities via NSX.LimitedPartial security capabilities through Fortigate NGFW.Lacks security integrations in the SD-WAN console.Lacks security integrations in the SD-WAN console.
Fully integrated UTM security capabilities in vManage, including enterprise firewall with application awareness, Snort IPS, URL filtering, AMP NGAV, Cisco Umbrella DNS security, and Talos threat intelligence.Partial security capabilities via NSX.Partial security capabilities through Fortigate NGFW.Lacks security integrations in the SD-WAN console.Lacks security integrations in the SD-WAN console.
SiliconCustom silicon root of trust in hardware provides embedded defense against foundational attacks and back doors.Commercial off-the-shelf hardware.No embedded defense against foundational attacks.Commercial off-the-shelf hardware.Commercial off-the-shelf hardware.
Custom silicon root of trust in hardware provides embedded defense against foundational attacks and back doors.Commercial off-the-shelf hardware.No embedded defense against foundational attacks.Commercial off-the-shelf hardware.Commercial off-the-shelf hardware.
SegmentationProven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.Proven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.LimitedLimited segmentation capabilities.LimitedLimited segmentation capabilities.Proven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.
Proven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.Proven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.Limited segmentation capabilities.Limited segmentation capabilities.Proven, scalable MPLS/VRF-like segmentation for enhanced network slicing from Layer 2 to Layer 7.
NetFlow defensesAdvanced visibility and defense capabilities for behavioral anomalies on network infrastructure.LimitedLimited NetFlow capabilities.Advanced visibility and defense capabilities for behavioral anomalies on network infrastructure.LimitedLimited NetFlow capabilities.LimitedLimited NetFlow capabilities.
Advanced visibility and defense capabilities for behavioral anomalies on network infrastructure.Limited NetFlow capabilities.Advanced visibility and defense capabilities for behavioral anomalies on network infrastructure.Limited NetFlow capabilities.Limited NetFlow capabilities.
Encrypted traffic analysisCan detect malware by matching encrypted SHA patterns without decryption.Can not detect encrypted malware.Can not detect encrypted malware.Can not detect encrypted malware.Can not detect encrypted malware.
Can detect malware by matching encrypted SHA patterns without decryption.Can not detect encrypted malware.Can not detect encrypted malware.Can not detect encrypted malware.Can not detect encrypted malware.
Threat intelligenceGlobally recognized threat intelligence with the ability to deploy incident response services.No threat intelligence.LimitedUnproven threat intelligence capabilities.No threat intelligence.No threat intelligence.
Globally recognized threat intelligence with the ability to deploy incident response services.No threat intelligence.Unproven threat intelligence capabilities.No threat intelligence.No threat intelligence.

Cloud

SaaS ConnectivityTransport independence provides intelligent path selection to leading SaaS applications.LimitedBasic SaaS optimization through DIA broadband paths to colocations.No SaaS optimization capabilities.Transport independence provides intelligent path selection to leading SaaS applications.Transport independence provides intelligent path selection to leading SaaS applications.
Transport independence provides intelligent path selection to leading SaaS applications.Basic SaaS optimization through DIA broadband paths to colocations.No SaaS optimization capabilities.Transport independence provides intelligent path selection to leading SaaS applications.Transport independence provides intelligent path selection to leading SaaS applications.
IaaS ConnectivityAutomated gateways to IaaS workloads that provide private, single-tenant connections.LimitedEither manual gateways or shared resources.LimitedEither manual gateways or shared resources.LimitedEither manual gateways or shared resources.LimitedEither manual gateways or shared resources.
Automated gateways to IaaS workloads that provide private, single-tenant connections.Either manual gateways or shared resources.Either manual gateways or shared resources.Either manual gateways or shared resources.Either manual gateways or shared resources.
Colocation-cloud gatewaysSimplified network management with traffic aggregation through colocation hubs to cloud workloads.LimitedLimited colocated aggregation.LimitedLimited colocated aggregation.LimitedLimited colocated aggregation.LimitedLimited colocated aggregation.
Simplified network management with traffic aggregation through colocation hubs to cloud workloads.Limited colocated aggregation.Limited colocated aggregation.Limited colocated aggregation.Limited colocated aggregation.
Cloud NetFlowExtends NetFlow monitoring and defenses into cloud networks.LimitedOnly NetFlow monitoring.LimitedOnly NetFlow monitoring.No cloud NetFlow capabilities.No cloud NetFlow capabilities.
Extends NetFlow monitoring and defenses into cloud networks.Only NetFlow monitoring.Only NetFlow monitoring.No cloud NetFlow capabilities.No cloud NetFlow capabilities.

Edge

StorageProvides IoT/OT automation with integrated branch storage and compute.No edge application-hosting capabilities.No edge application-hosting capabilities.No edge application-hosting capabilities.No edge application-hosting capabilities.
Provides IoT/OT automation with integrated branch storage and compute.No edge application-hosting capabilities.No edge application-hosting capabilities.No edge application-hosting capabilities.No edge application-hosting capabilities.
Advanced LTE SolutionsAdvanced cellular capabilities as major transport link.No significant cellular support.No significant cellular support.No significant cellular support.No significant cellular support.
Advanced cellular capabilities as major transport link.No significant cellular support.No significant cellular support.No significant cellular support.No significant cellular support.
Industrial SD-WANExtends SD-WAN into adverse and industrial environments with ruggedized appliance options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.
Extends SD-WAN into adverse and industrial environments with ruggedized appliance options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.No ruggedized SD-WAN options.
Wi-Fi 6/5G-readyCan use the latest in wireless frequency and protocol technology for an enhanced user experience.No advanced wireless capabilities.No advanced wireless capabilities.No advanced wireless capabilities.No advanced wireless capabilities.
Can use the latest in wireless frequency and protocol technology for an enhanced user experience.No advanced wireless capabilities.No advanced wireless capabilities.No advanced wireless capabilities.No advanced wireless capabilities.
Data center integrationUnifies data center policies with edge needs.Unifies data center policies with edge needs.No data center integration.No data center integration.No data center integration.
Unifies data center policies with edge needs.Unifies data center policies with edge needs.No data center integration.No data center integration.No data center integration.
Layer 2 integrationSupports Layer 2 microsegmentation and policy enforcement through scalable group tags for user groups.LimitedMinimal Layer 2 microsegmentation and policy enforcement.LimitedMinimal Layer 2 microsegmentation and policy enforcement.No Layer 2 microsegmentation and policy enforcement.No Layer 2 microsegmentation and policy enforcement.
Supports Layer 2 microsegmentation and policy enforcement through scalable group tags for user groups.Minimal Layer 2 microsegmentation and policy enforcement.Minimal Layer 2 microsegmentation and policy enforcement.No Layer 2 microsegmentation and policy enforcement.No Layer 2 microsegmentation and policy enforcement.

Support

24/7Centralized, 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.LimitedLimited support capabilities.
Centralized, 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Centralized 24/7 solution support across ecosystem and 24/7/365 technical assistance availability on phone or online.Limited support capabilities.
Dedicated managerAccountability and continuity of service from first call to resolution across Cisco and third-party vendors.Accountability and continuity of service from first call to resolution across VMware and third-party vendors.LimitedOwnership of account troubleshooting may change over the course of the experience.LimitedOwnership of account troubleshooting may change over the course of the experience.LimitedOwnership of account troubleshooting may change over the course of the experience.
Accountability and continuity of service from first call to resolution across Cisco and third-party vendors.Accountability and continuity of service from first call to resolution across VMware and third-party vendors.Ownership of account troubleshooting may change over the course of the experience.Ownership of account troubleshooting may change over the course of the experience.Ownership of account troubleshooting may change over the course of the experience.
Same-day product replacementCan replace hardware products within one business day.Does not offer same-day replacement.LimitedLimited replacement options.LimitedLimited replacement options.Can replace hardware products within one business day.
Can replace hardware products within one business day.Does not offer same-day replacement.Limited replacement options.Limited replacement options.Can replace hardware products within one business day.

Updated January 2020, based on public information.

Routers

Cisco

HPE

Huawei

SD-WAN Vendors

Expand all

User Experience

Application-aware WANMonitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.LimitedLimited router and network performance monitoring, primarily with sFlow tools.LimitedApplication monitoring through NetStream supports the NetFlow v9 export format. NetStream is sampled Layer 4 (flow-based) and not true deep-packet-inspection technology.LimitedSupport varies between basic and advanced application visibility and performance monitoring.
Monitor more than 1400 applications and network performance. Troubleshoot issues ​quickly. Deploy business-intent policies across the entire network with no probes or additional hardware.Limited router and network performance monitoring, primarily with sFlow tools.Application monitoring through NetStream supports the NetFlow v9 export format. NetStream is sampled Layer 4 (flow-based) and not true deep-packet-inspection technology.Support varies between basic and advanced application visibility and performance monitoring.
Application high availabilityMonitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.LimitedSupports basic routing metrics and load balancing.LimitedHuawei offers basic policy-based routing, which is static routing policy per application. The technology is not based on an application-level SLA.LimitedSupport varies from basic link monitoring to more advanced, per-application class-level monitoring.
Monitor path performance and apply what is learned to select the best network path for a given application. Effectively load-balance across paths while delivering ideal application-level SLAs.Supports basic routing metrics and load balancing.Huawei offers basic policy-based routing, which is static routing policy per application. The technology is not based on an application-level SLA.Support varies from basic link monitoring to more advanced, per-application class-level monitoring.
Enhanced application experienceCisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. LimitedSupports TCP Fast Open and Data Redundancy Elimination ​and LZ compression for general TCP optimization only. Lacks granular application.LimitedRequires extra hardware. Does not support intelligent caching or WAN acceleration.LimitedRequires third-party integration for most SD-WAN vendors.
Cisco’s software- and hardware-integrated solution offers bandwidth optimization, application acceleration, and intelligent caching. Supports TCP Fast Open and Data Redundancy Elimination ​and LZ compression for general TCP optimization only. Lacks granular application.Requires extra hardware. Does not support intelligent caching or WAN acceleration.Requires third-party integration for most SD-WAN vendors.
Seamless cloud extensionExtend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features.Supported by most vendors but not all.
Extend the WAN to any private and public cloud. Get broad hypervisor and cloud support, seamless network extension and mobility, and advanced cloud security features. Supported by most vendors but not all.
Last-mile network resiliencyProvide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity up to 150 times faster and with far lower latency than 3G links offer.
Provide primary connectivity or backup communications. Cisco Advanced LTE Category 6 support offers network resiliency for business continuity up to 150 times faster and with far lower latency than 3G links offer.

Agility

SDN controller and appsGet software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.Limited
Single enterprise network SDN controller for policy-based automation for access; WAN; and campus switching, routing, and wireless.Get software-defined networking for the enterprise branch, campus, and WAN. A simple user interface and plug-and-play protocols automate policy-based application profiles.
Open and programmableCisco offers NETCONF and YANG support across branch, WAN, and cloud platforms.LimitedCertain router models do not support NETCONF/YANG.
Cisco offers NETCONF and YANG support across branch, WAN, and cloud platforms. Certain router models do not support NETCONF/YANG.
Pay-as-you-grow servicesPerformance license upgrades add dedicated compute and storage resources for additional services.LimitedBasic VM capability in high-end routers but no advanced network services. Huawei offers basic VoIP modules and content caching. Huawei routers support modular software upgrades but do not offer systemwide in-service upgrades.LimitedMost vendors require third-party integrations.
Performance license upgrades add dedicated compute and storage resources for additional services. Basic VM capability in high-end routers but no advanced network services. Huawei offers basic VoIP modules and content caching. Huawei routers support modular software upgrades but do not offer systemwide in-service upgrades.Most vendors require third-party integrations.
Software licensing packagesCisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx. Ties software licensing to the chassis. HPE offers no portability or investment protection with access to ongoing innovation.Offers perpetual software licenses for basic and advanced feature sets, and on a per-device basis. Huawei does not offer license portability.Most SD-WAN vendors offer subscription-based services with high recurring costs.
Cisco ONE Software suites make software buying simple. Instead of choosing from hundreds of separately priced software features, you purchase one software product, for predictable OpEx. Ties software licensing to the chassis. HPE offers no portability or investment protection with access to ongoing innovation.Offers perpetual software licenses for basic and advanced feature sets, and on a per-device basis. Huawei does not offer license portability.Most SD-WAN vendors offer subscription-based services with high recurring costs.

Advanced Security

Advanced branch threat defenseCisco’s converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. LimitedOffers access-control lists, stateful firewall, and Network Address Translation only.Only supports basic access-control lists for filtering and encryption capability. AR routers lack sophisticated security protection such as web security, threat prevention, or malware protection.LimitedUsually require third-party integration.
Cisco’s converged branch platform integrates real-time contextual awareness, security automation, and industry-leading threat prevention, malware protection, EAL4-certified perimeter defense, and web security. Offers access-control lists, stateful firewall, and Network Address Translation only.Only supports basic access-control lists for filtering and encryption capability. AR routers lack sophisticated security protection such as web security, threat prevention, or malware protection.Usually require third-party integration.
End-to-end secure architectureSite-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion. LimitedLimitedWhen an AR-series router uses encryption, it incurs a massive performance impact. Huawei does not publish its secure development lifecycle and trustworthy system.LimitedAll offer IPsec VPN but are not U.S. government FIPS140-2 certified.
Site-to-site and remote-access VPN technologies, DMVPN, GET VPN, FlexVPN, and SSL VPN help protect sensitive enterprise communications. NIST-approved, line-rate encryption secures data in motion. When an AR-series router uses encryption, it incurs a massive performance impact. Huawei does not publish its secure development lifecycle and trustworthy system.All offer IPsec VPN but are not U.S. government FIPS140-2 certified.
Real-time threat intelligenceCloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer. Limited
Cloud-delivered, integrated security service for Cisco branch routers, providing protection against malware, botnets, phishing, and targeted online attacks at the DNS layer.
Network as sensor and enforcerComprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. Offers sample-based network application visibility through sFlow, which is not sufficient as a security network sensor.Offers sample-based network application visibility, which is not sufficient as a security network sensor. Does not offer a security enforcer tool based on the NetStream flow information.
Comprehensive network visibility with behavioral-based analytics enables faster anomalies detection and deeper forensics of internal and external threats. Offers sample-based network application visibility through sFlow, which is not sufficient as a security network sensor.Offers sample-based network application visibility, which is not sufficient as a security network sensor. Does not offer a security enforcer tool based on the NetStream flow information.
Trustworthy systemsSecure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.
Secure development lifecycle is published and verifiable. Products have trust anchors, secure boot, and runtime prevention. Software is digitally signed.

Virtualization

Enterprise Network Functions VirtualizationSimplify operations and deployment of virtual routing, security, and application services. LimitedHuawei offers up to 8 VMs or VNFs, but it uses basic supervisor hardware. Its capability is limited to the chassis.Most vendors support VNF only. Some also support NFVIS or VNF hosting.
Simplify operations and deployment of virtual routing, security, and application services. Huawei offers up to 8 VMs or VNFs, but it uses basic supervisor hardware. Its capability is limited to the chassis.Most vendors support VNF only. Some also support NFVIS or VNF hosting.
Native application hostingAutomate work flows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Open application platform.LimitedThe router OS, called VRP, does not offer native integration with a third-party tool or application unless it uses another VM.LimitedSome vendors support integrated, third-party VNF support.
Automate work flows, configuration, and operation of lightweight network functions or third-party tools natively on our IOS XE operating system.Open application platform.The router OS, called VRP, does not offer native integration with a third-party tool or application unless it uses another VM.Some vendors support integrated, third-party VNF support.
Integrated compute and storageIncludes local compute and storage resources for applications, network functions or services, data backup, and analytics.LimitedLocal compute and storage resources are offered in a main supervisor module, which is not replaceable or upgradable.
Includes local compute and storage resources for applications, network functions or services, data backup, and analytics. Local compute and storage resources are offered in a main supervisor module, which is not replaceable or upgradable.

Updated on January 2019, based on public information.

 

Need a little guidance?

Use our Router Selector to find the right Cisco router for your needs.​

Compare other network technologies