| Traditionally, security policies were applied based on IP addresses, but the increasingly dynamic nature of users and applications mean that IP addresses alone have become ineffective as a mechanism for monitoring and controlling user activity. Palo Alto Networks next-generation firewalls integrate with the widest range of user repositories on the firewall market, enabling organizations to incorporate user and group information into their security policies. Through User-ID, organizations also get full visibility into user activity on the network as well as user based. |
| |
| Transparent use of users and groups for secure application enablement. |
| User-ID seamlessly integrates Palo Alto Networks next-generation firewalls with the widest range of enterprise directories on the market; Active Directory, eDirectory, Open LDAP, Citrix Terminal Server, Microsoft Terminal Server, and XenWorks. A network-based User-ID agent communicates with the domain controller, mapping the user information to the firewall, making the policy tie-in completely transparent to the end-user. |
| |
| Integrating users and groups via an explicit, challenge / response mechanism. |
| In cases where user repository information may be ineffective, a captive portal challenge/response mechanism can be used to tie users into the security policy. In addition to an explicit username and password prompt, Captive Portal can also be configured to send a NTLM authentication request to the web browser in order to make the authentication process transparent to the user. |
| |
| Integrate user information from other user repositories. |
| In cases where organizations have a user repository or application that already has knowledge of users and their current IP address, a standards-based XML API can be used to tie the repository to the Palo Alto Networks next-generation firewall. |
| |
| Learn More |
| |
| |
