NextGig Systems, Inc. - Network Connectivity & Test Solutions

Palo Alto Networks' Next-Generation Firewalls - User Identification

Securely Enabling Applications Based on Users & Groups

Traditionally, security policies were applied based on IP addresses, but the increasingly dynamic nature of users and applications mean that IP addresses alone have become ineffective as a mechanism for monitoring and controlling user activity. Palo Alto Networks next-generation firewalls integrate with the widest range of user repositories on the firewall market, enabling organizations to incorporate user and group information into their security policies. Through User-ID, organizations also get full visibility into user activity on the network as well as user based.

Questions? Call  1-805-277-2400

Transparent use of users and groups for secure application enablement.

User-ID seamlessly integrates Palo Alto Networks next-generation firewalls with the widest range of enterprise directories on the market; Active Directory, eDirectory, Open LDAP, Citrix Terminal Server, Microsoft Terminal Server, and XenWorks. A network-based User-ID agent communicates with the domain controller, mapping the user information to the firewall, making the policy tie-in completely transparent to the end-user.


Integrating users and groups via an explicit, challenge / response mechanism.

In cases where user repository information may be ineffective, a captive portal challenge/response mechanism can be used to tie users into the security policy. In addition to an explicit username and password prompt, Captive Portal can also be configured to send a NTLM authentication request to the web browser in order to make the authentication process transparent to the user.

For more information, pricing, demonstration or evaluation on Palo Alto Networks Products please contact us here.