Palo Alto Networks Firewall Ties In With Active Directory

Integration with Active Directory in the firewall product allows companies to set granular, user-based policies.

Palo Alto Networks officials are hoping integration with Microsoft Active Directory will serve as an accelerant of sorts for their new firewall product.

The Alviso, Calif.-based company is enhancing the PAN-OS software running on the PA-4000 Series firewall. The product now transparently integrates with Active Directory, offering a window into application use by either individual user names or groups. The technology is in direct contrast to legacy firewalls that define policies based on IP addresses.

"The problem, of course, with IP addresses is they dont equal users," said Lee Klarich, vice president of product management for Palo Alto Networks. "In a server farm, they typically equal the server, but in a large user network, they dont really mean anything. They are dynamically assigned when the user logs in the network. The result of that is you have all these firewalls deployed today with generic policies for all of the users because there is no way to distinguish between different users on the network."


Click here to read more about firewalls and network defense.

Palo Alto, he said, is taking advantage of all the user and user-group information inside Active Directory and mapping it to IP addresses on the network so that the companys firewall can define and have visibility into all traffic by the user and the user group instead of just the IP address. Palo Alto Networks product requires no changes to the Active Directory server or to the end-user PCs, company officials said.

The PA-4000 Series Application Command Center provides a real-time display of application traffic flowing across the network by user or group name. Organizations can use the ACCs rules-based editor to create, review and deploy more targeted application-usage policies, officials said.

The company competes with a number of other vendors in the network firewall space, including Check Point Software and Juniper Networks. Palo Alto officials said their product is shipping now, and they will officially announce its availability Oct. 22.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.