User-ID: Tie users and groups to your security policies

User-ID seamlessly integrates Palo Alto Networks next-generation firewalls with a wide range of user repositories and terminal services environments. Depending on your network environment, there are a variety of ways you can map a user’s identity to an IP address. Some of these include:

  • Authentication events
  • User authentication
  • Terminal services monitoring
  • Client probing
  • Directory services integration
  • A powerful XML API

Once you identify the applications and users, full visibility and control within ACC, policy editing, logging and reporting is available.

Learn more about the User Visibility Feature.

Authentication events help you identify users.

You can configure User-ID to monitor authentication events for Microsoft Active Directory, Microsoft Exchange and Novell eDirectory environments. This is important because monitoring authentication events on the network allows User-ID to match the user with the IP address of the device they used to login with, which lets you enforce your policy on the firewall.

  • Microsoft Exchange Server: You can configure User-ID to constantly monitor Microsoft Exchange logon events produced by clients accessing their email. Using this technique, you can even discover and identify MAC OS X, Apple iOS and Linux/UNIX client systems that don’t directly authenticate to Microsoft Active Directory.
  • Novell eDirectory: User-ID can query and monitor logon information to identify users and group memberships via standard LDAP queries on the Novell eDirectory servers.
  • Microsoft Active Directory: User-ID constantly monitors domain controller event logs to identify users when they log onto the domain. When a user logs onto the Windows domain, a new authentication event is recorded on the corresponding Windows Domain Controller. By remotely monitoring the authentication events on Windows Domain Controllers, User-ID can recognize those authentication events to identify users on your network. Armed with this information, you can create and enforce your policies.

Directory integration captures group membership information.

To allow you to specify security rules based on user groups and resolve group members automatically, User-ID integrates with nearly every directory server – including Microsoft Active Directory – using a standards-based LDAP protocol and flexible configuration. Once you configure User-ID, your Palo Alto Networks firewall automatically retrieves and constantly updates user and user group information, and automatically adjusts to changes in your user base or organization.

User authentication events capture non-Windows domain users.

By capturing non-Windows domain users through user authentication events, you can configure a challenge-response authentication sequence to collect user and IP address information.

  • Captive portal: If your administrator needs to establish rules to make users authenticate to your firewall before accessing the Internet, or you can’t identify a user through other techniques, you can deploy a captive portal. In addition to requiring an explicit username and password prompt, you can also configure your captive portal to send an NTLM authentication request to the web browser to make the authentication process totally transparent to the user.
  • GlobalProtect: Remote users logging into your network with GlobalProtect have to provide user and host information to your firewall. You can use this information for policy control.

Terminal services integration.

In environments where a user’s identity is hidden by Citrix XenApp or Microsoft Terminal Services, our User-ID Terminal Services Agent can determine which applications users are accessing. We can also identify users sharing IP addresses working on Microsoft Windows Terminal Services or Citrix. Completely transparent to the user, every user session is assigned a specific port range on your server. This allows your firewall to associate network connections with users and groups sharing one host on your network.

Client and host probing captures Windows user information.

The following two techniques enable you to configure User-ID to monitor Windows clients or hosts to collect an identity and map it to the IP address.

  • Client probing: If you can’t identify a user by monitoring authentication events, User-ID actively probes Microsoft Windows clients on your network for information on the user currently logged on. Through this, you can reliably identify laptop users who switch back and forth from wired to wireless networks.
  • Host probing: You can also configure User-ID to probe Microsoft Windows servers for the active network sessions of a user. As soon as a user accesses a network shared on your server, User-ID identifies the originating IP address and maps it to the user name they provided to begin the session.

XML API integrates with other, non-standard repositories.

In some cases, you may already have a user repository or an application for storing information on users and their current IP address. If so, our XML API within User-ID enables you to quickly integrate user information with your security policies. Here are some examples of how our XML API can be used to collect user and IP address information.

  • Wireless environments: If you use 802.1x to secure your corporate wireless networks, a syslog-based integration with our User-ID’s XML API can identify users as they authenticate to your wireless infrastructure.
  • Proxies: Similarly, an authentication prompted by a proxy server allows the XML API in User-ID to parse the authentication log file for user and IP address information.
  • Network Access Control (NAC): The XML API allows you to harvest user information from NAC environments. For example, Bradford Networks, a NAC solutions provider, uses our User-ID XML API to populate user logons and logoffs for its 802.1x solution. This integration allows joint customers to identify users as soon as they connect to the network and set user-based enablement policies.


Palo Alto Networks Firewall Overview

Palo Alto Networks Next Generation Firewall Overview

Palo Alto Networks Panorama

Panorama provides centralised policy and device management over a network of Palo Alto Networks™ next-generation firewalls.

Palo Alto Networks VM-Series Datasheet

The Palo Alto Networks™ VM-Series extends secure application enablement into virtualised environments while addressing key virtualisation security challenges: tracking security policies to virtual machine movement with dynamic address objects and integration with orchestration systems using a powerful XML management API.

Palo Alto Networks Wildfire

WildFire automatically protects your networks from new and customised malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends the threat prevention capabilities of the next-generation firewall to tackle some of the most challenging threats in the world today, and does so with full visibility and enforcement at up to 10Gbps.

Quotation Configuration

Your Name (required)

Company (required)

Your Email (required)

Telephone (required)

Number of Users (required)

Number of Connections

Size of each connection:
Connection 1:
Connection 2:
Connection 3:
Connection 4:
Connection 5:

Security Subscriptions

WildfireGlobal ProtectURL FilteringThreat Prevention

Standard Support & Maintenance:
Premium Support & Maintenance:

Additional Comments

Please leave this field empty.

Please leave this field empty.

Book Your Palo Alto Networks Demo:

Krome Technologies can provide you with an online or onsite demonstration specifically showing you the fundamentals of Palo Alto Networks solutions, these demonstrations can be tailored to show you whatever you want to review, our consultants can give you a brief overview demonstration or deep dive technically depending on your interest, requirement or specific requests.

Alternatively we can organise for an evaluation unit to be sent to you for an agreed period to run on your own network.

Please note that required fields are highlighted with an asterisks*

Your Name*

Company Name*

Job Title*

Telephone Number*

Email Address*

Mobile Number

Company Address:

Approximate amount of users*:

Additional information or demo specific requests, please indicate if you would like an online demo, or evaluation unit for example:

Once we have received the request, we will endeavor to contact you within 24hours to discuss your demo requirements and schedule a convenient time for your Palo Alto Networks demo or evaluation to take place.




Next-generation firewalls enforce network security policies based on applications, users, and content