Palo Alto Networks is set to announce at Interop New York, the ability to map firewall rules to individual users via integration with Microsoft's Active Directory.

Palo Alto is introducing a software agent that directly taps Active Directory servers to gather data about users and user groups and pass it along to the firewall. The agent is deployed at the server, and no client agents are required.

The firewall can create an association between a user and an IP address to enforce identity-based rules. So if only the IT department is allowed to use BitTorrent, for instance, the firewall could apply the rule based on the Active Directory information supplied about the user logged in at a particular IP address. That gives tighter controls over access even when users move from machine to machine on the network.

Because Palo Alto's PA-4000 firewall has visibility into applications themselves, and not just the ports an application uses, it can tie application use to individuals, the company says.