Enterprise DLP
File Based for Panorama
Table of Contents
File Based for Panorama
Panorama
Create a data filtering profile for the
Enterprise Data Loss Prevention (E-DLP)
on the Panorama™ management server
.- Log in to thePanoramaweb interface.
- Edit the Data Filtering Settings onPanoramato configure the minimum and maximum data size limits and the actions the firewall takes when uploading files to the DLP cloud service.
- Create one or more data patterns.
- Select.ObjectsDLPData Filtering Profiles
- Adda new data filtering profile.
- Enter a descriptiveNamefor the data profile.
- Verify the following settings are enabled.
- File Based—New data profiles haveYesselected by default.
- Shared—AllEnterprise DLPdata profiles must beSharedacross all device groups. This setting is enabled by default and cannot be disabled.
- Define the match criteria.
- If you selectBasic, configure the following:
- Primary Pattern—Addone or more data patterns to specify as the match criteria.If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
- Match—Select whether the pattern you specify should match (include) or not match (exclude) the specified criteria.
- Operator—Select a boolean operator to use with theThresholdparameter. SpecifyAnyto ignore the threshold.
- Any—Security policy rule action triggered ifEnterprise DLPdetects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with the maximum being the specifiedThreshold.
- More than or equal to—Security policy rule action triggered ifEnterprise DLPdetects instances of matched traffic, with a minimum being the specifiedThreshold.
- Between (inclusive)—Security policy rule action triggered ifEnterprise DLPdetects any number of instances of matched traffic between the specificThresholdrange.
- Occurrence—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is1-500.For example, to match a pattern that appears three or more times in a file, selectmore_than_or_equal_toas theOperatorand specify3as theThreshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (HighorLow).
- If you selectAdvanced, you can create expressions by dragging and dropping data patterns,Confidencelevels,Operators, andOccurrencevalues into the field in the center of the page.Specify the values in the order that they’re shown in the following screenshot (data pattern,Confidence, andOperatororOccurrence).
- Select anAction(AlertorBlock) to perform on the file.If the data profile has both Primary and Secondary Patterns, changing the data profile Action onPanoramadeletes all Secondary Pattern match criteria.
- Specify the file types the DLP cloud service takes action against.
- DLP plugin 4.0.0 and earlier releases
- DLP plugin 4.0.1 and later releases
- SelectFile Types.
- Select the Scan Type to create a file type include or exclude list.
- Include—DLP cloud service inspects only the file types you add to the File Type Array.
- Exclude—DLP cloud service inspects all supported file types except for those added to the File Type Array.
- ClickModifyto add the file types to the File Type Array and clickOK.
- Select trafficDirectionyou want to inspect.You can selectUpload,Download, orBoth.
- Set theLog Severityrecorded for files that match this rule.You can selectcritical,high,medium,low, orinformational. The default severity isinformational.
- ClickOKto save your changes.
- Attach the data filtering profile to a Security policy rule.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created previously.
- ClickOK.
- Commit and push the new configuration to your managed firewalls to complete theEnterprise DLPplugin installation.This step is required forEnterprise DLPdata filtering profile names to appear in Data Filtering logs.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Full configuration push from Panorama
- SelectandCommitCommit toPanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Partial configuration push from PanoramaYou must always include the temporary__dlpadministrator when performing a partial configuration push. This is required to keepPanoramaand the DLP cloud service in sync.For example, you have anadminPanoramaadmin user who is allowed to commit and push configuration changes. Theadminuser made changes to theEnterprise DLPconfiguration and only wants to commit and push these changes to managed firewalls. In this case, theadminuser is required to also select the__dlpuser in the partial commit and push operations.
- Select.CommitCommit toPanorama
- SelectCommit Changes Made Byand then click the current Panorama admin user to select additional admins to include in the partial commit.In this example, theadminuser is currently logged in and performing the commit operation. Theadminuser must clickadminand then select the__dlpuser. If there are additional configuration changes made by other Panorama admins they can be selected here as well.ClickOKto continue.
- Commit.
- Select.CommitPush to Devices
- SelectPush Changes Made Byand then click the current Panorama admin user to select additional admins to include in the partial push.In this example, theadminuser is currently logged in and performing the push operation. Theadminuser must clickadminand then select the__dlpuser. If there are additional configuration changes made by other Panorama admins they can be selected here as well.ClickOKto continue.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.