File Based for

Panorama

Log in to the
Panorama
web interface.
Edit the Data Filtering Settings on
Panorama
to configure the minimum and maximum data size limits and the actions the firewall takes when uploading files to the DLP cloud service.
Create one or more data patterns.
Select
Objects
DLP
Data Filtering Profiles
.
Add
a new data filtering profile.
Enter a descriptive
Name
for the data profile.
Verify the following settings are enabled.
File Based
—New data profiles have
Yes
selected by default.
Shared
—All
Enterprise DLP
data profiles must be
Shared
across all device groups. This setting is enabled by default and cannot be disabled.
Define the match criteria.
If you select
Basic
, configure the following:
Primary Pattern
—
Add
one or more data patterns to specify as the match criteria.
If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
Match
—Select whether the pattern you specify should match (
include
) or not match (
exclude
) the specified criteria.
Operator
—Select a boolean operator to use with the
Threshold
parameter. Specify
Any
to ignore the threshold.
Any
—Security policy rule action triggered if
Enterprise DLP
detects at least one instance of matched traffic.
Less than or equal to
—Security policy rule action triggered if
Enterprise DLP
detects instances of matched traffic, with the maximum being the specified
Threshold
.
More than or equal to
—Security policy rule action triggered if
Enterprise DLP
detects instances of matched traffic, with a minimum being the specified
Threshold
.
Between (inclusive)
—Security policy rule action triggered if
Enterprise DLP
detects any number of instances of matched traffic between the specific
Threshold
range.
Occurrence
—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
1
-
500
.
For example, to match a pattern that appears three or more times in a file, select
more_than_or_equal_to
as the
Operator
and specify
3
as the
Threshold
.
Confidence
—Specify the confidence level required for a Security policy rule action to be taken (
High
or
Low
).

If you select
Advanced
, you can create expressions by dragging and dropping data patterns,
Confidence
levels,
Operators
, and
Occurrence
values into the field in the center of the page.
Specify the values in the order that they’re shown in the following screenshot (data pattern,
Confidence
, and
Operator
or
Occurrence
).

Select an
Action
(
Alert
or
Block
) to perform on the file.
If the data profile has both Primary and Secondary Patterns, changing the data profile Action on
Panorama
deletes all Secondary Pattern match criteria.
Specify the file types the DLP cloud service takes action against.
DLP plugin 4.0.0 and earlier releases
Select the
File Type
. By default,
any
is selected and inspects all supported file types.
DLP plugin 4.0.1 and later releases
Select
File Types
.
Select the Scan Type to create a file type include or exclude list.
Include
—DLP cloud service inspects only the file types you add to the File Type Array.
Exclude
—DLP cloud service inspects all supported file types except for those added to the File Type Array.
Click
Modify
to add the file types to the File Type Array and click
OK
.

Select traffic
Direction
you want to inspect.
You can select
Upload
,
Download
, or
Both
.
Set the
Log Severity
recorded for files that match this rule.
You can select
critical
,
high
,
medium
,
low
, or
informational
. The default severity is
informational
.
Click
OK
to save your changes.
Attach the data filtering profile to a Security policy rule.
Select
Policies
Security
and specify the
Device Group
.
Select the Security policy rule to which you want to add the data filtering profile.
Select
Actions
and set the
Profile Type
to
Profiles
.
Select the
Data Filtering
profile you created previously.
Click
OK
.
Commit and push the new configuration to your managed firewalls to complete the
Enterprise DLP
plugin installation.
This step is required for
Enterprise DLP
data filtering profile names to appear in Data Filtering logs.
The
Commit and Push
command isn’t recommended for
Enterprise DLP
configuration changes. Using the
Commit and Push
command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
Full configuration push from Panorama
Select
Commit
Commit to
Panorama
and
Commit
.
Select
Commit
Push to Devices
and
Edit Selections
.
Select
Device Groups
and
Include Device and Network Templates
.
Click
OK
.
Push
your configuration changes to your managed firewalls that are using
Enterprise DLP
.
Partial configuration push from Panorama
You must always include the temporary
__dlp
administrator when performing a partial configuration push. This is required to keep
Panorama
and the DLP cloud service in sync.
For example, you have an
admin
Panorama
admin user who is allowed to commit and push configuration changes. The
admin
user made changes to the
Enterprise DLP
configuration and only wants to commit and push these changes to managed firewalls. In this case, the
admin
user is required to also select the
__dlp
user in the partial commit and push operations.
Select
Commit
Commit to
Panorama
.
Select
Commit Changes Made By
and then click the current Panorama admin user to select additional admins to include in the partial commit.
In this example, the
admin
user is currently logged in and performing the commit operation. The
admin
user must click
admin
and then select the
__dlp
user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
Click
OK
to continue.

Commit
.
Select
Commit
Push to Devices
.
Select
Push Changes Made By
and then click the current Panorama admin user to select additional admins to include in the partial push.
In this example, the
admin
user is currently logged in and performing the push operation. The
admin
user must click
admin
and then select the
__dlp
user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
Click
OK
to continue.

Select
Device Groups
and
Include Device and Network Templates
.
Click
OK
.
Push
your configuration changes to your managed firewalls that are using
Enterprise DLP
.