Panorama

Log in to the
Panorama
web interface.
Select
Objects
DLP
Data Filtering Profiles
and specify the
Device Group
.
Select a data filtering profile to edit.
Edit the data filtering profile as needed.
Modify the data filtering profile scan for
File Based
traffic,
Non-File Based
traffic, or both.
Modify the
Primary Pattern
and
Secondary Pattern
match criteria.
Modifying the data filtering profile match criteria on
Panorama
is supported only for
Enterprise DLP
data filtering profiles created on
Panorama
. See File Based for Panorama for details on configuring data pattern criteria using predefined or custom data patterns.
(
Data Filtering Profile for Non-File Traffic Inspection Only
) Modify the
URL Category Excluded List from Non-File
and
Application List Excluded from Non-File
to configure which URL and application traffic is excluded from
Enterprise DLP
inspection.
See Non-File Based for Panorama for more information.
Edit the data filtering profile settings.
Enterprise DLP
only supports editing the advanced data profile settings from
Panorama
.
Select the data filtering profile
Action
(
Alert
or
Block
)
If the data profile has both Primary and Secondary Patterns, changing the data filtering profile Action on
Panorama
deletes all Secondary Pattern match criteria.
Specify a
File Type
.
Leave the file type as
any
to match any of the supported file types.
Set the
Log Severity
recorded for files that match this data filtering profile.
Click
OK
.
Commit and push the new configuration to your managed firewalls to complete the
Enterprise DLP
plugin installation.
This step is required for
Enterprise DLP
data filtering profile names to appear in Data Filtering logs.
The
Commit and Push
command isn’t recommended for
Enterprise DLP
configuration changes. Using the
Commit and Push
command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
Full configuration push from Panorama
Select
Commit
Commit to
Panorama
and
Commit
.
Select
Commit
Push to Devices
and
Edit Selections
.
Select
Device Groups
and
Include Device and Network Templates
.
Click
OK
.
Push
your configuration changes to your managed firewalls that are using
Enterprise DLP
.
Partial configuration push from Panorama
You must always include the temporary
__dlp
administrator when performing a partial configuration push. This is required to keep
Panorama
and the DLP cloud service in sync.
For example, you have an
admin
Panorama
admin user who is allowed to commit and push configuration changes. The
admin
user made changes to the
Enterprise DLP
configuration and only wants to commit and push these changes to managed firewalls. In this case, the
admin
user is required to also select the
__dlp
user in the partial commit and push operations.
Select
Commit
Commit to
Panorama
.
Select
Commit Changes Made By
and then click the current Panorama admin user to select additional admins to include in the partial commit.
In this example, the
admin
user is currently logged in and performing the commit operation. The
admin
user must click
admin
and then select the
__dlp
user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
Click
OK
to continue.

Commit
.
Select
Commit
Push to Devices
.
Select
Push Changes Made By
and then click the current Panorama admin user to select additional admins to include in the partial push.
In this example, the
admin
user is currently logged in and performing the push operation. The
admin
user must click
admin
and then select the
__dlp
user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
Click
OK
to continue.

Select
Device Groups
and
Include Device and Network Templates
.
Click
OK
.
Push
your configuration changes to your managed firewalls that are using
Enterprise DLP
.
Verify the changes you made to the data filtering profile.
Log in to the DLP app on the hub.
If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
Select
Data Profiles
and search for the data filtering profile you updated.