Enterprise DLP
Reasons for Inspection Failure
Table of Contents
Reasons for Inspection Failure
Review and understand the reasons why
Enterprise Data Loss Prevention (E-DLP)
was unable to scan
traffic Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP
license
|
In some cases,
Enterprise Data Loss Prevention (E-DLP)
is unable to inspect and render a verdict on
either file or non-file based traffic that match an Enterprise DLP
data profile, and as a result no DLP incident is generated.
However, a log is generated if Enterprise DLP
is unable to inspect matched
traffic.- —View the File log ()Strata Cloud ManagerApply aSub Type = dlporSub Type = dlp-non-filefilter to narrow down the list of file logs.If theReason for Data Filtering Actioncolumn is not displayed, expand the menu for any displayed column to search for and check (enable)Reason for Data Filtering Action.
- —View the Data Filtering log ().Panorama™ management serverApply a(subtype eq dlp)filter to narrow down the list of data filtering logs.If theReason for Actioncolumn is not displayed, expand the menu for any displayed column and clickColumnsand check (enable)Reason for Action.
File logs display a
Reason for Data Filtering Action
and
data filtering logs display a Reason for Action
column
describing what data filtering action was taken by your security endpoint. In this case,
the reason why Enterprise DLP
was unable to inspect the matched traffic is
described. Review the list of reasons why Enterprise DLP
was unable to inspect
matched traffic.Reason for Action | Description |
|---|---|
Scan Skipped: File Size > Limit | Inspection skipped because the maximum file size limit was
exceeded. To avoid this in the future, you can increase the
Max File Size . |
Scan Skipped: Latency > Limit | Inspection skipped because the maximum latency limit was
exceeded. To avoid this in the future, you can increase the
Max Latency |
Scan Skipped: Rate > Limit | Inspection skipped because the DLP cloud service received the maximum
number of inspection requests. |
Scan Skipped: Out of memory | Inspection skipped because the DLP cloud service memory usage was
exceeded. |
Scan Skipped: Profile not found | Inspection skipped because the matched data profile cannot be
found. Review your Security policy rules to ensure the associated data
profile exists. |
Scan Skipped: Scan req timeout | Inspection skipped because the inspection request timed out. |
Scan ERR: Rule1 invalid action | Inspected traffic matched the Primary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert . |
Scan ERR: Rule2 invalid action | Inspected traffic matched the Secondary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert . |
FW Skipped: Resource Limit | DLP cloud service was unable to inspection traffic due to an error
when forwarding traffic. This can occur when the firewall memory
usage reaches 100%. |
FW Skipped: Fail to Start | Firewall was unable to forward logs to the DLP cloud service for
inspection because the session between the firewall and DLP cloud
service could be initialized. This can occur when the firewall
memory usage reaches 80% or higher. |
FW Skipped: Transmit Pkts | Firewall encountered an error when forwarding packets or finishing
the forwarding operation to the DLP cloud service. This can occur
when the firewall memory usage reaches 100%. |
Internal Errors | Generic error due to an internal error. Requires troubleshooting by
Palo Alto Networks Support to understand
the cause of the error that prevent traffic inspection by the DLP
cloud service. |