Enterprise DLP
Reasons for Inspection Failure
Table of Contents
Reasons for Inspection Failure
Review and understand the reasons why Enterprise Data Loss Prevention (E-DLP) was unable to scan
traffic
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
In some cases, Enterprise Data Loss Prevention (E-DLP) is unable to inspect and render a verdict on
either file or non-file based traffic that match an Enterprise DLP
data profile, and as a result no DLP incident is generated.
However, a log is generated if Enterprise DLP is unable to inspect matched
traffic.
- Strata Cloud Manager—View the File log ()Apply a Sub Type = dlp or Sub Type = dlp-non-file filter to narrow down the list of file logs.If the Reason for Data Filtering Action column isn’t displayed, expand the menu for any displayed column to search for and check (enable) Reason for Data Filtering Action.
- Panorama™ management server—View the Data Filtering log ().Apply a (subtype eq dlp) filter to narrow down the list of data filtering logs.If the Reason for Action column isn’t displayed, expand the menu for any displayed column and click Columns and check (enable) Reason for Action.
File logs display a Reason for Data Filtering Action and
data filtering logs display a Reason for Action column
describing what data filtering action was taken by your security endpoint. In this case,
the reason why Enterprise DLP was unable to inspect the matched traffic is
described. Review the list of reasons why Enterprise DLP was unable to inspect
matched traffic.
|
Reason for Action
|
Description
|
|---|---|
|
Scan Skipped: File Size > Limit
|
Inspection skipped because the maximum file size limit was
exceeded.
To avoid this in the future, you can increase the
Max File Size.
|
|
Scan Skipped: Latency > Limit
|
Inspection skipped because the maximum latency limit was
exceeded.
To avoid this in the future, you can increase the
Max Latency
|
|
Scan Skipped: Rate > Limit
|
Inspection skipped because Enterprise DLP received the maximum
number of inspection requests.
|
|
Scan Skipped: Out of memory
|
Inspection skipped because Enterprise DLP memory usage was
exceeded.
|
|
Scan Skipped: Profile not found
|
Inspection skipped because NGFW or Prisma Access
tenant couldn't find the matched data profile.
Review your Security policy rules to ensure the associated data
profile exists.
|
|
Scan Skipped: Scan req timeout
|
Inspection was skipped because the inspection request timed out.
|
|
Scan ERR: Rule1 invalid action
|
Inspected traffic matched the Primary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert.
|
|
Scan ERR: Rule2 invalid action
|
Inspected traffic matched the Secondary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert.
|
|
FW Skipped: Data Length > Limit
|
NGFW or Prisma Access tenant did not forward
traffic to Enterprise DLP due to the non-file traffic exceeding
the Max Data Size in the Non-File Based
Settings.
To avoid this, you can increase the Max Data
Size for non-file traffic.
|
|
FW Skipped: Resource Limit
|
Enterprise DLP was unable to inspect traffic due to an error
when forwarding traffic. This can occur when the NGFW
or Prisma Access tenant memory usage reaches 100%.
|
|
FW Skipped: Fail to Start
|
NGFW or Prisma Access tenant was unable to forward
traffic to Enterprise DLP for inspection because the session
between the NGFW or Prisma Access tenant and Enterprise DLP couldn't be initialized. This can occur when the
NGFW or Prisma Access tenant memory usage
reaches 80% or higher.
|
|
FW Skipped: Transmit Pkts
|
The NGFW or Prisma Access tenant encountered an
error when forwarding packets or finishing the forwarding operation
to Enterprise DLP. This can occur when the firewall memory
usage reaches 100%.
|
|
Internal Errors
|
Generic error due to an internal error. Requires troubleshooting by
Palo Alto Networks Support to understand
the cause of the error that prevented traffic inspection by Enterprise DLP.
|