Enterprise DLP
Platform Support
Table of Contents
Platform Support
Platforms supported by
Enterprise Data Loss Prevention (E-DLP)
.Enterprise Data Loss Prevention (E-DLP)
is supported on the following platforms. Enterprise DLP
data patterns and data filtering profiles are designed to work across all supported
platforms to provide consistent data security across all locations.All PA-Series firewalls and VM-Series firewalls (but not CN-Series firewalls).
- Requires PAN-OS 10.0.2 or a later version.
- Requires aPanoramaM-Series or virtual appliance running PAN-OS 10.0.2 or later version.Enterprise DLPsupports adding a data profile to a Security policy rule or security profile group configured onPanoramaonly. To successfully useEnterprise DLP, you must configure your Security policy rule and Security Profile Group onPanoramaand push these configurations to your managed firewalls.Enterprise DLPdoesn’t support pushing anEnterprise DLPdata filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
- Requires minimum Application and Threats content release version 8334 or a later version.Upgrade to PAN-OS 10.0.3 and install Application and Threats content release version 8413 or later version for additional application support.
Prisma Access (Managed by Panorama)
- RequiresPrisma Access2.0 Innovation or a later version.
- Requires aPanoramaM-Series or virtual appliance running PAN-OS 10.0.2 or later version.
- Requires minimum Application and Threats content release version 8334 or a later version.Install Application and Threats content release version 8413 or later version for additional application support.
- Enterprise DLPis an add-on license onPrisma Access (Managed by Panorama). You can either start with a 60-day trial or you can purchase a license to useEnterprise DLPonPrisma Access (Managed by Panorama).
- Enterprise DLPsupports multitenancy with the following restrictions:
- A Superuser must commit all changes toPanoramawhenever they make changes to patterns and profiles.
- All tenants share a single copy of pattern and profile configurations; therefore, any changes done to them are reflected across all tenants.
- Since Security policy rules can be different across tenants, each tenant can have different data profiles associated with Security policy rules.
Prisma Access (Managed by Strata Cloud Manager)
and SaaS Security
- Enterprise DLPis supported onStrata Cloud Managerwhen usingPrisma Access (Managed by Strata Cloud Manager),SaaS Security, or both.
- DLP is an add-on license onStrata Cloud Managerwhen usingStrata Cloud Managerfrom a Single Prisma SASE Platform or Multitenant Prisma SASE Platform.Enterprise DLPis included by default and doesn’t require a separate license when usingStrata Cloud Managerfrom the CASB-X Platform.
- Important:InstallPanoramaplugin forEnterprise DLP1.0.6 or later release if you’re usingEnterprise DLPonStrata Cloud Managerand managing theEnterprise DLPconfiguration fromPanoramafor Palo Alto Networks Next-Generation Firewalls (NGFW) andPrisma Access (Managed by Panorama). This is required to ensureEnterprise DLPconfigurations are successfully synchronized across all your security platforms.DLP policy enforcement onStrata Cloud Manageris supported when usingPanoramato manage yourEnterprise DLPconfiguration.