Managed firewalls leveraging Enterprise DLP erroneously
display as
not licensed
, even though
the firewall is successfully licensed, when you enter the following command
in the firewall CLI.
admin>
show ctd-agent status security-client
This issue is observed only when you initially activate the DLP
license on the managed firewall and before you push the Enterprise
DLP configuration from the Panorama management server for the first
time.
This requires you to commit and push the Enterprise DLP configuration
to your managed firewall leveraging Enterprise DLP which restores
the correct license state on the managed firewall.
PLUG-9461
This issue is addressed in Enterprise DLP version 1.0.5.
On the Panorama management server, a
Panorama administrator (
Panorama
Administrators
) with a custom
admin role (
Panorama
Admin
Roles
) allowing read and write access
to Enterprise DLP data patterns (
Objects
DLP
Data Filtering Patterns
)
and profiles (
Objects
DLP
Data Filtering Profiles
) are able
to only read Enterprise DLP data patterns and profiles.
Additionally, a Panorama administrator with full read and write
access to the Panorama web interface can only read Enterprise DLP
data patterns and profiles.
PLUG-8313
This issue is resolved in Enterprise DLP version 1.0.5.
On the Panorama management server, predefined
data filtering profiles (
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the Enterprise DLP data filtering
profiles (
Objects
DLP
Data Filtering Profiles
) or Enterprise
DLP Settings (
Device
Setup
DLP
), and cannot be overridden
locally on the firewall.
PLUG-6145
On the Panorama management server, you
cannot create an admin role (
Panorama
Admin Roles
) to control access
to Enterprise Data Loss Prevention (DLP) filtering settings and
snippet configuration (
Device
Setup
DLP
).
PAN-157371
This is addressed in Enterprise DLP version 3.0.1
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the on-device Help for the
DLP Settings (
Device
Setup
DLP
).
PAN-144897
Enterprise Data Loss Prevention (DLP)
data profile
Thread ID/Name
filter is not available
when you configure a custom report (
Manage
Manage Custom Reports
) on the
Panorama management server or locally on a firewall leveraging Enterprise
DLP.
DSS-17763
On the Panorama management server, custom data profiles (
Objects
DLP
Data Filtering Profiles
) are not synchronized to the DLP cloud service if you have an active
CASB-X license. This prevents you being able to associate the data profile with a
Security policy rule and displays the error
Data Profile does not
exist
.
Workaround
: Contact Palo Alto Networks Support to restore synchronization
functionality between the DLP cloud service and Panorama.