>
    Known Issues in Enterprise DLP Plugin 1.0.6
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Known Issues in Enterprise DLP Plugin 1.0
    4. Known Issues in Enterprise DLP Plugin 1.0.6
    Download PDF
    Enterprise DLP

    Known Issues in Enterprise DLP Plugin 1.0.6

    Table of Contents

    Known Issues in Enterprise DLP Plugin 1.0.6

    Known issues in Enterprise Data Loss Prevention (E-DLP) plugin 1.0.7.

    WIF-582

    This issue is now addressed.
    On the Panorama management server, you can edit data filtering profiles (ObjectsDLPData Filtering Profiles) that include an Exact Data Matching (EDM) dataset after upgrading the Enterprise DLP plugin from 1.0.4 or 1.0.5 to 1.0.6.
    This can result in synchronization issues if you edit the data profile on the DLP app or clone a data filtering profile that includes an EDM dataset from Panorama.
    Workaround: Reset the DLP plugin after successful upgrade to Enterprise DLP 1.0.6 to make data filtering profiles that include an EDM dataset read-only from Panorama.
    1. Log in to the Panorama CLI.
    2. Reset the Enterprise DLP plugin.
      admin> request plugins dlp reset

    WIF-523

    This issue is addressed in PAN-OS 10.2.2.
    Managed firewalls leveraging Enterprise DLP erroneously display as not licensed, even though the firewall is successfully licensed, when you enter the following command in the firewall CLI.
    admin> show ctd-agent status security-client
    This issue is observed only when you initially activate the DLP license on the managed firewall and before you push the Enterprise DLP configuration from the Panorama management server for the first time.
    Workaround: Finish setting up and configuring Enterprise DLP.
    This requires you to commit and push the Enterprise DLP configuration to your managed firewall leveraging Enterprise DLP which restores the correct license state on the managed firewall.

    PLUG-10530

    This issue is addressed in Enterprise DLP version 1.0.8.
    On the Panorama management server, the Enterprise DLP data patterns (ObjectsDLPData Filtering Patterns) and data filtering profiles (ObjectsDLPData Filtering Profiles) may not display after reboot of Panorama.
    Workaround: Reset the Enterprise DLP plugin to display the Enterprise DLP data filtering patterns and data filtering profiles.
    1. Log in to the Panorama CLI.
    2. Reset the Enterprise DLP plugin.
      admin> request plugins dlp reset
    3. Commit and push to your managed firewalls leveraging Enterprise DLP.
      1. Log in to the Panorama web interface.
      2. Select CommitCommit to Panorama and Commit.
      3. (Best Practices) Push to your managed firewalls leveraging Enterprise DLP.
        1. Select CommitPush to Devices and Edit Selections.
        2. Select Device Groups and Include Device and Network Templates.
        3. Click OK
        4. Push to your managed firewalls that are leveraging Enterprise DLP.

    PLUG-10282

    When a data profile that includes an EDM dataset is synchronized to the Panorama management server, the data filtering profile (ObjectsDLPData Filtering Profiles) on Panorama does not accurately synchronize and display the match conditions for the EDM dataset.
    This does not impact enforcement to prevent exfiltration of sensitive data.
    Workaround: Log in to the DLP app on the hub to view the match criteria for a data profile that include an EDM dataset.

    PLUG-10252

    This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
    Renaming an existing data profile on the DLP app on the hub creates an entirely new data filtering profile (ObjectsDLPData Filtering Profiles) on the Panorama management server.

    PLUG-6254

    Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the Enterprise DLP data filtering profiles (ObjectsDLPData Filtering Profiles) or Enterprise DLP Settings (DeviceSetupDLP), and cannot be overridden locally on the firewall.

    PLUG-6145

    On the Panorama management server, you cannot create an admin role (PanoramaAdmin Roles) to control access to Enterprise Data Loss Prevention (DLP) filtering settings and snippet configuration (DeviceSetupDLP).

    PAN-157371

    This is addressed in Enterprise DLP version 3.0.1
    Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the on-device Help for the DLP Settings (DeviceSetupDLP).

    PAN-144897

    Enterprise Data Loss Prevention (DLP) data profile Thread ID/Name filter is not available when you configure a custom report (ManageManage Custom Reports) on the Panorama management server or locally on a firewall leveraging Enterprise DLP.

    DSS-17763

    On the Panorama management server, custom data profiles (ObjectsDLPData Filtering Profiles) are not synchronized to the DLP cloud service if you have an active CASB-X license. This prevents you being able to associate the data profile with a Security policy rule and displays the error Data Profile does not exist.
    Workaround: Contact Palo Alto Networks Support to restore synchronization functionality between the DLP cloud service and Panorama.

    © 2024 Palo Alto Networks, Inc. All rights reserved.