On the Panorama management server, you can edit data filtering
profiles (
Objects
DLP
Data Filtering Profiles
) that
include an Exact Data Matching (EDM) dataset after upgrading the
Enterprise DLP plugin from 1.0.4 or 1.0.5 to 1.0.6.
This can result in synchronization issues if you edit the data
profile on the DLP app or clone a data filtering profile that includes
an EDM dataset from Panorama.
Workaround:
Reset the DLP plugin after successful upgrade
to Enterprise DLP 1.0.6 to make data filtering profiles that include
an EDM dataset read-only from Panorama.
Managed firewalls leveraging Enterprise DLP erroneously
display as
not licensed
, even though
the firewall is successfully licensed, when you enter the following command
in the firewall CLI.
admin>
show ctd-agent status security-client
This issue is observed only when you initially activate the DLP
license on the managed firewall and before you push the Enterprise
DLP configuration from the Panorama management server for the first
time.
This requires you to commit and push the Enterprise DLP configuration
to your managed firewall leveraging Enterprise DLP which restores
the correct license state on the managed firewall.
PLUG-10530
This issue is addressed in Enterprise DLP version 1.0.8.
On the Panorama management server, the Enterprise DLP data patterns (
Objects
DLP
Data Filtering Patterns
) and data filtering profiles (
Objects
DLP
Data Filtering Profiles
) may not display after reboot of Panorama.
Workaround:
Reset the Enterprise DLP plugin to display the Enterprise DLP data filtering
patterns and data filtering profiles.
) Push to your managed firewalls leveraging
Enterprise DLP.
Select
Commit
Push to Devices
and
Edit Selections
.
Select
Device Groups
and
Include
Device and Network Templates
.
Click
OK
Push
to your managed firewalls that are
leveraging Enterprise DLP.
PLUG-10282
When a data profile that includes an EDM dataset is
synchronized to the Panorama management server, the data filtering
profile (
Objects
DLP
Data Filtering Profiles
) on
Panorama does not accurately synchronize and display the match conditions
for the EDM dataset.
This does not impact enforcement to prevent exfiltration of sensitive
data.
Workaround:
Log in to the DLP app on the hub to
view the match criteria for a data profile that include an EDM dataset.
PLUG-10252
This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
Renaming an existing data profile on the DLP app on
the hub creates an entirely new data filtering profile (
Objects
DLP
Data
Filtering Profiles
) on the Panorama management
server.
PLUG-6254
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the Enterprise DLP data filtering
profiles (
Objects
DLP
Data Filtering Profiles
) or Enterprise
DLP Settings (
Device
Setup
DLP
), and cannot be overridden
locally on the firewall.
PLUG-6145
On the Panorama management server, you
cannot create an admin role (
Panorama
Admin Roles
) to control access
to Enterprise Data Loss Prevention (DLP) filtering settings and
snippet configuration (
Device
Setup
DLP
).
PAN-157371
This is addressed in Enterprise DLP version 3.0.1
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the on-device Help for the
DLP Settings (
Device
Setup
DLP
).
PAN-144897
Enterprise Data Loss Prevention (DLP)
data profile
Thread ID/Name
filter is not available
when you configure a custom report (
Manage
Manage Custom Reports
) on the
Panorama management server or locally on a firewall leveraging Enterprise
DLP.
DSS-17763
On the Panorama management server, custom data profiles (
Objects
DLP
Data Filtering Profiles
) are not synchronized to the DLP cloud service if you have an active
CASB-X license. This prevents you being able to associate the data profile with a
Security policy rule and displays the error
Data Profile does not
exist
.
Workaround
: Contact Palo Alto Networks Support to restore synchronization
functionality between the DLP cloud service and Panorama.