Managed firewalls leveraging Enterprise DLP erroneously
display as
not licensed
, even though
the firewall is successfully licensed, when you enter the following command
in the firewall CLI.
admin>
show ctd-agent status security-client
This issue is observed only when you initially activate the DLP
license on the managed firewall and before you push the Enterprise
DLP configuration from the Panorama management server for the first
time.
This requires you to commit and push the Enterprise DLP configuration
to your managed firewall leveraging Enterprise DLP which restores
the correct license state on the managed firewall.
PLUG-15645
This issue is addressed in Enterprise DLP plugin 4.0.4
and
5.0.2
.
Enterprise Data Loss Prevention (E-DLP) continues to forward traffic to the DLP cloud
service for inspection when even after a data profile (
Objects
DLP
Data Filtering Profiles
) are removed from a Security policy rule (
Policies
Security
).
PLUG-10282
When a data profile that includes an EDM dataset is
synchronized to the Panorama management server, the data filtering
profile (
Objects
DLP
Data Filtering Profiles
) on
Panorama does not accurately synchronize and display the match conditions
for the EDM dataset.
This does not impact enforcement to prevent exfiltration of sensitive
data.
Workaround:
Log in to the DLP app on the hub to
view the match criteria for a data profile that include an EDM dataset.
PLUG-10252
This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
Renaming an existing data profile on the DLP app on
the hub creates an entirely new data filtering profile (
Objects
DLP
Data
Filtering Profiles
) on the Panorama management
server.
PLUG-9811
This issue is addressed in Enterprise DLP 3.0.6.
Creating a new data profile from the Panorama management server CLI fails.
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the Enterprise DLP data filtering
profiles (
Objects
DLP
Data Filtering Profiles
) or Enterprise
DLP Settings (
Device
Setup
DLP
), and cannot be overridden
locally on the firewall.
PLUG-6145
On the Panorama management server, you
cannot create an admin role (
Panorama
Admin Roles
) to control access
to Enterprise Data Loss Prevention (DLP) filtering settings and
snippet configuration (
Device
Setup
DLP
).
PAN-157371
This is addressed in Enterprise DLP version 3.0.1
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the on-device Help for the
DLP Settings (
Device
Setup
DLP
).
PAN-144897
Enterprise Data Loss Prevention (DLP)
data profile
Thread ID/Name
filter is not available
when you configure a custom report (
Manage
Manage Custom Reports
) on the
Panorama management server or locally on a firewall leveraging Enterprise
DLP.
DSS-17763
On the Panorama management server, custom data profiles (
Objects
DLP
Data Filtering Profiles
) are not synchronized to the DLP cloud service if you have an active
CASB-X license. This prevents you being able to associate the data profile with a
Security policy rule and displays the error
Data Profile does not
exist
.
Workaround
: Contact Palo Alto Networks Support to restore synchronization
functionality between the DLP cloud service and Panorama.