Known Issues in Enterprise DLP Plugin 1.0.8
Focus
Focus
Enterprise DLP

Known Issues in Enterprise DLP Plugin 1.0.8

Table of Contents

Known Issues in Enterprise DLP Plugin 1.0.8

Known issues in Enterprise Data Loss Prevention (E-DLP) plugin 1.0.8.

WIF-523

This issue is addressed in PAN-OS 10.2.2.
Managed firewalls leveraging Enterprise DLP erroneously display as not licensed, even though the firewall is successfully licensed, when you enter the following command in the firewall CLI.
admin> show ctd-agent status security-client
This issue is observed only when you initially activate the DLP license on the managed firewall and before you push the Enterprise DLP configuration from the Panorama management server for the first time.
Workaround: Finish setting up and configuring Enterprise DLP.
This requires you to commit and push the Enterprise DLP configuration to your managed firewall leveraging Enterprise DLP which restores the correct license state on the managed firewall.

PLUG-15645

This issue is addressed in Enterprise DLP plugin 4.0.4 and 5.0.2.
Enterprise Data Loss Prevention (E-DLP) continues to forward traffic to the DLP cloud service for inspection when even after a data profile (ObjectsDLPData Filtering Profiles) are removed from a Security policy rule (PoliciesSecurity).

PLUG-10282

When a data profile that includes an EDM dataset is synchronized to the Panorama management server, the data filtering profile (ObjectsDLPData Filtering Profiles) on Panorama does not accurately synchronize and display the match conditions for the EDM dataset.
This does not impact enforcement to prevent exfiltration of sensitive data.
Workaround: Log in to the DLP app on the hub to view the match criteria for a data profile that include an EDM dataset.

PLUG-10252

This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
Renaming an existing data profile on the DLP app on the hub creates an entirely new data filtering profile (ObjectsDLPData Filtering Profiles) on the Panorama management server.

PLUG-9811

This issue is addressed in Enterprise DLP 3.0.6.
Creating a new data profile from the Panorama management server CLI fails.
Workaround: Create a new data profile from the Panorama web interface.

PLUG-6254

Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the Enterprise DLP data filtering profiles (ObjectsDLPData Filtering Profiles) or Enterprise DLP Settings (DeviceSetupDLP), and cannot be overridden locally on the firewall.

PLUG-6145

On the Panorama management server, you cannot create an admin role (PanoramaAdmin Roles) to control access to Enterprise Data Loss Prevention (DLP) filtering settings and snippet configuration (DeviceSetupDLP).

PAN-157371

This is addressed in Enterprise DLP version 3.0.1
Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the on-device Help for the DLP Settings (DeviceSetupDLP).

PAN-144897

Enterprise Data Loss Prevention (DLP) data profile Thread ID/Name filter is not available when you configure a custom report (ManageManage Custom Reports) on the Panorama management server or locally on a firewall leveraging Enterprise DLP.

DSS-17763

On the Panorama management server, custom data profiles (ObjectsDLPData Filtering Profiles) are not synchronized to the DLP cloud service if you have an active CASB-X license. This prevents you being able to associate the data profile with a Security policy rule and displays the error Data Profile does not exist.
Workaround: Contact Palo Alto Networks Support to restore synchronization functionality between the DLP cloud service and Panorama.