Managed firewalls leveraging Enterprise DLP erroneously
display as
not licensed
, even though
the firewall is successfully licensed, when you enter the following command
in the firewall CLI.
admin>
show ctd-agent status security-client
This issue is observed only when you initially activate the DLP
license on the managed firewall and before you push the Enterprise
DLP configuration from the Panorama management server for the first
time.
This requires you to commit and push the Enterprise DLP configuration
to your managed firewall leveraging Enterprise DLP which restores
the correct license state on the managed firewall.
WIF-495
This issue is resolved in PAN-OS 10.2.1 and Enterprise DLP plugin 3.0.1
On the Panorama management server, edits made to an
existing data filtering profile (
Objects
DLP
Data Filtering Profiles
can
result in matching traffic not being detected by Enterprise DLP.
WIF-470
This issue is addressed in PAN-OS 10.2.1 and Enterprise DLP plugin 3.0.1.
On the firewall CLI, the
ctd_wif_forward_abort
counter
may increase when the firewall is under load and uploading files
to the DLP cloud service. There is no impact to Enterprise DLP functionality.
PLUG-15177
This is addressed in Enterprise DLP plugin 3.0.9 and 4.0.4
and
5.0.2
.
On the Panorama management server, the web interface becomes unresponsive when editing
large data profiles (
Objects
DLP
Data Filtering Profiles
).
PLUG-14534
This is addressed in Enterprise DLP plugin 4.0.3 and 3.0.7.
On the Panorama management server, the Enterprise DLP plugin fails to complete post
commit tasks and causes all commits (
Commit
Commit to Panorama
) to get stuck at 99%.
PLUG-14201
This is addressed in Enterprise DLP plugin 3.0.7, 4.0.3, and 5.0.1.
The Panorama management server is unable to a generate report if a data filtering log (
Monitor
Logs
Data Filtering
) with Report ID of
0
for a DLP incident. A
DLP Incident has a Report ID of
0
if the DLP cloud service
was unable to scan the file.
PLUG-13729
This is addressed in Enterprise DLP plugin 4.0.3 and 5.0.1.
The Panorama management server is unable to synchronize new data profiles (
Objects
DLP
Data Filtering Profiles
) from the DLP cloud service.
PLUG-13111
This issue is addressed in Enterprise DLP 3.0.6.
On the Panorama management server, the list of predefined URL categories are not
displayed for a data profile configured for non-file inspection (
Objects
DLP
Data Filtering Profiles
<select a data profile>
URL Category List Excluded From
).
PLUG-12430
This issue is addressed in PAN-OS 10.2.4-h3 and Enterprise DLP plugin 3.0.5.
On the Panorama management server, Enterprise Data Loss Prevention (E-DLP) allows you to
create multiple data filtering profiles (
Objects
DLP
Data Filtering Profiles
) with the same
Name
.
PLUG-11851
On the Panorama management server, an outdated default DLP block response page is
displayed when traffic matches a data filtering profile with the Action set to
Block
when leveraging Enterprise DLP.
PLUG-11197
This issue is addressed in Enterprise DLP version
3.0.2.
The DLP plugin install or uninstall fails if the local administrator
account does not exist.
PLUG-10252
This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
Renaming an existing data profile on the DLP app on
the hub creates an entirely new data filtering profile (
Objects
DLP
Data
Filtering Profiles
) on the Panorama management
server.
PLUG-9811
This issue is addressed in Enterprise DLP 3.0.6.
Creating a new data profile from the Panorama management server CLI fails.
This issue is addressed in Enterprise DLP version 1.0.6 and 3.0.2.
On the Panorama management server, the
Secondary Pattern for a data filtering profile (
Objects
DLP
Data
Filtering Profiles
) is not displayed for
the data filtering profile is successfully created and pushed to
managed firewalls.
PLUG-6254
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the Enterprise DLP data filtering
profiles (
Objects
DLP
Data Filtering Profiles
) or Enterprise
DLP Settings (
Device
Setup
DLP
), and cannot be overridden
locally on the firewall.
PLUG-6145
On the Panorama management server, you
cannot create an admin role (
Panorama
Admin Roles
) to control access
to Enterprise Data Loss Prevention (DLP) filtering settings and
snippet configuration (
Device
Setup
DLP
).
PAN-191014
This issue is addressed in Enterprise DLP version 3.0.2.
On the Panorama management server, the on device help
for data filtering profiles (
Objects
DLP
Data Filtering Profiles
Add
) and data filtering patterns
Objects
DLP
Data
Filtering Patterns
Add
)
do not display correctly.
PAN-157371
This is addressed in Enterprise DLP version 3.0.1
Firewalls leveraging Enterprise Data
Loss Prevention (DLP) do not display the on-device Help for the
DLP Settings (
Device
Setup
DLP
).
PAN-144897
Enterprise Data Loss Prevention (DLP)
data profile
Thread ID/Name
filter is not available
when you configure a custom report (
Manage
Manage Custom Reports
) on the
Panorama management server or locally on a firewall leveraging Enterprise
DLP.
DSS-17763
On the Panorama management server, custom data profiles (
Objects
DLP
Data Filtering Profiles
) are not synchronized to the DLP cloud service if you have an active
CASB-X license. This prevents you being able to associate the data profile with a
Security policy rule and displays the error
Data Profile does not
exist
.
Workaround
: Contact Palo Alto Networks Support to restore synchronization
functionality between the DLP cloud service and Panorama.