PAN-OS ® New Features Guide
    : Web Form Data Inspection for Enterprise Data Loss Prevention
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. PAN-OS ® New Features Guide
    4. Enterprise Data Loss Prevention Features
    5. Web Form Data Inspection for Enterprise Data Loss Prevention
    Download PDF

    PAN-OS ® New Features Guide

    Web Form Data Inspection for Enterprise Data Loss Prevention

    Table of Contents

    Web Form Data Inspection for Enterprise Data Loss Prevention

    Inspect non-file based traffic for sensitive data when using Enterprise data loss prevention (DLP).
    Enterprise Data Loss Prevention (DLP) now supports inspection of non-file format traffic to prevent exfiltration of sensitive information in data exchanged in collaboration applications, web forms, Cloud applications, custom applications, and social media.
    Managed firewalls using Enterprise DLP send all non-file based traffic that match data filtering profile criteria to the DLP cloud service to render a verdict. However, use URL categories and application filters to determine which application traffic is excluded from inspection. Enterprise DLP includes a predefined
    DLP App Exclusion Filter
     filter containing common applications that can’t be inspected or don’t require inspection. You can use the predefined application filter or create a custom application filter to specify applications to exclude from inspection. You can modify existing data filtering profiles to scan both file based and non-file based traffic. Inspection of non-file based traffic is supported on Panorama, Prisma Access (Panorama Managed), and Prisma Access (Cloud Managed).
    Enterprise DLP supports inspection of non-file based traffic of sensitive data for the following HTTP content types:
    • JSON
    • URL encoded form
    • Multipurpose Internet Mail Extensions (MIME)
    Web form inspection for non-file based traffic is supported only for the HTTP/1.x network protocol. Web form inspection for non-file based traffic isn’t supported for the HTTP/2 network protocol.
    The steps below describe how to configure web form inspection Enterprise DLP on Panorama and Prisma Access (Panorama Managed).
    3. (
      Optional
      ) Create a custom URL category for URL or domain traffic you don’t want to send to the DLP cloud service for inspection.
    4. (
      Optional
      ) Create a custom application filter for application traffic that you don’t want to send to the DLP cloud service for inspection.
      1. Select
        Objects
        Application Filters
         and
        Add
         a new application filter.
        You can also select and
        Clone
        the predefined
        DLP App Exclusion Filter
         to create a custom application filter.
      2. Check (enabled)
        Shared
        .
      3. Configure the application filter as needed.
        See Create an Application Filter for more information.
      4. Click
        OK
        .
      5. Select
        Commit
         and
        Commit to Panorama
        .
    5. Create a data filtering profile to inspect non-file based traffic.
      See Create a Data Filtering Profile on Panorama for additional details on creating a data filtering profile.
      1. Select
        Objects
        DLP
        Data Filtering Profile
         and
        Add
         a data filtering profile.
      2. Enter descriptive
        Name
         for the data filtering profile.
      3. For Non File Based, select
        Yes
        .
      4. Enable (check)
        Shared
        .
      5. Add
         the
        Primary Pattern
         and
        Secondary Pattern
         match criteria as needed.
      6. (
        Optional
        ) Select
        URL Category
         and
        Add
         a URL category to exclude from inspection.
      7. Select
        Application List
         and
        Add
         an application list to exclude from inspection.
        At least one application filter is required to successfully create a data filtering profile for non-file based traffic.
      8. Configure the
        Action
        .
      9. Configure the
        Log Severity
        .
      10. Click
        OK
        .
    6. Attach the data filtering profile to a Security policy rule.
      1. Select
        Policies
        Security
         and specify the
        Device Group
        .
      2. Select the Security policy rule to which you want to add the data filtering profile.
      3. Select
        Actions
         and set the
        Profile Type
         to
        Profiles
        .
      4. Select the
        Data Filtering
         profile that you created previously.
      5. Click
        OK
         to save your policy rule.
    7. Commit and push your configuration changes to your managed firewalls that are using Enterprise DLP.
      The
      Commit and Push
       command isn’t recommended for Enterprise DLP configuration changes. Using the
      Commit and Push
       command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
      1. Select
        Commit
        Commit to Panorama
         and
        Commit
        .
      2. Select
        Commit
        Push to Devices
         and
        Edit Selections
        .
      3. Select
        Device Groups
         and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
         your configuration changes to your managed firewalls that are using Enterprise DLP.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.