File Type Include or Exclude List for Data filtering Profiles
Table of Contents
11.0
Expand all | Collapse all
File Type Include or Exclude List for Data filtering Profiles
Create a file type include or exclude list for file-based inspection using Enterprise
Data Loss Prevention (E-DLP).
Enterprise Data Loss Prevention (E-DLP) now supports creating a file type include or
exclude list for data filtering profiles configured for
file-based inspection. This allows you to select one of two modes:
- Inclusion Mode—Allow only specified file types be scanned by Enterprise DLP.
- Exclusion Mode—Allow all supported files to be scanned by Enterprise DLP by default but excluding the file types you specify.Exclusion Mode includes True File Type Support and does not rely on file extensions to determine file types.
To create a file type include or exclude list for Enterprise DLP data filtering
profiles, the Panorama management server and managed firewalls using Enterprise DLP
must be running PAN-OS 11.0.2 or later release. Additionally, the Enterprise DLP
plugin must be version 4.0.1 or later.
- Selectand specify theObjectsDLPData Filtering ProfilesDevice Group.
- Create a data filtering profile on Panorama for file-based inspection.
- When creating the data filtering profile, specify the file types the DLP cloud service takes action against.
- SelectFile Types.
- Select the Scan Type to create a file type include or exclude list.
- Include—DLP cloud service inspects only the file types you add to the File Type Array.
- Exclude—DLP cloud service inspects all supported file types except for those added to the File Type Array.
- ClickModifyto add the file types to the File Type Array and clickOK.
- ClickOKto save your changes.
- Attach the data filtering profile to a Security policy rule.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile you created previously.
- ClickOK.
- Commit and push your configuration changes to your managed firewalls that are using Enterprise DLP.TheCommit and Pushcommand isn’t recommended for Enterprise DLP configuration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are using Enterprise DLP.