Edit the Cloud Content Settings
Focus
Focus
Enterprise DLP

Edit the Cloud Content Settings

Table of Contents

Edit the Cloud Content Settings

Edit the Cloud Content Settings to specify the server to send your
Enterprise Data Loss Prevention (E-DLP)
files for inspection.
Where Can I Use This?
What Do I Need?
  • NGFW (Panorama Managed)
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • Support license
  • Device management license
By default,
Enterprise Data Loss Prevention (E-DLP)
is configured using a Cloud Content Fully Qualified Domain Name (FQDN) that automatically resolves to the closet Cloud Services server to inspect matching traffic. If you have specific data residency requirements, you can specify a regional Cloud Services server by editing the Cloud Content FQDN to which to send your
Enterprise DLP
traffic for inspection.
  1. Log in to the
    Panorama
    web interface.
  2. Select
    Device
    Setup
    Content-ID
    and select the
    Template
    associated with the managed firewalls using
    Enterprise DLP
    .
  3. Edit the Cloud Content FQDN.
    1. Edit the
      Cloud Content Settings
      .
    2. Modify the
      Public Cloud Server
      based on your data residency requirements.
      Enterprise DLP
      data and data processing, including Incidents, reports, and DLP verdicts, are generated in the specified Public Cloud Server region.
      Enterprise DLP
      is configured to resolve to the closest Public Cloud Server by default.
      • Default
        hawkeye.services-edge.paloaltonetworks.com
        The default Public Cloud Server automatically resolves to the closest Public Cloud Server to where the inspected traffic originated. If a new Public Cloud Server is deployed in a region closer to where the inspected traffic originated,
        Enterprise DLP
        data and data processing is generated in that new region.
      • APAC
        apac.hawkeye.services-edge.paloaltonetworks.com
      • Australia
        au.hawkeye.services-edge.paloaltonetworks.com
      • Canada
        ca.hawkeye.services-edge.paloaltonetworks.com
      • Europe
        eu.hawkeye.services-edge.paloaltonetworks.com
      • France
        fr.hawkeye.services-edge.paloaltonetworks.com
        India
        in.hawkeye.services-edge.paloaltonetworks.com
      • Japan
        jp.hawkeye.services-edge.paloaltonetworks.com
      • United States
        us.hawkeye.services-edge.paloaltonetworks.com
      • United Kingdom
        uk.hawkeye.services-edge.paloaltonetworks.com
    3. Click
      OK
      .
  4. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    • Full configuration push from Panorama
      1. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      2. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      3. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
    • Partial configuration push from Panorama
      You must always include the temporary
      __dlp
      administrator when performing a partial configuration push. This is required to keep
      Panorama
      and the DLP cloud service in sync.
      For example, you have an
      admin
      Panorama
      admin user who is allowed to commit and push configuration changes. The
      admin
      user made changes to the
      Enterprise DLP
      configuration and only wants to commit and push these changes to managed firewalls. In this case, the
      admin
      user is required to also select the
      __dlp
      user in the partial commit and push operations.
      1. Select
        Commit
        Commit to
        Panorama
        .
      2. Select
        Commit Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial commit.
        In this example, the
        admin
        user is currently logged in and performing the commit operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      3. Commit
        .
      4. Select
        Commit
        Push to Devices
        .
      5. Select
        Push Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial push.
        In this example, the
        admin
        user is currently logged in and performing the push operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Click
        OK
        .
      8. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .

Recommended For You