Enterprise DLP
File Based for Panorama
Table of Contents
File Based for Panorama
Create a data filtering profile for the Enterprise Data Loss Prevention (E-DLP) on the Panorama™ management server.
- Log in to the Panorama web interface.Edit the Data Filtering Settings on Panorama to configure the minimum and maximum data size limits and the actions the firewall takes when uploading files to the DLP cloud service.Create one or more data patterns.Select .Add a new data filtering profile.Enter a descriptive Name for the data profile.Verify the following settings are enabled.
- File Based—New data profiles have Yes selected by default.
- Shared—All Enterprise DLP data profiles must be Shared across all device groups. This setting is enabled by default and cannot be disabled.
Define the match criteria.- If you select Basic, configure the following:
- Primary Pattern—Add one or more data patterns to specify as the match criteria.If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
- Match—Select whether the pattern you specify should match (include) or not match (exclude) the specified criteria.
- Operator—Select a boolean operator to use with the Threshold parameter. Specify Any to ignore the threshold.
- Any—Security policy rule action triggered if Enterprise DLP detects at least one instance of matched traffic.
- Less than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with the maximum being the specified Threshold.
- More than or equal to—Security policy rule action triggered if Enterprise DLP detects instances of matched traffic, with a minimum being the specified Threshold.
- Between (inclusive)—Security policy rule action triggered if Enterprise DLP detects any number of instances of matched traffic between the specific Threshold range.
- Occurrence—Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is 1 - 500.For example, to match a pattern that appears three or more times in a file, select more_than_or_equal_to as the Operator and specify 3 as the Threshold.
- Confidence—Specify the confidence level required for a Security policy rule action to be taken (High or Low).
![]()
- If you select Advanced, you can create expressions by dragging and dropping data patterns, Confidence levels, Operators, and Occurrence values into the field in the center of the page.Specify the values in the order that they’re shown in the following screenshot (data pattern, Confidence, and Operator or Occurrence).
![]()
Select an Action (Alert or Block) to perform on the file.If the data profile has both Primary and Secondary Patterns, changing the data profile Action on Panorama deletes all Secondary Pattern match criteria.Specify the file types the DLP cloud service takes action against.- DLP plugin 4.0.0 and earlier releases
- DLP plugin 4.0.1 and later releases
- Select File Types.Select the Scan Type to create a file type include or exclude list.
- Include—DLP cloud service inspects only the file types you add to the File Type Array.
- Exclude—DLP cloud service inspects all supported file types except for those added to the File Type Array.
Click Modify to add the file types to the File Type Array and click OK.![]()
Select traffic Direction you want to inspect.You can select Upload, Download, or Both.Set the Log Severity recorded for files that match this rule.You can select critical, high, medium, low, or informational. The default severity is informational.Click OK to save your changes.Attach the data filtering profile to a Security policy rule.- Select and specify the Device Group.Select the Security policy rule to which you want to add the data filtering profile.Select Actions and set the Profile Type to Profiles.Select the Data Filtering profile you created previously.Click OK.Commit and push the new configuration to your managed firewalls.The Commit and Push command isn’t recommended for Enterprise DLP configuration changes. Using the Commit and Push command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Full configuration push from Panorama
- Select and Commit.
- Select and Edit Selections.
- Select Device Groups and Include Device and Network Templates.
- Click OK.
- Push your configuration changes to your managed firewalls that are using Enterprise DLP.
- Partial configuration push from PanoramaYou must always include the temporary __dlp administrator when performing a partial configuration push. This is required to keep Panorama and the DLP cloud service in sync.For example, you have an admin Panorama admin user who is allowed to commit and push configuration changes. The admin user made changes to the Enterprise DLP configuration and only wants to commit and push these changes to managed firewalls. In this case, the admin user is required to also select the __dlp user in the partial commit and push operations.
- Select .
- Select Commit Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial commit.In this example, the admin user is currently logged in and performing the commit operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.Click OK to continue.
![]()
- Commit.
- Select .
- Select Push Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial push.In this example, the admin user is currently logged in and performing the push operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.Click OK to continue.
![]()
- Select Device Groups and Include Device and Network Templates.
- Click OK.
- Push your configuration changes to your managed firewalls that are using Enterprise DLP.
