>
    Strata Copilot
    Reasons for Inspection Failure
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Administration
    4. Monitor Enterprise DLP
    5. Enterprise DLP Incident Management
    6. Reasons for Inspection Failure
    Download PDF
    Enterprise DLP

    Reasons for Inspection Failure

    Table of Contents

    Reasons for Inspection Failure

    Review and understand the reasons why Enterprise Data Loss Prevention (E-DLP) was unable to scan traffic
    On May 7, 2025, Palo Alto Networks is introducing new Evidence Storage and Syslog Forwarding service IP addresses to improve performance and expand availability for these services globally.
    You must allow these new service IP addresses on your network to avoid disruptions for these services. Review the Enterprise DLP Release Notes for more information.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    • Prisma Browser
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    Or any of the following licenses that include the Enterprise DLP license
    • Prisma Access CASB license
    • Next-Generation CASB for Prisma Access and NGFW (CASB-X) license
    • Data Security license
    In some cases, Enterprise Data Loss Prevention (E-DLP) is unable to inspect and render a verdict on either file or non-file based traffic that match an Enterprise DLP data profile, and as a result Enterprise DLP doesn't generate an incident. However, a log is generated if Enterprise DLP is unable to inspect matched traffic.
    • Strata Cloud Manager—View the File log (Incident & AlertsLog Viewer)
      Apply a Sub Type = dlp or Sub Type = dlp-non-file filter to narrow down the list of file logs.
      If the Reason for Data Filtering Action column isn’t displayed, expand the menu for any displayed column to search for and check (enable) Reason for Data Filtering Action.
    • Panorama® management server—View the Data Filtering log (MonitorLogsData Filtering).
      Apply a (subtype eq dlp) filter to narrow down the list of data filtering logs.
      If the Reason for Action column isn’t displayed, expand the menu for any displayed column and click Columns and check (enable) Reason for Action.
    File logs display a Reason for Data Filtering Action and data filtering logs display a Reason for Action column describing what data filtering action was taken by your security endpoint. In this case, the reason why Enterprise DLP was unable to inspect the matched traffic is described. Review the list of reasons why Enterprise DLP was unable to inspect matched traffic.
    Reason for Data Filtering Action Text
    Error Description
    Recommended Action
    DLP Error: 400
    Enterprise DLP couldn't inspect forwarded traffic due to issues fetching your Enterprise DLP configuration or related failures.
    These errors can be ignored as transient issues if they occur infrequently and intermittently.
    Contact Palo Alto Networks Support for investigation if you observe a large volume of these errors consistently during normal operations.
    DLP Error:dss max retry reached
    File forwarding to Enterprise DLP failed after multiple retry attempts. This is typically caused by a transient connectivity issue.
    Contact Palo Alto Networks Support for investigation if this error persists or occurs frequently.
    FW Skipped: data length > Limit
    Scan Skipped: Internal Err 614
    Enterprise DLP didn't inspect the forwarded non-file data because it exceeded your max configured data size.
    Enterprise DLP also skips non-file data over 500 KB.
    Raise the max data Size limit for Non-file in the Data Filtering Settingsto 500 KB to reduce these events. Use the Action on Max Data Size setting to define how Enterprise Data Loss Prevention (E-DLP) handles oversized non-file data.
    FW Skipped: Fail to Start
    The NGFW or Prisma Access tenant couldn't forward traffic to Enterprise DLP because it was unable to initialize the forwarding session. This can occur when resources allocated for Enterprise DLP on the enforcement point reaches roughly 80% or higher.
    Contact Palo Alto Networks Support for further troubleshooting if this error persists or occurs frequently.
    FW Skipped: Resource Limit
    The NGFW or Prisma Access tenant couldn't forward traffic to Enterprise DLP due to the resource allocation for Enterprise DLP on the enforcement point reaching full utilization.
    Intermittent occurrences point to temporary Enterprise DLP resource contention. Persistent or frequent occurrences indicate sustained capacity exhaustion and may require enforcement point capacity scaling.
    Contact Palo Alto Networks Support if traffic levels are within capacity limits and you continue to see this error.
    FW Skipped: Transmit Pkts
    The NGFW or Prisma Access tenant encountered an error while transmitting packets to Enterprise DLP or when completing the forwarding operation. This typically occurs when resource usage on the enforcement point reaches full utilization.
    Contact Palo Alto Networks Support for further troubleshooting if this error persists or occurs frequently.
    FW Skipped: wif not ready
    The NGFW or Prisma Access tenant couldn't forward traffic to Enterprise DLP because the connection to Enterprise DLP is not established.
    This might be a transient (e.g., NGFW startup) or might indicate a configuration or licensing issue.
    Contact Palo Alto Networks Support for investigation if this error persists or occurs frequently.
    Scan ERR: file corrupted
    Enterprise DLP couldn't extract the text from the forwarded file because it was incomplete or corrupted when received by Enterprise DLP.
    Additionally, NGFW and Prisma Access tenants running PAN-OS 11.1 or later release can forward files chunked over multiple HTTP requests or sessions. Enterprise DLP generates this error if one of the chunks was not received and the file couldn't be reconstructed for content extraction.
    No Action needed. If you believe the file was valid and this error is unexpected, please contact Palo Alto Networks Support for further investigation.
    Scan ERR: file is password prot
    		Enterprise DLP couldn't open the forwarded file because it was password protected or encrypted.
    Enterprise DLP can't inspect password protected or encrypted files.
    Contact Palo Alto Networks Support for investigation if you believe the file was not protected or encrypted and this error is unexpected.
    Scan ERR: Internal Err 0
    Scan ERR: Internal Err 500
    Other Internal Errors
    Internal failure error during Enterprise DLP inspection that cannot be attributed to a specific or actionable cause.
    These errors can be ignored as transient issues if they occur infrequently and intermittently.
    Contact Palo Alto Networks Support for investigation if you observe a large volume of these errors consistently during normal operations.
    Scan ERR: Internal Err 1005
    Scan ERR: scan timeout
    Scan Skipped: Scan req timeout
    Scan Skipped: Latency > Limit
    Enterprise DLP didn't finish inspection within the configured max latency. The different timeout errors reflect the stage at which the delay is detected by Enterprise DLP.
    Raise the Max Latency setting (up to 240 seconds for files and up to 30 seconds for non-file data) to reduce these events.
    Palo Alto Networks recommends increasing the max latency if you recently increased the max file and non-file size limits.
    Scan ERR: Rule1 invalid action
    Inspected traffic matched the Primary rule in the data profile, but the Action is invalid.
    Review and modify your DLP rule (Strata Cloud Manager or data filtering profile Panorama. The Action must be either Block or Alert.
    Scan ERR: Rule2 invalid action
    Inspected traffic matched the Secondary rule in the data profile, but the Action is invalid.
    Review and modify your DLP rule (Strata Cloud Manager or data filtering profile Panorama. The Action must be either Block or Alert.
    Scan Skipped: File Size > Limit
    Enterprise DLP didn't inspect the forwarded file because it exceeded the configured max file size.
    Enterprise DLP also skips any file larger than 100 MB.
    Raise the Max File Size in the Data Filtering Settings to 100 MB to reduce these events. Use the Action on Max File Size setting to define how Enterprise DLP handles oversized files.
    Scan Skipped: Internal Err 601
    Scan Skipped: Internal Err 602
    Scan Skipped: Internal Err 604
    Scan Skipped: Internal Err 606
    Scan Skipped: Internal Err 607
    Scan Skipped: Internal Err 609
    Scan Skipped: Internal Err 610
    Scan Skipped: Internal Err 611
    Scan Skipped: Internal Err 613
    Scan Skipped: Internal Err 629
    Scan Skipped: Internal Err 630
    Scan Skipped: Internal Err 631
    Enterprise DLP encountered an error while parsing forwarded data for an unsupported protocol or app. This typically indicates that Enterprise DLP doesn't support the protocol or app.
    Review the list of supported supports protocol and apps.
    Contact Palo Alto Networks Support for investigation if you observe this error for a supported protocol or app.
    Scan Skipped: Internal Err 605
    Scan Skipped: Internal Err 616
    Scan Skipped: Internal Err 617
    Scan Skipped: Internal Err 618
    Scan Skipped: Internal Err 619
    Scan Skipped: Internal Err 628
    Enterprise DLP encountered a parsing error due to a potentially malformed data.
    These errors can be ignored as transient issues if they occur infrequently and intermittently.
    Contact Palo Alto Networks Support for investigation if you observe a large volume of these errors consistently during normal operations.
    Scan Skipped: Internal Err 620
    Scan Skipped: Internal Err 621
    Scan Skipped: Internal Err 622
    Scan Skipped: Internal Err 623
    Scan Skipped: Internal Err 624
    Scan Skipped: Internal Err 625
    Scan Skipped: Internal Err 626
    Scan Skipped: Internal Err 627
    Enterprise DLP encountered an error parsing data from Google Drive.
    These errors can be ignored as transient issues if they occur infrequently and intermittently.
    Contact Palo Alto Networks Support for investigation if you observe a large volume of these errors consistently during normal operations.
    Scan Skipped: Out of memory
    Inspection skipped because Enterprise DLP memory usage was exceeded.
    This indicates memory resource exhaustion. Contact Palo Alto Networks Support if this error occurs frequently.
    Scan Skipped: Profile not found
    Inspection skipped because the enforcement point couldn't find the configured data profile.
    Review your Security policy rules to ensure the associated data profile exists.
    If you use Panorama, ensure you synchronized your data profiles.
    Scan Skipped: Rate > Limit
    Inspection skipped because Enterprise DLP received the maximum number of inspection requests.
    This indicates rate limiting is in effect. Monitor traffic patterns and consider adjusting rate limits if appropriate.

    © 2026 Palo Alto Networks, Inc. All rights reserved.