>
    Edit the Cloud Content Settings
    Focus
    Download PDF
    Focus
    1. Home
    2. Enterprise DLP
    3. Administration
    4. Set Up Enterprise DLP
    5. Edit the Enterprise DLP Settings
    6. Edit the Cloud Content Settings
    Download PDF
    Enterprise DLP

    Edit the Cloud Content Settings

    Table of Contents

    Edit the Cloud Content Settings

    Edit the Cloud Content Settings to specify the server to send your Enterprise Data Loss Prevention (E-DLP) files for inspection.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Panorama)
    • Enterprise Data Loss Prevention (E-DLP) license
      Review the Supported Platforms for details on the required license for each enforcement point.
    By default, Enterprise Data Loss Prevention (E-DLP) is configured using a Cloud Content Fully Qualified Domain Name (FQDN) that automatically resolves to the closet Cloud Services server to inspect matching traffic. If you have specific data residency requirements, you can specify a regional Cloud Services server by editing the Cloud Content FQDN to which to send your Enterprise DLP traffic for inspection.
    1. Log in to the Panorama web interface.
    2. Select DeviceSetupContent-ID and select the Template associated with the managed firewalls using Enterprise DLP.
    3. Edit the Cloud Content FQDN.
      1. Edit the Cloud Content Settings.
      2. Modify the Public Cloud Server based on your data residency requirements.
        Enterprise DLP data and data processing, including Incidents, reports, and DLP verdicts, are generated in the specified Public Cloud Server region. The Default Enterprise DLP Public Cloud Server automatically resolves to the closest Public Cloud Server.
        • Public Cloud Server by Region
          • Defaulthawkeye.services-edge.paloaltonetworks.com
            The default Public Cloud Server automatically resolves to the closest Public Cloud Server to where the inspected traffic originated. If a new Public Cloud Server is deployed in a region closer to where the inspected traffic originated, Enterprise DLP data and data processing is generated in that new region.
          • APACapac.hawkeye.services-edge.paloaltonetworks.com
          • Australiaau.hawkeye.services-edge.paloaltonetworks.com
          • Canadaca.hawkeye.services-edge.paloaltonetworks.com
          • Europeeu.hawkeye.services-edge.paloaltonetworks.com
          • Francefr.hawkeye.services-edge.paloaltonetworks.com
            Indiain.hawkeye.services-edge.paloaltonetworks.com
          • Japanjp.hawkeye.services-edge.paloaltonetworks.com
          • United Statesus.hawkeye.services-edge.paloaltonetworks.com
          • United Kingdomuk.hawkeye.services-edge.paloaltonetworks.com
        • Public Cloud Server for FedRAMP
          Enterprise DLP requires you add the following Public Cloud Server to successfully forward traffic for inspection and verdict rendering in FedRAMP environments.
          hawkeye.services-edge.pubsec-cloud.paloaltonetworks.com
      3. Click OK.
    4. Commit and push the new configuration to your managed firewalls.
      The Commit and Push command isn’t recommended for Enterprise DLP configuration changes. Using the Commit and Push command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
      • Full configuration push from Panorama
        1. Select CommitCommit to Panorama and Commit.
        2. Select CommitPush to Devices and Edit Selections.
        3. Select Device Groups and Include Device and Network Templates.
        4. Click OK.
        5. Push your configuration changes to your managed firewalls that are using Enterprise DLP.
      • Partial configuration push from Panorama
        You must always include the temporary __dlp administrator when performing a partial configuration push. This is required to keep Panorama and the DLP cloud service in sync.
        For example, you have an admin Panorama admin user who is allowed to commit and push configuration changes. The admin user made changes to the Enterprise DLP configuration and only wants to commit and push these changes to managed firewalls. In this case, the admin user is required to also select the __dlp user in the partial commit and push operations.
        1. Select CommitCommit to Panorama.
        2. Select Commit Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial commit.
          In this example, the admin user is currently logged in and performing the commit operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
          Click OK to continue.
        3. Commit.
        4. Select CommitPush to Devices.
        5. Select Push Changes Made By and then click the current Panorama admin user to select additional admins to include in the partial push.
          In this example, the admin user is currently logged in and performing the push operation. The admin user must click admin and then select the __dlp user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
          Click OK to continue.
        6. Select Device Groups and Include Device and Network Templates.
        7. Click OK.
        8. Push your configuration changes to your managed firewalls that are using Enterprise DLP.

    © 2024 Palo Alto Networks, Inc. All rights reserved.