What’s Supported with Enterprise DLP?

Learn about the supported applications and operational parameters for Enterprise data loss prevention (DLP).
Learn about the products that support Enterprise data lost prevention (DLP) and its features:

Platform Support

Enterprise data loss prevention (DLP) is supported on the following platforms:
  • Prisma Access (Cloud Managed)
    • Important:
      If you’re already using Panorama to manage Enterprise DLP configurations for next-generation firewalls, your DLP configuration in Prisma Access cloud management is read-only; you should continue to manage the Enterprise DLP configuration from your Panorama management server.
      DLP policy enforcement on Prisma Access (Cloud Managed) is still supported when using Panorama to manage your Enterprise DLP configuration.
      If the Panorama managing your Enterprise DLP configuration is no longer licensed to leverage Enterprise DLP, you must contact Palo Alto Networks Support to transfer Enterprise DLP configuration management to Prisma Access (Cloud Managed). The Enterprise DLP configuration on Prisma Access (Cloud Managed) remains read-only until you contact Palo Alto Networks Support.
      Enterprise DLP configuration on Prisma Access (Cloud Managed)
    • DLP is an add-on license on Prisma Access. You can either start with a 60-day trial or you can purchase a license to use Enterprise DLP on Prisma Access.
DLP data patterns and data filtering profiles are designed to work across all supported platforms to provide consistent data security across all locations.

Supported Applications

The following table displays the supported web applications and operational parameters that you can use with Enterprise DLP.
Of the applications listed in the table below, GitHub, Microsoft OnePoint, Salesforce, ServiceNow, and Yahoo Mail require you install Application and Threats content release 8413 or later versions on your PAN-OS firewalls or Prisma Access deployment.
Web Application
PDF
doc/docx
ppt/pptx
xls/xlsx
rtf
CSV
txt
Multi-file uploads
File Size
GitHub Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Web Browsing
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
OneDrive Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
SharePoint Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
OneNote Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Gmail Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Box Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Salesforce Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
ServiceNow Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Slack Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Yahoo Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
The following list contains the supported applications, file operations, upload parameters, file types, actions, and predefined data patterns and filtering profiles.

Supported File Types

The following lists the supported file operations, upload parameters, file types, and actions.
  • File operations
    —You can upload files using HTTP and HTTPS (no FTP or SMTP) using HTTP/1.1.
    Some applications, such as SharePoint and OneDrive, use HTTP/2 by default. To use HTTP/2 files with HTTP/1.1, you need to create a decryption profile and a Security policy rule to strip out the application-layer protocol negotiation (ALPN) extension in headers. See Enable Enterprise DLP for Managed Firewalls for more information.
  • Data flow
    —File uploads are supported (downloads are not supported).
  • Concurrent file uploads
    —25 concurrent file uploads are supported.
  • File size
    —Files of up to 20MB are supported.
    If you use Box to upload multiple files and one or more of the files are larger than 20MB, the upload of all files will stall. To continue, find the files in Box that are larger than 20MB and click
    X
    to stop the upload of those files.
  • File types
    —Enterprise DLP supports inspection of the following file types.
    Of the file types listed below, iWork Keynote, iWork Numbers, and iWork Pages require you install Application and Threats content release 8529 or later versions on your PAN-OS firewalls or Prisma Access deployment.
    • Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx)
    • .csv
    • .pdf
    • .rtf
    • .txt
    • iWork (Keynote, Numbers, Pages)
    • Image files (.jpg, .jpeg, .png, .tif, .tiff)
      Detection of image files requires you to enable Optical Character Recognition (OCR) on the DLP app or Prisma Access (Cloud Managed).
    • Source Code File Types
      —Enterprise DLP supports inspection of the following source code file types.
      • Cfamily—C, C++, C+, Objective C
      • Generic
      • java
      • javascript
      • perl
      • powershell
      • python
      • r
      • ruby
      • vbs
      • verilog
      • vhd1
      • x86_assembly
  • ZIP Files
    —Enterprise DLP supports inspection of ZIP and 7Z (7-ZIP file archiver) files containing the supported file types listed above.
    The Enterprise DLP cloud service supports single level compression of files only.
    The Enterprise DLP cloud service does not support scanning multilevel compressed files. For example, the DLP cloud service cannot scan and render a verdict on the file contents of a zip file if its been compressed more than once.
  • Response
    —Block and Alert actions are supported for HTTP and HTTPS files. However, the Block page does not display the name of the file that the managed firewall blocked.

Support for Non-File Based Traffic

Enterprise DLP supports inspection of non-file based traffic for sensitive data. A data filtering profile configured for non-file based traffic detection allow you to configure URL and application exclusion lists to exclude specific URL and application traffic from Enterprise DLP inspection.
Inspection of non-file based traffic is supported on Panorama running PAN-OS 10.2.1 and later releases and Enterprise DLP plugin 3.0.1 and later releases.
To upgrade to PAN-OS 10.2.1, you must install Application and Threats content release 8552-7333 or later version on Panorama and managed firewalls leveraging Enterprise DLP. This is required to support non-file based traffic inspection.

Data Patterns and Data Filtering Profiles

Use predefined or create your own data patterns and data filtering profiles. You can duplicate predefined and custom data patterns and data filtering profiles if you want to add, remove, or modify data identifiers in the existing pattern or profile. However, duplication of ML-based data patterns is not supported.
For each data filtering profile, Enterprise DLP allows a maximum of 10 data patterns for a Block rule and 50 data patterns for an Alert rule.
Predefined data patterns use either machine learning (ML) or regex-based detection for scanned files. Enterprise DLP returns verdicts for ML-based data patterns of scanned files up to 1MB in size. For all other predefined and custom data patterns, Enterprise DLP supports verdicts for scanned files of up to 20MB in size.
for the full list of all predefined ML-based patterns and all predefined data filtering profiles, see:

Recommended For You