Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Strata Cloud Manager
- Enable Optical Character Recognition on Strata Cloud Manager
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Strata Cloud Manager
- Create a Data Profile with EDM Data Sets on Strata Cloud Manager
- Create a Data Profile with Data Patterns and EDM Data Sets on Strata Cloud Manager
- Create a Data Profile with Nested Data Profiles on Strata Cloud Manager
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Strata Cloud Manager
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Strata Cloud Manager
- Manage Enterprise DLP Incidents on Strata Cloud Manager
- View Enterprise DLP Audit Logs on Strata Cloud Manager
- View Enterprise DLP Log Details on Panorama
Register and Activate Enterprise DLP on Prisma Access
(Panorama Managed)
Enterprise DLP
on Prisma Access
(Panorama Managed)
Complete the task to register and activate
Enterprise Data Loss Prevention (E-DLP)
on Prisma Access
(Panorama Managed)
.Where Can I Use This? | What Do I Need? |
|---|---|
|
|
Enterprise Data Loss Prevention (E-DLP)
on Prisma Access
enables you to secure remote networks and users,
and requires an add-on license. To register and activate the
Enterprise DLP
plugin to use with Prisma Access
, complete
one of the following procedures: - To register and activate theEnterprise DLPplugin for a newEnterprise DLPdeployment, follow the procedure in Install the Enterprise DLP Plugin—New Enterprise DLP Deployments.
- To upgrade to theEnterprise DLPplugin for aPrisma Accessdeployment that usesEnterprise DLPonPrisma Access, follow the procedure in Upgrade to the Enterprise DLP Plugin—Existing Enterprise DLP on Prisma Access Deployments.
Preinstallation Requirements
Before you install the
Enterprise DLP
plugin, make sure that your Prisma Access
deployment has the following requirements:- Make sure that you have purchased theEnterprise DLPadd-on license forPrisma Access.You use theEnterprise DLPto activate theEnterprise DLPfunctionality for use withPrisma Access, but it requires anEnterprise DLPadd-on license, which includes the Authorization code (auth code) you need when you activate your license on the Palo Alto Networks Customer Support Portal (CSP).
- On the Panorama appliance that managesPrisma Access, make sure that you have the minimum Panorama, content release versions,Enterprise DLPplugin, andPrisma Accessversions.
- The minimum required Panorama version is 10.0.5.
- The minimum required content version is 8334-6362.
- The minimum requiredEnterprise DLPversion is 1.0.3.
- The minimum requiredPrisma Accessversion is 2.0 Innovation and the minimum Cloud Services plugin version is version 2.0.0.h3-innovation.
If you need to upgrade the Panorama or content release version install the content and software updates on Panorama. - Make sure that you have installed the device certificate on Panorama.
- If you manage on-premises firewalls withPrisma Access, you should install the device certificate for managed firewalls.
- Make sure that yourPrisma Accessdataplane has been upgraded.
Install the Enterprise DLP Plugin—New Enterprise DLP Deployments
Enterprise DLP
Plugin—New Enterprise DLP
DeploymentsAfter you have completed the Preinstallation Steps, complete the
following steps to install the
Enterprise DLP
plugin on Panorama.- From the Panorama that managesPrisma Access, selectand search for the latest version of thePanoramaPluginsEnterprise DLPplugin.Prisma Accessrequires a minimumEnterprise DLPplugin version of 1.0.3.
- DownloadandInstalltheEnterprise DLPplugin on Panorama.
- Commit your changes to Panorama by selectingandCommitCommit to PanoramaCommityour configuration changes.
- (Optional) if your Panorama manages on-premise firewalls as well asPrisma Access, commit and push the changes to your managed firewalls.This step is required forEnterprise DLPdata filtering profile names to appear in Data Filtering logs.
- Selectand Commit your configuration changes.CommitCommit to Panorama
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templatesand clickOK.
- Pushyour configuration changes to your managed firewalls.
Upgrade to the Enterprise DLP Plugin—Existing Enterprise DLP on Prisma Access
Deployments
Enterprise DLP
Plugin—Existing Enterprise DLP
on Prisma Access
DeploymentsIf you have an existing
Enterprise DLP
plugin on Prisma Access
deployment, complete the
following steps.- Make sure that you have completed the following actions before installing theEnterprise DLPplugin:
- You have had yourPrisma Accessto a minimum version of 10.0.To find your dataplane version, selectand view thePanoramaCloud ServicesConfigurationService SetupCurrent Dataplane versionin theDataPlane PAN-OS versionarea. If theDataPlane PAN-OS versionis 10.0 or later, your dataplane is compatible with theEnterprise DLPplugin.If your deployment is a dataplane version that is earlier than 10.0, use this document to register and activateEnterprise DLPonPrisma Access.
- You have upgraded and installed the Cloud Services plugin for yourPrisma Accessrelease, and your plugin version is 2.0 Innovation, 2.1. Innovation, 2.2 Preferred, or a later Preferred or Innovation version.2.0 Preferred and 2.1 PreferredPrisma Accessreleases don’t support using theEnterprise DLPplugin withPrisma Access.
- Install and activate the . Make a note of the following caveats during installation:
- You don’t have to verify that the Panorama andPrisma Accessbelong to the same CSP account; you have already associated the Panorama serial number with the CSP account when you installed .
- You don’t have to activate theEnterprise DLPplugin onPrisma Access. However, if you have managed firewalls, you should complete the steps to enter the auth code for the target managed firewalls.
- (Optional) If you have existing data patterns and data filtering profiles that you use forEnterprise DLPonPrisma Access, verify that the installation process completed successfully by checking that the data patterns and data filtering profiles moved to the following locations in Panorama:
- Data patterns move fromtoObjectsCustom ObjectsData Patterns.ObjectsDLPData Filtering Patterns
- Data filtering profiles move fromtoObjectsSecurity ProfilesData Filtering.ObjectsDLPData Filtering Profiles