Register and Activate Enterprise DLP on Prisma Access (Panorama
Managed)
Complete the task to register and activate Enterprise
DLP on Prisma Access (Panorama Managed).
Data Loss Prevention (DLP) on Prisma Access
enables you to secure remote networks and users, and requires an
add-on license.
To register and the Enterprise DLP plugin
to use with Prisma Access, complete one of the following procedures:
- To register and activate the Enterprise DLP plugin for a new DLP deployment, follow the procedure in Install the Enterprise DLP Plugin—New DLP Deployments.
- To upgrade to the Enterprise DLP plugin for a Prisma Access deployment that uses DLP on Prisma Access, follow the procedure in Upgrade to the Enterprise DLP Plugin—Existing Enterprise DLP on Prisma Access Deployments.
Preinstallation Requirements
Before you install the Enterprise DLP plugin,
make sure that your Prisma Access deployment has the following requirements:
- Make sure that you have purchased the Enterprise DLP add-on license for Prisma Access.You use the Enterprise DLP plugin to activate the DLP functionality for use with Prisma Access, but it requires an Enterprise DLP add-on license, which includes the Authorization code you need when you activate your license on the Palo Alto Networks Customer Support Portal (CSP).
- On the Panorama appliance that manages Prisma Access, make sure that you have the minimum Panorama, content versions, DLP plugin, and Prisma Access versions.
- The minimum required Panorama version is 10.0.5.
- The minimum required content version is 8334-6362.
- The minimum required DLP plugin version is 1.0.3.
- The minimum required Prisma Access version is 2.0 Innovation and the minimum Cloud Services plugin version is version 2.0.0.h3-innovation.
If you need to upgrade the Panorama or content version, install the content and software updates on Panorama. - Make sure that you have installed the device certificate on Panorama.
- If you manage on-premise firewalls with Prisma Access, you should install the device certificate for managed firewalls
- Make sure that your Prisma Access dataplane has been upgraded.
Install the Enterprise DLP Plugin—New DLP Deployments
After you have completed the Preinstallation Steps, complete the following
steps to install the DLP plugin on Panorama.
- From the Panorama that manages Prisma Access, selectand search for the latest version of the DLP plugin.PanoramaPluginsPrisma Access requires a minimum DLP plugin version of 1.0.3.
- DownloadandInstallthe Enterprise DLP plugin on Panorama.
- Commit your changes to Panorama by selectingandCommitCommit to PanoramaCommityour configuration changes.
- (Optional) if your Panorama manages on-premise firewalls as well as Prisma Access, commit and push the changes to your managed firewalls.This step is required in order for Enterprise DLP data filtering profile names to appear in Data Filtering logs.
- Selectand Commit your configuration changes.CommitCommit to Panorama
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templatesand clickOK.
- Pushyour configuration changes to your managed firewalls.
Upgrade to the Enterprise DLP Plugin—Existing Enterprise
DLP on Prisma Access Deployments
If you have an existing DLP on Prisma Access
deployment, complete the following steps.
- Make sure that you have completed the following actions before installing the Enterprise DLP plugin:
- You have had your Prisma Access dataplane upgraded to a minimum version of 10.0.To find your dataplane version, selectand view thePanoramaCloud ServicesConfigurationService SetupCurrent Dataplane versionin theDataPlane PAN-OS versionarea. If theDataPlane PAN-OS versionis 10.0 or later, your dataplane is compatible with the DLP plugin.If your deployment is a dataplane version that is earlier than 10.0, use this document to register and activate Enterprise DLP on Prisma Access.
- You have upgraded and installed the Cloud Services plugin for your Prisma Access release, and your plugin version is 2.0 Innovation, 2.1. Innovation, 2.2 Preferred, or a later Preferred or Innovation version.2.0 Preferred and 2.1 Preferred Prisma Access releases do not support using the DLP plugin with Prisma Access.
- Install and activate the DLP plugin. Make a note of the following caveats during installation:
- You do not have to verify that the Panorama and Prisma Access belong to the same CSP account; you have already associated the Panorama serial number with the CSP account when you installed Prisma Access.
- You do not have to activate the Enterprise DLP plugin on Prisma Access. However, if you have managed firewalls, you should complete the steps to enter the auth code for the target managed firewalls.
- (Optional) If you have existing data patterns and data filtering profiles that you use for Enterprise DLP on Prisma Access, verify that the installation process completed successfully by checking that the data patterns and data filtering profiles moved to the following locations in Panorama:
- Data patterns move fromtoObjectsCustom ObjectsData Patterns.ObjectsDLPData Filtering Patterns
- Data filtering profiles move fromtoObjectsSecurity ProfilesData Filtering.ObjectsDLPData Filtering Profiles
Recommended For You
Recommended Videos
Recommended videos not found.
