Enable Enterprise DLP on Cloud Management
Enable
Enterprise data loss prevention (DLP)
for Prisma Access
(Cloud Management)
and SaaS Security on Cloud Management
.Enable your
Enterprise data loss prevention (DLP)
license for Prisma Access
(Cloud Management)
and SaaS Security, and
create a decryption policy rule to strip application-layer protocol negotiation
(ALPN) headers from uploaded files. - EnableEnterprise DLP.
- Single Prisma SASE Platform Tenant License ActivationActivate a License for Cloud-Managed Prisma Access Through the Prisma SASE Platform for a single tenant deployment. Follow this procedure to activateEnterprise DLPwhen your tenant has no subtenants or tenant hierarchy of any kind.
- Multitenant Prisma SASE Platform License ActivationActivate a License for Prisma Access Multitenant Through the Prisma SASE Platform to activateEnterprise DLPfor a parent tenant or a subtenant.
- CASB-X Platform License ActivationBy default, theEnterprise DLPlicense is included as part of the CASB-X license. To activateEnterprise DLPfor your CASB-X tenants, you only need to activate CASB-X. There’s no individualEnterprise DLPlicense you need to activate when using CASB-X.To useEnterprise DLPfor a CASB-X tenant, you must Activate a Next Generation CASB License on Cross Platforms (CASB-X) Through the Prisma SASE Platform.
- Verify that the DLP license is active.
- Selectand navigate to the Licenses widget.ManageOverview
- Click the license Quantity and confirm that the Data Loss Prevention license is active.Confirm the Data Loss Prevention license Type displaysPAIDand that an expiration date is displayed.
- Selectand verifyManageConfigurationSecurity ServicesData Loss Preventionis displayed.
- Selectand verifyActivityLogsDLP Incidentsis displayed.
- Create the decryption profile required forEnterprise DLPto inspect traffic.
- SelectandManageConfigurationSecurity ServicesDecryptionAdd Profile.
- Enter a descriptiveNamefor the decryption profile.
- Review the predefined decryption profile settings.The predefined decryption profile settings enableEnterprise DLPto inspect traffic. Modifying the predefined decryption profile settings isn’t required unless you need to enableStrip ALPN.
- (Software Version 10.2.2 or earlier versions) Configure the decryption profile to remove Application-Layer Protocol Negotiation (ALPN) headers from uploaded files.Remove the ALPN headers from files if anyCloud Managementdeployment is running software version 10.2.2 or earlier version. If your entireCloud Managementdeployment is running software version 10.2.3 or later version, stripping ALPN headers isn’t required.A web security admin can also strip ALPN headers in the Web Security decryption settings(and edit the Action Options). Web Security admins don’t need to create a decryption policy rule and can push the setting to Remote Networks and Mobile Users.ManageWeb SecuritySecurity SettingsDecryption
- In the SSL Forward Proxy, clickAdvanced.
- Check (enable)Strip ALPNandSave.
- Savethe Decryption profile group.
- Create a decryption policy rule to decrypt traffic forEnterprise DLPinspection.Cloud Managementincludes the predefinedExclude Microsoft O365 Optimized Endpoints - IPsandExclude Microsoft O365 Optimized Endpoints - URLsdecryption rules that exclude Microsoft Office 365 from decryption.ForEnterprise DLPto successfully inspect traffic for Microsoft Office 365, you must position this new decryption rule before the predefined decryption exclusion rules. Alternatively, you canDisablethese rules orDeletethem.
- SelectandManageConfigurationDecryptionAdd Rule.
- Enter a descriptiveNameand configure the decryption policy rule as needed.
- In the Action and Advanced Inspection section, configure the policy rule toDecrypttraffic that matches this rule.
- For the Type, selectSSL Forward Proxy.
- Select the Decryption Profile you created to strip ALPN headers.
- Savethe decryption policy rule.
- Push your data filtering profile.
- Push ConfigandPush.
- Select (enable)Remote NetworksandMobile Users.
- Push.
Most Popular
Recommended For You
Recommended Videos
Recommended videos not found.