Edit the Enterprise DLP Data Filtering Settings
Table of Contents
Edit the Enterprise DLP Data Filtering Settings
Edit the data filtering settings to specify the actions the managed firewall takes on
traffic scanned to the DLP cloud service.
Configure the network settings for files scanned to the
Enterprise Data Loss Prevention (E-DLP)
cloud service
and specify the actions the firewall using Enterprise DLP
takes if the data
filtering settings are exceeded.- Select and select theTemplateassociated with the managed firewalls usingEnterprise DLP.
- Edit the Data Filtering Settings.
- Specify theMax Latency (sec)for a file upload before an action is taken by the firewall.For inspection of files greater than 20 MB, Palo Alto Networks recommends setting the max latency to greater than60seconds.
- Specify theAction on Max Latency(BlockorAllow) the firewall takes if no verdict was received for a file upload due to the upload time exceeding theMax Latency.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block files. This setting doesn’t impactEnterprise DLPdata filtering profiles configured to alert when traffic containing sensitive data is scanned.
- Specify theMax File Size (MB)to enforce a maximum file size for files uploaded to the DLP cloud service for inspection.
- Specify theAction on Max File Size(BlockorAllow) the firewall takes if no verdict was received for a file upload due to the file size being larger than the configuredMax File Size.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block files. This setting doesn’t impactEnterprise DLPdata filtering profiles configured to alert when traffic containing sensitive data is scanned.(DLP 3.0.3 only) Increasing the max file size for the Enterprise DLP data filtering settings to 21 MB or greater when Panorama has the Enterprise DLP 3.0.3 plugin installed is supported only from the Panorama CLI.admin>configureadmin#set template <template_name> config shared dlp-settings max-file-size <1 - 100>Check (enable)Log Files Not Scannedto generate an alert in the data filtering log when a file can’t be scanned to the DLP cloud service.ClickOKto save your configuration changes.
- Edit the Enterprise DLP Action on Error Setting to configure the action the firewall takes if any error is encountered during non-file traffic data upload.
- Commit and push your configuration changes to your managed firewalls usingEnterprise DLP.While a performing aCommit and Pushis supported, it isn’t recommended forEnterprise DLPconfiguration changes and requires you to manually select the impacted templates and managed firewalls in the Push Scope Selection.
- Select andCommityour configuration changes.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls.