Edit the Enterprise DLP Non-File Data Filtering Settings
Edit the Enterprise Data Loss Prevention (DLP) non-file data filtering settings to
specify the actions the managed firewall takes on non-file based data scanned to the DLP
cloud service.
Configure the network settings for non-file based traffic scanned to the Enterprise
data loss prevention (DLP) cloud service and specify the actions the firewall
leveraging Enterprise DLP takes. Editing the Enterprise DLP non-file data filtering
settings is supported on the Panorama™ management server running PAN-OS 10.2.1 or
later release with Panorama plugin for Enterprise DLP 3.0.1 or later release.
- Select and select theTemplateassociated with the managed firewalls leveraging Enterprise DLP.
- Edit the Non-File Data Filtering Settings
- Verify thatEnable Non File DLPis checked (enabled).Non-File DLP is enabled by default when you install Panorama plugin for Enterprise DLP 3.0.1.
- Specify theMax Latency (sec)to configure the allowable time for non-file data upload to determine the allowable time before an action is taken by the firewall.
- Specify theAction on Max Latency(AlloworBlock) the firewall takes if no verdict was received for a non-file traffic data upload due to the upload time exceeding the configuredMax Latency.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block non-file data. This setting does not impact Enterprise DLP filtering profiles configured to alert when traffic containing sensitive data is scanned.
- Specify theMin Data Size (B)to enforce a minimum size for non-file data to be scanned by the DLP cloud service .
- Specify theMax Data Size (KB)to enforce a maximum size for non-file data to be scanned by the DLP cloud service.
- Specify theAction on Data File Size(AlloworBlock) the firewall takes if no verdict was received for a non-file traffic data upload due to the traffic data size being larger than the configuredMax Data Size.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block non-file data. This setting does not impact Enterprise DLP filtering profiles configured to alert when traffic containing sensitive data is scanned.
- Check (enable)Log Data Not Scannedto generate an alert in the data filtering log when non-file data cannot be scanned by the DLP cloud service.
- ClickOKto save your configuration changes.
- Edit the Enterprise DLP Action on Error Setting to configure the action the firewall takes if any error is encountered during non-file traffic data upload.
- Commit and push your configuration changes to your managed firewalls leveraging Enterprise DLP.While a performing aCommit and Pushis supported, it is not recommended for Enterprise DLP configuration changes and requires you to manually select the impacted templates and managed firewalls in the Push Scope Selection.
- Select andCommityour configuration changes.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls.
