Edit the Enterprise DLP Non-File Data Filtering Settings
Edit the non-file data filtering settings to specify the actions the managed firewall
takes on non-file based data scanned to the DLP cloud service.
Configure the network settings for non-file based traffic scanned to the
Enterprise data loss prevention (DLP)
cloud service and specify the actions the firewall using
Enterprise DLP
takes. Editing the Enterprise DLP
non-file data
filtering settings is supported on the Panorama™ management server running PAN-OS
10.2.1 or later release with Panorama plugin for Enterprise DLP
3.0.1 or later
release.- Select and select theTemplateassociated with the managed firewalls usingEnterprise DLP.
- Edit the Non-File Data Filtering Settings.
- Verify thatEnable Non File DLPis checked (enabled).Non-File DLP is enabled by default when you install Panorama plugin forEnterprise DLP3.0.1.
- Specify theMax Latency (sec)to configure the allowable time for non-file data uploads to determine the allowable time before an action is taken by the firewall.
- Specify theAction on Max Latency(AlloworBlock) the firewall takes if no verdict was received for a non-file traffic data upload due to the upload time exceeding the configuredMax Latency.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block non-file data. This setting doesn’t impactEnterprise DLPfiltering profiles configured to alert when traffic containing sensitive data is scanned.
- Specify theMin Data Size (B)to enforce a minimum size for non-file data to be scanned by the DLP cloud service.
- Specify theMax Data Size (KB)to enforce a maximum size for non-file data to be scanned by the DLP cloud service.
- Specify theAction on Data File Size(AlloworBlock) the firewall takes if no verdict was received for a non-file traffic data upload due to the traffic data size being larger than the configuredMax Data Size.SelectingBlockapplies only to Enterprise DLP data filtering profiles configured to block non-file data. This setting doesn’t impactEnterprise DLPdata filtering profiles configured to alert when traffic containing sensitive data is scanned.
- Check (enable)Log Data Not Scannedto generate an alert in the data filtering log when non-file data can’t be scanned by the DLP cloud service.
- ClickOKto save your configuration changes.
- Edit the Enterprise DLP Action on Error Setting to configure the action the firewall takes if any error is encountered during non-file traffic data upload.
- Commit and push your configuration changes to your managed firewalls usingEnterprise DLP.While a performing aCommit and Pushis supported, it isn’t recommended forEnterprise DLPconfiguration changes and requires you to manually select the impacted templates and managed firewalls in the Push Scope Selection.
- Select andCommityour configuration changes.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls.
