: Install the Enterprise DLP Plugin on Panorama
Focus
Focus

Install the Enterprise DLP Plugin on Panorama

Table of Contents

Install the Enterprise DLP Plugin on Panorama

Install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and managed firewalls.
To install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and managed firewalls, first download the plugin from the Palo Alto Networks Customer Support Portal, upload the plugin to Panorama, and then install it. You must install the plugin on Panorama and your managed firewalls before you can use
Enterprise DLP
.
Your existing data patterns (
Objects
Custom Objects
Data Patterns
) and data filtering profiles (
Objects
Security Profiles
Data Filtering
) are automatically hidden after you successfully install the
Enterprise DLP
plugin on your Panorama management server. To display your existing data patterns and filtering profiles when you need to reference them, you can temporarily Enable Existing Data Patterns and Filtering Profiles.
  1. (
    Best Practices
    ) Before you install the plugin and activate your
    Enterprise DLP
    license, select
    Assets
    Devices
    to locate your Panorama management server and your managed firewalls to verify that they all belong to the same CSP account.
    Panorama and any managed firewalls on which you want to use
    Enterprise DLP
    must belong to the same CSP account, which enables you to share data profiles and maintain consistent Security policy rule enforcement.
  2. The device certificate is required for all managed firewalls using
    Enterprise DLP
    .
  3. Install the plugin on Panorama.
    1. Select
      Panorama
      Plugins
      and search for the latest version of the
      Enterprise DLP
      plugin.
    2. Download
      and
      Install
      the
      Enterprise DLP
      plugin on Panorama.
  4. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    1. Select
      Commit
      Commit to Panorama
      and
      Commit
      .
    2. Select
      Commit
      Push to Devices
      and
      Edit Selections
      .
    3. Select
      Device Groups
      and
      Include Device and Network Templates
      .
    4. Click
      OK
      .
    5. Push
      your configuration changes to your managed firewalls that are using
      Enterprise DLP
      .
  5. Activate your
    Enterprise DLP
    license on the Palo Alto Networks Customer Support Portal (CSP).
    Repeat this step for all managed firewalls using
    Enterprise DLP
    .
    1. Log in to the Palo Alto Networks Customer Support Portal.
    2. Select
      Assets
      Devices
      and edit ( in the Actions column) the appropriate asset.
    3. In the Device Licenses window,
      Activate Auth-Code
      and then enter the
      Authorization Code
      (auth code).
      The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of the
      Enterprise DLP
      plugin license.
    4. Agree and Submit
      your auth code .
  6. (
    Optional
    ) Create a Palo Alto Networks Support ticket to enable your
    Enterprise DLP
    license to transfer between firewalls.
    Requesting that the
    Enterprise DLP
    license is transferable enables you to transfer your DLP license to other managed firewalls.
    In the support ticket, include the following information:
    • The request for a firewall transfer for the
      Enterprise DLP
      license.
    • Your CSP account ID and the email associated with your CSP account.
    • The managed firewall serial number. If you activated the
      Enterprise DLP
      license on multiple managed firewalls, include the serial numbers for all the managed firewalls in a single support ticket.
    • The auth codes used to activate the
      Enterprise DLP
      license on your managed firewalls.
    • Also provide the CSP account ID with which additional managed firewalls are associated if you have managed firewalls that belong to a different CSP account.
  7. Activate the
    Enterprise DLP
    plugin on your managed firewalls.
    1. Select
      Panorama
      Device Deployment
      License
      and
      Activate
      the
      Enterprise DLP
      plugin.
    2. Enter the
      Auth Code
      for the target managed firewalls.
      The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of the
      Enterprise DLP
      plugin license.
    3. Activate
      the
      Enterprise DLP
      plugin license on your managed firewalls.
  8. Select
    Objects
    DLP
    Data Filtering Profiles
    and verify that the predefined data filtering profiles are displayed.
    Panorama is automatically populated with predefined data filtering profiles when the Panorama management server successfully connects to the DLP cloud service.
  9. Verify that the
    Enterprise DLP
    license is successfully activated on your managed firewalls.
    1. Select
      Device
      Licenses
      and verify that the license is successfully activated.
  10. After you successfully install the
    Enterprise DLP
    plugin on the Panorama management server, you must create Security policy rules to enable your managed firewalls to leverage .

Recommended For You