Install the Enterprise DLP Plugin on Panorama
Table of Contents
Expand all | Collapse all
-
- Register and Activate Enterprise DLP on Prisma Access (Panorama Managed)
- Edit the Enterprise DLP Snippet Settings on the DLP App
- Enable Role Based Access to Enterprise DLP on Cloud Management
- Enable Optical Character Recognition on Cloud Management
- Enable Optical Character Recognition for Enterprise DLP
-
-
- Create a Data Profile on the DLP App
- Create a Data Profile with EDM Data Sets on the DLP App
- Create a Data Profile with Data Patterns and EDM Data Sets on the DLP App
- Create a Data Profile with Nested Data Profiles on the DLP App
- Create a Data Profile on Cloud Management
- Create a Data Profile with EDM Data Sets on Cloud Management
- Create a Data Profile with Data Patterns and EDM Data Sets on Cloud Management
- Create a Data Profile with Nested Data Profiles on Cloud Management
- Create a Data Filtering Profile on Panorama
- Create a Data Filtering Profile on Panorama for Non-File Detection
- Update a Data Profile on the DLP App
- Update a Data Profile on Cloud Management
- Update a Data Filtering Profile on Panorama
- Enable Existing Data Patterns and Filtering Profiles
-
- How Does Email DLP Work?
- Activate Email DLP
- Add an Enterprise DLP Email Policy
- Review Email DLP Incidents
-
- Monitor DLP Status with the DLP Health and Telemetry App
- View Enterprise DLP Log Details on the DLP App
- Manage Enterprise DLP Incidents on the DLP App
- View Enterprise DLP Audit Logs on the DLP App
- View Enterprise DLP Log Details on Cloud Management
- Manage Enterprise DLP Incidents on Cloud Management
- View Enterprise DLP Audit Logs on Cloud Management
- View Enterprise DLP Log Details on Panorama
Install the Enterprise DLP Plugin on Panorama
Install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and
managed firewalls.To install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and managed
firewalls, first download the plugin from the Palo Alto Networks Customer Support
Portal, upload the plugin to Panorama, and then install it. You must install the
plugin on Panorama and your managed firewalls before you can use Enterprise DLP
. Your existing data patterns () and data filtering profiles () are automatically hidden after you successfully install the
Objects
Custom Objects
Data Patterns
Objects
Security Profiles
Data Filtering
Enterprise DLP
plugin on your Panorama management server. To display your
existing data patterns and filtering profiles when you need to reference them,
you can temporarily Enable Existing Data Patterns and Filtering Profiles.- (Best Practices) Before you install the plugin and activate yourEnterprise DLPlicense, selectto locate your Panorama management server and your managed firewalls to verify that they all belong to the same CSP account.AssetsDevicesPanorama and any managed firewalls on which you want to useEnterprise DLPmust belong to the same CSP account, which enables you to share data profiles and maintain consistent Security policy rule enforcement.
- The device certificate is required for all managed firewalls usingEnterprise DLP.
- Install the plugin on Panorama.
- Selectand search for the latest version of thePanoramaPluginsEnterprise DLPplugin.
- DownloadandInstalltheEnterprise DLPplugin on Panorama.
- Commit and push the new configuration to your managed firewalls to complete theEnterprise DLPplugin installation.This step is required forEnterprise DLPdata filtering profile names to appear in Data Filtering logs.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Activate yourEnterprise DLPlicense on the Palo Alto Networks Customer Support Portal (CSP).Repeat this step for all managed firewalls usingEnterprise DLP.
- Log in to the Palo Alto Networks Customer Support Portal.
- Selectand edit (AssetsDevices
in the Actions column) the appropriate asset.
- In the Device Licenses window,Activate Auth-Codeand then enter theAuthorization Code(auth code).The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of theEnterprise DLPplugin license.
- Agree and Submityour auth code .
- (Optional) Create a Palo Alto Networks Support ticket to enable yourEnterprise DLPlicense to transfer between firewalls.Requesting that theEnterprise DLPlicense is transferable enables you to transfer your DLP license to other managed firewalls.In the support ticket, include the following information:
- The request for a firewall transfer for theEnterprise DLPlicense.
- Your CSP account ID and the email associated with your CSP account.
- The managed firewall serial number. If you activated theEnterprise DLPlicense on multiple managed firewalls, include the serial numbers for all the managed firewalls in a single support ticket.
- The auth codes used to activate theEnterprise DLPlicense on your managed firewalls.
- Also provide the CSP account ID with which additional managed firewalls are associated if you have managed firewalls that belong to a different CSP account.
- Activate theEnterprise DLPplugin on your managed firewalls.
- SelectandPanoramaDevice DeploymentLicenseActivatetheEnterprise DLPplugin.
- Enter theAuth Codefor the target managed firewalls.The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of theEnterprise DLPplugin license.
- ActivatetheEnterprise DLPplugin license on your managed firewalls.
- Selectand verify that the predefined data filtering profiles are displayed.ObjectsDLPData Filtering ProfilesPanorama is automatically populated with predefined data filtering profiles when the Panorama management server successfully connects to the DLP cloud service.
- Verify that theEnterprise DLPlicense is successfully activated on your managed firewalls.
- Selectand verify that the license is successfully activated.DeviceLicenses
- After you successfully install theEnterprise DLPplugin on the Panorama management server, you must create Security policy rules to enable your managed firewalls to leverage .