Install the Enterprise DLP Plugin on Panorama
Install the Enterprise DLP (data loss prevention) plugin on your Panorama™ management server and managed firewalls.
To install the Enterprise data loss prevention (DLP) plugin on your Panorama™ management server and managed firewalls, first download the plugin from the Palo Alto Networks Customer Support Portal, upload the plugin to Panorama, and then install it. You must install the plugin on Panorama and your managed firewalls before you can leverage Enterprise DLP.
Your existing data patterns (
) and data filtering profiles (
) are automatically hidden after you successfully install the Enterprise DLP plugin on your Panorama management server. To display your existing data patterns and filtering profiles when you need to reference them, you can temporarily Enable Existing Data Patterns and Filtering Profiles.
- (Best Practices) Before you install the plugin and activate your Enterprise DLP license, selectto locate your Panorama management server and your managed firewalls to verify that they all belong to the same CSP account.AssetsDevicesPanorama and any managed firewalls on which you want to leverage Enterprise DLP must belong to the same CSP account, which enables you to share data profiles and maintain consistent Security policy rule enforcement.
- You must install the device certificate on all your managed firewalls that will leverage Enterprise DLP.
- Install the plugin on Panorama.
- Selectand search for the latest version of the Enterprise DLP plugin.PanoramaPlugins
- DownloadandInstallthe Enterprise DLP plugin on Panorama.
- Commit and push the new configuration to your managed firewalls to complete the Enterprise DLP plugin installation.This step is required for Enterprise DLP data filtering profile names to appear in Data Filtering logs.TheCommit and Pushcommand is not recommended for Enterprise DLP configuration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- Pushyour configuration changes to your managed firewalls that are leveraging Enterprise DLP.
- Activate your Enterprise DLP license on the Palo Alto Networks Customer Support Portal (CSP).Repeat this step for all firewalls that are leveraging Enterprise DLP.
- Log in to the Palo Alto Networks Customer Support Portal.
- Selectand edit ( in the Actions column) the appropriate asset.AssetsDevices
- In the Device Licenses window,Activate Auth-Codeand then enter theAuthorization Code.The authorization code (auth code) is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of the Enterprise DLP plugin license.
- Agree and Submityour authorization code.
- (Optional) Create a Palo Alto Networks Support ticket to enable your Enterprise DLP license to transfer between firewalls.Requesting that the Enterprise DLP license be transferable enables you to transfer your DLP license to other managed firewalls.In the support ticket, include the following information:
- The request for a firewall transfer for the Enterprise DLP license.
- Your CSP account ID and the email associated with your CSP account.
- The managed firewall serial number. If you activated the Enterprise DLP license on multiple managed firewalls, include the serial numbers for all the managed firewalls in a single support ticket.
- The authorization codes used to activate the Enterprise DLP license on your managed firewalls.
- Also provide the CSP account ID with which additional managed firewalls are associated if you have managed firewalls that belong to a different CSP account.
- Activate the Enterprise DLP plugin on your managed firewalls.
- SelectandPanoramaDevice DeploymentLicenseActivatethe Enterprise DLP plugin.
- Enter theAuth Codefor the target managed firewalls.The authorization code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of the Enterprise DLP plugin license.
- Activatethe Enterprise DLP plugin license on your managed firewalls.
- Selectand verify that the predefined data filtering profiles are displayed.ObjectsDLPDLP Data FilteringPanorama is automatically populated with predefined data filtering profiles when the Panorama management server successfully connects to the DLP cloud service.
- Verify that the Enterprise DLP license is successfully activated on your managed firewalls.
- Selectand verify that the license is successfully activated.DeviceLicenses
- After you successfully install the Enterprise DLP plugin on the Panorama management server, you must create Security policy rules to enable your managed firewalls to leverage Enterprise DLP.
Recommended For You
Recommended videos not found.