Install the Enterprise DLP Plugin on Panorama
Table of Contents
Install the Enterprise DLP Plugin on Panorama
Install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and
managed firewalls.To install the
Enterprise Data Loss Prevention (E-DLP)
plugin on your Panorama™ management server and managed
firewalls, first download the plugin from the Palo Alto Networks Customer Support
Portal, upload the plugin to Panorama, and then install it. You must install the
plugin on Panorama and your managed firewalls before you can use Enterprise DLP
. Your existing data patterns () and data filtering profiles () are automatically hidden after you successfully install the
Enterprise DLP
plugin on your Panorama management server. To display your
existing data patterns and filtering profiles when you need to reference them,
you can temporarily Enable Existing Data Patterns and Filtering Profiles.- (Best Practices) Before you install the plugin and activate yourEnterprise DLPlicense, select to locate your Panorama management server and your managed firewalls to verify that they all belong to the same CSP account.Panorama and any managed firewalls on which you want to useEnterprise DLPmust belong to the same CSP account, which enables you to share data profiles and maintain consistent Security policy rule enforcement.
- The device certificate is required for all managed firewalls usingEnterprise DLP.
- Install the plugin on Panorama.
- Select and search for the latest version of theEnterprise DLPplugin.
- DownloadandInstalltheEnterprise DLPplugin on Panorama.
- Commit and push the new configuration to your managed firewalls to complete theEnterprise DLPplugin installation.This step is required forEnterprise DLPdata filtering profile names to appear in Data Filtering logs.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Select andCommit.
- Select andEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Activate yourEnterprise DLPlicense on the Palo Alto Networks Customer Support Portal (CSP).Repeat this step for all managed firewalls usingEnterprise DLP.
- Log in to the Palo Alto Networks Customer Support Portal.
- Select and edit (
in the Actions column) the
appropriate asset. - In the Device Licenses window,Activate Auth-Codeand then enter theAuthorization Code(auth code).The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of theEnterprise DLPplugin license.
- Agree and Submityour auth code .
- (Optional) Create a Palo Alto Networks Support ticket to enable yourEnterprise DLPlicense to transfer between firewalls.Requesting that theEnterprise DLPlicense is transferable enables you to transfer your DLP license to other managed firewalls.In the support ticket, include the following information:
- The request for a firewall transfer for theEnterprise DLPlicense.
- Your CSP account ID and the email associated with your CSP account.
- The managed firewall serial number. If you activated theEnterprise DLPlicense on multiple managed firewalls, include the serial numbers for all the managed firewalls in a single support ticket.
- The auth codes used to activate theEnterprise DLPlicense on your managed firewalls.
- Also provide the CSP account ID with which additional managed firewalls are associated if you have managed firewalls that belong to a different CSP account.
- Activate theEnterprise DLPplugin on your managed firewalls.
- Select andActivatetheEnterprise DLPplugin.
- Enter theAuth Codefor the target managed firewalls.The auth code is automatically provided to you by Palo Alto Networks in an email after you complete your purchase of theEnterprise DLPplugin license.
- ActivatetheEnterprise DLPplugin license on your managed firewalls.
- Select and verify that the predefined data filtering profiles are displayed.Panorama is automatically populated with predefined data filtering profiles when the Panorama management server successfully connects to the DLP cloud service.
- Verify that theEnterprise DLPlicense is successfully activated on your managed firewalls.
- Select and verify that the license is successfully activated.
- After you successfully install theEnterprise DLPplugin on the Panorama management server, you must create Security policy rules to enable your managed firewalls to leverage .