Edit the Enterprise DLP Data Filtering Settings on Strata Cloud Manager
Focus
Focus
Enterprise DLP

Edit the Enterprise DLP Data Filtering Settings on Strata Cloud Manager

Table of Contents


Edit the Enterprise DLP Data Filtering Settings on Strata Cloud Manager

Edit the Enterprise Data Loss Prevention (E-DLP) data filtering settings for Prisma Access (Managed by Strata Cloud Manager) and NGFW (Managed by Strata Cloud Manager).
  1. Log in to Strata Cloud Manager.
  2. Select ManageConfigurationData Loss PreventionSettingsData Transfer and edit the Data Transfer settings.
  3. Configure the File Based Settings.
    You can configure any of these settings as needed. You must Save any changes to your file based settings for them to take effect and be enforced.
    • File Movement Max Latency (sec)—Maximum allowed time it takes for the enforcement point to forward a file to Enterprise DLP for inspection.
      For inspection of files greater than 20 MB, Palo Alto Networks recommends setting the max latency to greater than 60 seconds.
    • Action When Max Latency is Reached —Action the enforcement point takes if Enterprise DLP can't inspect and render a verdict on traffic matches because the time it takes to forward a file to Enterprise DLP exceeds the File Movement Max Latency (sec) setting.
      Supported actions are Allow (default) or Block.
    • Scan Limit Max File Size for Alert (MB)—Enforce a maximum file size for files forwarded to Enterprise DLP when a traffic matches a DLP rule configured to Alert.
    • Scan Limit Max File Size for Block (MB)—Enforce a maximum file size for files forwarded to Enterprise DLP when a traffic matches a DLP rule configured to Block.
    • Action on Max File Size—Action the enforcement point takes if Enterprise DLP can't inspect and render a verdict on traffic matches because the inspected file size exceeds the Scan Limit Max File Size for Alert (MB) or Scan Limit Max File Size for Block (MB) settings.
      Supported actions are Allow (default) or Block.
    • Log Files Not Scanned—Check (enable) to generate a DLP incident when Enterprise DLP can't inspect a forwarded file for any reason.
    • Action When Scanning Error Occurred—Action the enforcement point takes when Enterprise DLP encounters any errors inspecting a forwarded file that prevents rendering a verdict.
      Supported actions are Allow (default) or Block.
  4. Edit the Non-File Based Settings.
    You can configure any of these settings as needed. You must Save any changes to your non-file based settings for them to take effect and be enforced.
    • Enable non-file based DLP—Enable this setting to prevent exfiltration of sensitive data in non-file format traffic for collaboration apps, web forms, cloud and SaaS apps, and social media on your network.
      You must enable this setting for Enterprise DLP to scan non-file based traffic and enforce all non-file based settings.
    • Max Latency (sec)—Maximum allowed time it takes for the enforcement point to forward non-file traffic to Enterprise DLP for inspection.
    • Action on Max Latency—Action the enforcement point takes if Enterprise DLP can't inspect and render a verdict on traffic matches because the time it takes to forward non-file traffic to Enterprise DLP exceeds the Max Latency (sec) setting.
      Supported actions are Allow (default) or Block.
    • Min Data Size (B)—Enforce a minimum data size for non-file traffic forwarded to Enterprise DLP.
      Enterprise DLP supports a minimum non-file traffic data size of 250 - 4000 bytes.
    • Max Data Size (KB)—Enforce a maximum data size for non-file traffic forwarded to Enterprise DLP.
      Enterprise DLP supports a maximum non-file traffic data size of 1-500 KB.
    • Action on Data Size—Action the enforcement point takes if Enterprise DLP can't inspect and render a verdict on traffic matches because the inspected non-file traffic exceeds the Max Data Size (KB) setting.
      Supported actions are Allow (default) or Block.
    • Log Files Not Scanned—Check (enable) to generate a DLP incident when Enterprise DLP can't inspect forwarded non-file traffic for any reason.
  5. In the DLP Settings, configure the Action on any Error to specify the action the NGFW or Prisma Access tenant takes when any kind of error occurs that prevents Enterprise DLP from inspecting forwarded file or non-file traffic and rendering a verdict.
    Select Allow to allow the file or non-file traffic to continue to the intended destination when Enterprise DLP encounters an error or select Block to block the file or non-file traffic. This includes when the NGFW or Prisma Access tenant encounter file or non-file traffic smaller than the configured Min Data Size (B) (non-file), and the Action on Max File Size (file) and Max Data Size (KB) (non-file).
    Save.
  6. Push your data filtering settings.
    1. Push Config and Push.
    2. Select (enable) Remote Networks and Mobile Users.
    3. Push.