On rare occasions, you are unable to reset theEnterprise DLP plugin from the Panorama™ management server CLI and receive the following error:

On the Panorama™ management server, Enterprise DLP might fail to delete a data pattern (ObjectsDLPData Filtering Pattern).

The Panorama™ management server might fail to synchronize some data profiles created on Strata Cloud Manager and displays the following error:

On the Panorama management server, the web interface becomes unresponsive when editing large data profiles (ObjectsDLPData Filtering Profiles).

On the Panorama management server, the Enterprise DLP plugin fails to complete post commit tasks and causes all commits (CommitCommit to Panorama) to get stuck at 99%.

The Panorama management server is unable to a generate report if a data filtering log (MonitorLogsData Filtering) with Report ID of 0 for a DLP incident. A DLP Incident has a Report ID of 0 if the DLP cloud service was unable to scan the file.

The Panorama management server is unable to synchronize new data profiles (ObjectsDLPData Filtering Profiles) from the DLP cloud service.

On the Panorama management server, the list of predefined URL categories are not displayed for a data profile configured for non-file inspection (ObjectsDLPData Filtering Profiles<select a data profile>URL Category List Excluded From).

On the Panorama management server, Enterprise Data Loss Prevention (E-DLP) allows you to create multiple data filtering profiles (ObjectsDLPData Filtering Profiles) with the same Name.

On the Panorama management server, an outdated default DLP block response page is displayed when traffic matches a data filtering profile with the Action set to Block when leveraging Enterprise DLP.

After you upgrade the Panorama management server and managed firewalls leveraging Enterprise DLP from PAN-OS 10.1.7 to PAN-OS 11.0, data filtering logs (MonitorLogsData Filtering) display DLP Skipped; possible config er as the Reason for Action despite the firewall taking the correct action for matched traffic.

The DLP plugin install or uninstall fails if the local administrator account does not exist.

On a multi-vsys managed firewall managed, the Shared URL Category (ObjectsCustom ObjectsURL Category) pushed from the Panorama management server to multiple vsys of the multi-vsys firewall do not successfully match beyond vsys1.

Renaming an existing data profile on the DLP app on the hub creates an entirely new data filtering profile (ObjectsDLPData Filtering Profiles) on the Panorama management server.

Creating a new data profile from the Panorama management server CLI fails.

Workaround: Create a new data profile from the Panorama web interface.

On the Panorama management server, the Secondary Pattern for a data filtering profile (ObjectsDLPData Filtering Profiles) is not displayed for the data filtering profile is successfully created and pushed to managed firewalls.

Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the Enterprise DLP data filtering profiles (ObjectsDLPData Filtering Profiles) or Enterprise DLP Settings (DeviceSetupDLP), and cannot be overridden locally on the firewall.

On the Panorama management server, you cannot create an admin role (PanoramaAdmin Roles) to control access to Enterprise Data Loss Prevention (DLP) filtering settings and snippet configuration (DeviceSetupDLP).

For multi-vsys firewalls, the DLP cloud service continues to exclude an application added to a Shared application group (ObjectsApplication Groups) or a Shared application filter (ObjectsApplication Filters) from non-file traffic inspection when removed from the application group or filter that was added to the App Exclusion List (ObjectsDLPData Filtering Profiles).

Workaround: Create a new Shared application group or filter if you need to remove an application. Alternatively, you can restart the managed firewall each time you push an updated Shared application group or filter to a multi-vsys firewall.

On the Panorama management server, the on device help for data filtering profiles (ObjectsDLPData Filtering ProfilesAdd) and data filtering patterns ObjectsDLPData Filtering PatternsAdd) do not display correctly.

Enterprise Data Loss Prevention (DLP) data filtering profiles (ObjectsDLPData Filtering Profiles) names do not display in Data Filtering logs (MonitorLogsData Filtering) until a commit is performed on firewalls leveraging Enterprise DLP after you successfully install the Enterprise DLP plugin.

Enterprise Data Loss Prevention (DLP) data profile Thread ID/Name filter is not available when you configure a custom report (ManageManage Custom Reports) on the Panorama management server or locally on a firewall leveraging Enterprise DLP.

On the Panorama management server, custom data profiles (ObjectsDLPData Filtering Profiles) are not synchronized to the DLP cloud service if you have an active CASB-X license. This prevents you being able to associate the data profile with a Security policy rule and displays the error Data Profile does not exist.

Workaround: Contact Palo Alto Networks Support to restore synchronization functionality between the DLP cloud service and Panorama.