Known Issues in Enterprise DLP Plugin 6.0.1
Focus
Focus
Enterprise DLP

Known Issues in Enterprise DLP Plugin 6.0.1

Table of Contents

Known Issues in Enterprise DLP Plugin 6.0.1

Known issues in Enterprise Data Loss Prevention (E-DLP) plugin 6.0.1.

PLUG-21209

This issue is addressed in Enterprise DLP plugin 5.0.8.
On the Panorama® management server, the Enterprise DLP plugin configuration objects (Objects DLP) display the following error after activating a Trial DLP license for NGFW:
No DLP licenses found on Prisma Access or managed firewalls, to learn how to activate DLP licenses refer to the product documentation

PLUG-21080

On the Panorama® management server, a granular data profile (ObjectsDLPData Filtering Profiles) that includes a child data filtering profile that has File Based set to No and Non-File Based set to Yes encounters the following issues:
  • When adding a new Non-File child data filtering profile to the granular data profile, Panorama returns the following error when you click OK:
    Failed to store "<profile name>" in the config due to "None"
  • When adding a child data profile that has File Based set to Yes and Non-File Based set to Yes, Panorama appears to successfully create or update the granular data profile but the commit fails with the following error:
    Update profile error dlp_dss_comm.update_profile_rule failed: ["In details array object number 1 field direction is empty or null allowed values are both,c2s,s2c"], unable to add profile '<profile name>'
Workaround: Only create and add a child data profiles that have both File Based and Non-File Based set to Yes to a granular data profile.

PLUG-19290

On the Panorama® management server, you can't change the File Mode setting to Exclude if you clone a granular data profile (ObjectsDLPData Filtering Profiles) that has File Mode set to Include.

PLUG-16720

On the Panorama® management server, Enterprise DLP erroneously allows you to add a Secondary Pattern to a granular data filtering profile (ObjectsData Filtering Profiles) even though they are not supported. The following error displays when you attempt to add a data filtering profile as a Secondary Pattern.
Error occurred : str' object has no attribute 'update_json_query'

PLUG-6145

On the Panorama management server, you cannot create an admin role (PanoramaAdmin Roles) to control access to Enterprise Data Loss Prevention (DLP) filtering settings and snippet configuration (DeviceSetupDLP).

PAN-144897

Enterprise Data Loss Prevention (DLP) data profile Thread ID/Name filter is not available when you configure a custom report (ManageManage Custom Reports) on the Panorama management server or locally on a firewall leveraging Enterprise DLP.

DSS-17763

On the Panorama management server, custom data profiles (ObjectsDLPData Filtering Profiles) are not synchronized to the DLP cloud service if you have an active CASB-X license. This prevents you being able to associate the data profile with a Security policy rule and displays the error Data Profile does not exist.
Workaround: Contact Palo Alto Networks Support to restore synchronization functionality between the DLP cloud service and Panorama.