Web Form Data Inspection for Enterprise Data Loss Prevention
Table of Contents
10.2
Expand all | Collapse all
-
- CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall on AWS EKS
- DPDK Support for CN-Series Firewall
- Daemonset(vWire) IPv6 Support
- Panorama Plugin for Kubernetes 3.0.0
- L3 IPV4 Support for CN-Series
- 47 Dataplane Cores Support for VM-Series and CN-Series Firewalls
- Memory Scaling of the VM-Series Firewall
Web Form Data Inspection for Enterprise Data Loss Prevention
Inspect non-file based traffic for sensitive data when using Enterprise data loss
prevention (DLP).
Enterprise Data Loss Prevention (DLP) now supports inspection of non-file format traffic to
prevent exfiltration of sensitive information in data exchanged in collaboration
applications, web forms, Cloud applications, custom applications, and social media.
Managed firewalls using Enterprise DLP send all non-file based traffic that match data filtering
profile criteria to the DLP cloud service to render a verdict. However, use URL
categories and application filters to determine which application traffic is
excluded from inspection. Enterprise DLP includes a predefined
DLP App
Exclusion Filter
filter containing common applications that can’t
be inspected or don’t require inspection. You can use the predefined application
filter or create a custom application filter to specify applications to exclude from
inspection. You can modify existing data filtering profiles to scan both file based
and non-file based traffic. Inspection of non-file based traffic is supported on
Panorama, Prisma Access (Panorama Managed), and
Prisma Access (Cloud Managed).Enterprise
DLP supports inspection of non-file based traffic of sensitive data
for the following HTTP content types:
- JSON
- URL encoded form
- Multipurpose Internet Mail Extensions (MIME)
Web form inspection for non-file based traffic is supported only for the HTTP/1.x network
protocol. Web form inspection for non-file based traffic isn’t supported for the
HTTP/2 network protocol.
The
steps below describe how to configure web form inspection Enterprise
DLP on Panorama and Prisma Access (Panorama Managed).
- (Optional) Create a custom URL category for URL or domain traffic you don’t want to send to the DLP cloud service for inspection.
- (Optional) Create a custom application filter for application traffic that you don’t want to send to the DLP cloud service for inspection.
- SelectandObjectsApplication FiltersAdda new application filter.You can also select andClonethe predefinedDLP App Exclusion Filterto create a custom application filter.
- Check (enabled)Shared.
- Configure the application filter as needed.See Create an Application Filter for more information.
- ClickOK.
- SelectCommitandCommit to Panorama.
- Create a data filtering profile to inspect non-file based traffic.See Create a Data Filtering Profile on Panorama for additional details on creating a data filtering profile.
- SelectandObjectsDLPData Filtering ProfileAdda data filtering profile.
- Enter descriptiveNamefor the data filtering profile.
- For Non File Based, selectYes.
- Enable (check)Shared.
- AddthePrimary PatternandSecondary Patternmatch criteria as needed.
- (Optional) SelectURL CategoryandAdda URL category to exclude from inspection.
- SelectApplication ListandAddan application list to exclude from inspection.At least one application filter is required to successfully create a data filtering profile for non-file based traffic.
- Configure theAction.
- Configure theLog Severity.
- ClickOK.
- Attach the data filtering profile to a Security policy rule.
- Selectand specify thePoliciesSecurityDevice Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- SelectActionsand set theProfile TypetoProfiles.
- Select theData Filteringprofile that you created previously.
- ClickOKto save your policy rule.
- Commit and push your configuration changes to your managed firewalls that are using Enterprise DLP.TheCommit and Pushcommand isn’t recommended for Enterprise DLP configuration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- SelectandCommitCommit to PanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are using Enterprise DLP.