Set Up Data Filtering
Use Data Filtering Profiles to prevent sensitive, confidential, and proprietary information from leaving your network. First, create a data pattern to define the information types for which you want the firewall to filter. Predefined patterns and built-in settings make it easy for you to create custom patterns for filtering on social security and credit card numbers or on file properties, such as a document title or author. Continue to add one or more data pattern to a Data Filtering profile and then attach the profile to a Security policy rule to enable data filtering.
If you’re using a third-party, endpoint data loss prevention (DLP) solution that populates file properties to indicate sensitive content, then data filtering enables the firewall to enforce your DLP policy. To secure this confidential data, create a custom data pattern to identify the file properties and values tagged by your DLP solution and then log or block the files that your Data Filtering profile detects based on that pattern.
- Define a new data pattern object
to detect the information you want to filter.
- Select ObjectsCustom ObjectsData Patterns and Add a new object.
- Provide a descriptive Name for the new object.
- (Optional) Select Shared if
you want the data pattern to be available to:
- Every virtual system (vsys) on a multi-vsys firewall—If cleared (disabled), the data pattern is available only to the Virtual System selected in the Objects tab.
- Every device group on Panorama—If cleared (disabled), the data pattern is available only to the Device Group selected in the Objects tab.
- (Optional—Panorama only) Select Disable override to prevent administrators from overriding the settings of this data pattern object in device groups that inherit the object. This selection is cleared by default, which means administrators can override the settings for any device group that inherits the object.
- (Optional—Panorama only) Select Data
Capture to automatically collect the data that is blocked
by the filter.Specify a password for Manage Data Protection on the Settings page to view your captured data (DeviceSetupContent-IDManage Data Protection).
- Set the Pattern Type to one
of the following:
- Predefined—Filter for credit card and social security numbers.
- Regular Expression—Filter for custom data patterns.
- File Properties—Filter based on file properties and the associated values.
- Add a new rule to the data pattern object.
- Specify the data pattern according to the Pattern
Type you selected for this object:
- Predefined—Select the Name: either Credit Card Numbers or Social Security Numbers (with or without dash separator).
- Regular Expression—Specify a descriptive Name, select the File Type (or types) you want to scan, and then enter the specific Data Pattern you want the firewall to detect.
- File Properties—Specify a descriptive Name, select the File Type and File Property you want to scan, and enter the specific Property Value that you want the firewall to detect.
- Click OK to save the data pattern.
- Add the
data pattern object to a data filtering profile.
- Select ObjectsSecurity ProfilesData Filtering and Add or modify a data filtering profile.
- Add a new profile rule and select the Data Pattern you created in Step 1.
- Specify Applications, File
Types, and what Direction of
traffic (upload or download) you want to filter based on the data
pattern.The file type you select must be the same file type you defined for the data pattern in Step 1 or it must be a file type that includes the data pattern file type. For example, you could define both the data pattern object and the data filtering profile to scan all Microsoft Office documents. Or, you could define the data pattern object to match to only Microsoft PowerPoint Presentations while the data filtering profile scan all Microsoft Office documents.If a data pattern object is attached to a data filtering profile and the configured file types do not align between the two, the profile will not correctly filter documents matched to the data pattern object.
- Set the Alert Threshold to specify the number of times the data pattern must be detected in a file to trigger an alert.
- Set the Block Threshold to block files that contain at least this many instances of the data pattern.
- Set the Log Severity recorded for files that match this rule.
- Click OK to save the data filtering profile.
- Apply the data filtering settings to traffic.
- Select PoliciesSecurity and Add or modify a security policy rule.
- Select Actions and set the Profile Type to Profiles.
- Attach the Data Filtering profile you created in Step 2 to the security policy rule.
- Click OK.
- (Recommended) Prevent web browsers from resuming
sessions that the firewall has terminated.This option ensures that when the firewall detects and then drops a sensitive file, a web browser cannot resume the session in an attempt to retrieve the file.
- Select DeviceSetupContent-ID and edit Content-ID Settings.
- Clear the Allow HTTP header range option.
- Click OK.
- Monitor files that the firewall is filtering.Select MonitorData Filtering to view the files that the firewall has detected and blocked based on your data filtering settings.
Data Pattern Settings
Data Pattern Settings Select Objects Custom Objects Data Patterns to define the categories of sensitive information that you may want to filter. For information on ...
Align Data Filtering with a DLP Solution
Align Data Filtering with a DLP Solution If you are using a DLP solution to add file properties to documents in order to mark those ...
Data Filtering Support for Data Loss Prevention (DLP) Solutions
Data Filtering Support for Data Loss Prevention (DLP) Solutions Data filtering is enhanced to work with third-party, endpoint DLP solutions that populate file properties to ...
Objects > Security Profiles > Data Filtering
Objects > Security Profiles > Data Filtering Data filtering enables the firewall to detect sensitive information—such as credit card or social security numbers or internal ...
First Look at New and Updated Data Filtering Options
First Look at New and Updated Data Filtering Options In previous release versions, a single data pattern object could contain different types of data patterns, ...
Security Profiles While security policy rules enable you to allow or block traffic on your network, security profiles help you define an allow but scan ...
Content Inspection Changes
Content Inspection Changes PAN-OS® 8.0 has the following changes in default behavior for content inspection features: Feature Change TCP settings The defaults for the following ...
Data Filtering Logs
Data Filtering Logs Data Filtering logs display entries for the security rules that help prevent sensitive information such as credit card numbers from leaving the ...
Objects > Security Profiles
Objects > Security Profiles Security profiles provide threat protection in Security Policy. Each Security policy rule can include one or more Security Profiles. The following ...