Align Data Filtering with a DLP Solution
If you are using a DLP solution to add file properties to documents in order to mark those documents as confidential, you can use the new built-in file property settings to configure the firewall to block those confidential documents from leaving your network.
Take the following steps to use the new settings to enable data filtering based on file properties (previous release versions required you to create regular expression data patterns to enable the same functionality).
- Define a new data pattern object
to detect file properties.
- Select ObjectsCustom ObjectsData Patterns and Add a new object.
- Set the Pattern Type to File Properties.
- Add a new rule to the data pattern object, and give that rule a descriptive Name.
- Select the File Type and based on the file type you choose, also select the File Property that you want scan for a specific value.
- Enter the specific Property Value that you want the firewall to detect.
- Click OK to save the data pattern.
- Add the
data pattern object to a data filtering profile.
- Select ObjectsSecurity ProfilesData Filtering and Add or modify a data filtering profile.
- Add a new profile rule and select the Data Pattern you created in step 1.
- Specify Applications, File
Types, and what Direction of
traffic (upload or download) you want to filter based on the data
pattern.The file type you select must be the same file type you defined for the data pattern in step 1, or it must be a file type that includes the data pattern file type. For example, you could define both the data pattern object and the data filtering profile to scan all Microsoft Office documents. Or, you could define the data pattern object to match to only Microsoft PowerPoint Presentations, while the data filtering profile scans all Microsoft Office documents.If a data pattern object is attached to a data filtering profile and the configured file types do not align between the two, the profile will not correctly filter documents matched to the data pattern object.
- Set the Alert Threshold to specify the number of times the data pattern must be detected in a file to trigger an alert.
- Set the Block Threshold to block files that contain at least this many instances of the data pattern.
- Set the Log Severity recorded for files that match this rule.
- Click OK to save the data filtering profile.
- Apply the data filtering settings to traffic.
- Select PoliciesSecurity and Add or modify a security policy rule.
- Select Actions and set the Profile Type to Profiles.
- Attach the Data Filtering profile you created in step 2 to the security policy rule.
- Click OK.
- (Recommended) Prevent web browsers from resuming
sessions that the firewall has terminated.This option ensures that when the firewall detects and then drops a sensitive file, a web browser cannot resume the session in an attempt to retrieve the file.
- Select DeviceSetupContent-ID and edit Content-ID Settings.
- Clear the Allow HTTP header range option.
- Click OK.
- Monitor files that the firewall is filtering.Select MonitorData Filtering to view the files that the firewall has detected and blocked based on your data filtering settings.
Set Up Data Filtering
Set Up Data Filtering Use Data Filtering Profiles to prevent sensitive, confidential, and proprietary information from leaving your network. First, create a data pattern to ...
Data Pattern Settings
Data Pattern Settings Select Objects Custom Objects Data Patterns to define the categories of sensitive information that you may want to filter. For information on ...
Data Filtering Support for Data Loss Prevention (DLP) Solutions
Data Filtering Support for Data Loss Prevention (DLP) Solutions Data filtering is enhanced to work with third-party, endpoint DLP solutions that populate file properties to ...
Objects > Security Profiles > Data Filtering
Objects > Security Profiles > Data Filtering Data filtering enables the firewall to detect sensitive information—such as credit card or social security numbers or internal ...
First Look at New and Updated Data Filtering Options
First Look at New and Updated Data Filtering Options In previous release versions, a single data pattern object could contain different types of data patterns, ...
Security Profiles While security policy rules enable you to allow or block traffic on your network, security profiles help you define an allow but scan ...
Content Inspection Features
Content Inspection Features New Content Inspection Features Description Credential Phishing Prevention Phishing sites are sites that attackers disguise as legitimate websites with the aim to ...
How to Create Data Center Best Practice Security Profiles
Use Security Profiles to protect against vulnerabilities, spyware, viruses, bad file types, and unknown threats. ...
Content Inspection Changes
Content Inspection Changes PAN-OS® 8.0 has the following changes in default behavior for content inspection features: Feature Change TCP settings The defaults for the following ...