Create a Classic Data Profile
Focus
Focus
Enterprise DLP

Create a Classic Data Profile

Table of Contents

Create a Classic Data Profile

Create a classic
Enterprise Data Loss Prevention (E-DLP)
data profile that contains predefined, custom regular expression, or file property data patterns.
Where Can I Use This?
What Do I Need?
  • NGFW (Panorama Managed)
  • Prisma Access (Cloud Management)
  • SaaS Security
  • NGFW (Cloud Managed)
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • NGFW (Panorama Managed)
    —Support and
    Panorama
    device management licenses
  • Prisma Access (Cloud Management)
    Prisma Access
    license
  • SaaS Security
    SaaS Security
    license
  • NGFW (Cloud Managed)
    —Support and
    AIOps for NGFW Premium
    licenses
Or any of the following licenses that include the
Enterprise DLP
license
  • Prisma Access
    CASB license
  • Next-Generation CASB for Prisma Access and NGFW (CASB-X)
    license
  • Data Security
    license
After you create a data pattern, you need to create a data profile to add those data patterns and specify matches and confidence levels. All data profiles you create are shared across
Panorama™ management server
and
Strata Cloud Manager
deployments associated with the tenant. All classic data profiles created on
Panorama
or
Strata Cloud Manager
can be edited and copied as needed. Viewing a data profile created on the DLP on
Panorama
requires
Panorama
plugin for
Enterprise DLP
1.0.4 or later release.
(
Panorama
only
) A data profile configured for detection of non-file traffic allows you to configure URL and application exclusion lists. The URL and application exclusion lists allow you to select
Shared
URL and application traffic to exclude from inspection. For the application exclusion list, at least one application exclusion is required to create a data filtering profile for inspecting non-file traffic. The predefined
DLP App Exclusion Filter
is provided containing commonly used applications that can be safely excluded from inspection. When you create a data filtering profile using predefined data patterns, be sure to consider the detection type used by the predefined data patterns because the detection type determines how
Enterprise Data Loss Prevention (E-DLP)
arrives at a verdict for scanned files. If you downgrade from PAN-OS 10.2.1 or later release and
Enterprise DLP
plugin 3.0.1 or late release to PAN-OS 10.1 and
Enterprise DLP
plugin 1.0, data filtering profiles created on
Panorama
for non-file inspection are automatically converted into file-based data filtering profiles.
When you create a data profile using predefined data patterns, be sure to consider the detection types used by the predefined data patterns because the detection type determines how
Enterprise Data Loss Prevention (E-DLP)
arrives at a verdict for scanned files.
Updating a classic data profile to include an advanced detection method such as Exact Data Matching (EDM) and custom document types set isn’t supported.
You need to create an advanced data profile if you want to create a data profile that combines a predefined or custom data pattern and advanced detection methods, see

Strata Cloud Manager

Create an
Enterprise Data Loss Prevention (E-DLP)
data profile on
Strata Cloud Manager
.
  1. Log in to
    Strata Cloud Manager
    .
  2. Edit the Data Filtering Settings on
    Strata Cloud Manager
    to configure the minimum and maximum data size limits and the actions the firewall takes when uploading files or to the DLP cloud service or when inspecting non-file based traffic.
  3. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    Data Profiles
    and
    Add Data Profile
    Classic Data Profile
    .
    You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
    Data profiles created by copying an existing data profile are appended with
    Copy - <name_of_original_data_profile>
    . This name can be edited as needed.
    Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
  4. Configure the Primary Rule for the data profile.
    Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
    1. Enter a descriptive
      Data Profile Name
      .
    2. Add Pattern Group
      and
      Add Data Pattern
      .
    3. Configure the match criteria.
      • Data Pattern
        —Select a custom or predefined data pattern.
      • Occurrence Condition
        —Specify the occurrences condition required to trigger a Security policy rule action.
        • Any
          —Security policy rule action triggered if
          Enterprise DLP
          detects at least one instance of matched traffic.
        • Less than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with the maximum being the specified
          Count
          .
        • More than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with a minimum being the specified
          Count
          .
        • Between (inclusive)
          —Security policy rule action triggered if
          Enterprise DLP
          detects any number of instances of matched traffic between the specific
          Count
          range.
      • Count
        —Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        For example, to match a pattern that appears three or more times in a file, select
        More than or equal to
        as the
        Occurrence Condition
        and specify
        3
        as the
        Threshold
        .
      • Confidence
        —Specify the confidence level required for a Security policy rule action to be taken (
        High
        or
        Low
        ).
    4. (
      Optional
      )
      Add Data Pattern
      to add additional data pattern match criteria to the Primary rule.
    5. (
      Optional
      )
      Add Data Pattern Group
      to add additional data pattern conditions using
      AND
      or
      OR
      operators to the Primary Rule.
      Refer to the descriptions above to configure any additional data pattern conditions as needed.
    6. (
      Optional
      ) Configure a Secondary Rule.
      Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data pattern conditions. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
    7. Review the
      Data Profile Preview
      to verify the data profile match criteria.
    8. Save
      the data profile.
  5. Select
    Manage
    Configuration
    Security Services
    Data Loss Prevention
    and search for the data profile you created to verify it was successfully created.
  6. Attach the data profile to a Security policy rule.

DLP App

Configure an
Enterprise Data Loss Prevention (E-DLP)
data profile on the DLP app on the hub.
  1. Log in to the DLP app on the hub.
    If you don’t already have access to the DLP app on the hub, see the hub Getting Started Guide. Only Superusers can access the hub.
  2. Select
    Data Profiles
    Add Data Profile
    Classic Data Profile
    .
    You can also create a new data profile by copying an existing data profile. This allows you to quickly modify an existing data profile with additional match criteria while preserving the original data profile from which the new data profile was copied.
    Data profiles created by copying an existing data profile are appended with
    Copy - <name_of_original_data_profile>
    . This name can be edited as needed.
    Adding an EDM data set to a copied data profile is supported only if the original data profile had an EDM data set to begin with. Adding an EDM data set to a data profile that doesn’t already have an EDM data set isn’t supported.
  3. Configure the Primary Rule for the data profile.
    Data pattern match criteria for traffic that you want to allow must be added to the Primary Rule. Data pattern match criteria for traffic that you want to block can be added to either Primary Rule or Secondary Rule.
    1. Enter a descriptive
      Data Profile Name
      .
    2. Add Pattern Group
      and
      Add Data Pattern
      .
    3. Define the match criteria.
      • Data Pattern
        —Select a custom or predefined data pattern.
      • Occurrence Condition
        —Specify the occurrences condition required to trigger a Security policy rule action.
        • Any
          —Security policy rule action triggered if
          Enterprise DLP
          detects at least one instance of matched traffic.
        • Less than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with the maximum being the specified
          Count
          .
        • More than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with a minimum being the specified
          Count
          .
        • Between (inclusive)
          —Security policy rule action triggered if
          Enterprise DLP
          detects any number of instances of matched traffic between the specific
          Count
          range.
      • Count
        —Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        For example, to match a pattern that appears three or more times in a file, select
        More than or equal to
        as the
        Occurrence Condition
        and specify
        3
        as the
        Threshold
        .
      • Confidence
        —Specify the confidence level required for a Security policy rule action to be taken (
        High
        or
        Low
        ).
    4. (
      Optional
      )
      Add Data Pattern
      to add additional data pattern match criteria to the Primary rule.
    5. (
      Optional
      )
      Add Data Pattern Group
      to add additional data pattern conditions using
      AND
      or
      OR
      operators to the Primary Rule.
      Refer to the descriptions above to configure any additional data pattern conditions as needed.
    6. (
      Optional
      ) Configure a Secondary Rule.
      Data pattern match criteria added to the Secondary Rule block all traffic that meets the match criteria for the data patterns by default and can’t be modified. If you want to allow traffic that matches a data pattern match criteria, add it to the Primary Rule.
    7. Review the
      Data Profile Preview
      to verify the data profile match criteria.
    8. Save
      the data profile.
  4. Verify that the data profile you created.
    • DLP App on the hub—
      Log in to the DLP app on the hub as a Superuser and select
      Data Profiles
      to view the data profile you created.
    • Strata Cloud Manager
      Log in to
      Strata Cloud Manager
      and select
      Manage
      Configuration
      Security Services
      Data Loss Prevention
      and search for the data profile you created.
    • Panorama
      and
      Prisma Access (Panorama Managed)
      See Update a Data Profile for more information on which data profile settings are editable on
      Panorama
      for a data profile created on
      Strata Cloud Manager
      .
    1. Log in to the
      Panorama
      web interface.
    2. Select
      Objects
      DLP
      Data Filtering Profiles
      and navigate to the data profile you created.
    3. (
      Optional
      ) Edit the data profile Action to block traffic.
      The Action for a data profile created on
      Strata Cloud Manager
      is configured to
      Alert
      by default.
      If the data profile has both Primary and Secondary Patterns, changing the data profile Action on
      Panorama
      deletes all Secondary Pattern match criteria.
      1. Select the data profile created on
        Strata Cloud Manager
        .
      2. Set the data profile Action to
        Block
        traffic that matches the data profile match criteria.
      3. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      4. Click
        OK
        .
      5. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
  5. Attach the data profile to a Security policy rule.
    1. Log in to the
      Panorama
      web interface.
    2. Select
      Policies
      Security
      and specify the
      Device Group
      .
    3. Select the Security policy rule to which you want to add the data profile.
    4. Select
      Actions
      and set the
      Profile Type
      to
      Profiles
      .
    5. Select the
      Data Filtering
      profile you created.
    6. Click
      OK
      .
    7. Select
      Commit
      and
      Commit and Push
      .

File Based for
Panorama

Create a data filtering profile for the
Enterprise Data Loss Prevention (E-DLP)
on the
Panorama™ management server
.
  1. Log in to the
    Panorama
    web interface.
  2. Edit the Data Filtering Settings on
    Panorama
    to configure the minimum and maximum data size limits and the actions the firewall takes when uploading files to the DLP cloud service.
  3. Create one or more data patterns.
  4. Select
    Objects
    DLP
    Data Filtering Profiles
    .
  5. Add
    a new data filtering profile.
  6. Enter a descriptive
    Name
    for the data profile.
  7. Verify the following settings are enabled.
    • File Based
      —New data profiles have
      Yes
      selected by default.
    • Shared
      —All
      Enterprise DLP
      data profiles must be
      Shared
      across all device groups. This setting is enabled by default and cannot be disabled.
  8. Define the match criteria.
    • If you select
      Basic
      , configure the following:
      • Primary Pattern
        Add
        one or more data patterns to specify as the match criteria.
        If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
      • Match
        —Select whether the pattern you specify should match (
        include
        ) or not match (
        exclude
        ) the specified criteria.
      • Operator
        —Select a boolean operator to use with the
        Threshold
        parameter. Specify
        Any
        to ignore the threshold.
        • Any
          —Security policy rule action triggered if
          Enterprise DLP
          detects at least one instance of matched traffic.
        • Less than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with the maximum being the specified
          Threshold
          .
        • More than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with a minimum being the specified
          Threshold
          .
        • Between (inclusive)
          —Security policy rule action triggered if
          Enterprise DLP
          detects any number of instances of matched traffic between the specific
          Threshold
          range.
      • Occurrence
        —Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        For example, to match a pattern that appears three or more times in a file, select
        more_than_or_equal_to
        as the
        Operator
        and specify
        3
        as the
        Threshold
        .
      • Confidence
        —Specify the confidence level required for a Security policy rule action to be taken (
        High
        or
        Low
        ).
    • If you select
      Advanced
      , you can create expressions by dragging and dropping data patterns,
      Confidence
      levels,
      Operators
      , and
      Occurrence
      values into the field in the center of the page.
      Specify the values in the order that they’re shown in the following screenshot (data pattern,
      Confidence
      , and
      Operator
      or
      Occurrence
      ).
  9. Select an
    Action
    (
    Alert
    or
    Block
    ) to perform on the file.
    If the data profile has both Primary and Secondary Patterns, changing the data profile Action on
    Panorama
    deletes all Secondary Pattern match criteria.
  10. Specify the file types the DLP cloud service takes action against.
    • DLP plugin 4.0.0 and earlier releases
      Select the
      File Type
      . By default,
      any
      is selected and inspects all supported file types.
    • DLP plugin 4.0.1 and later releases
    1. Select
      File Types
      .
    2. Select the Scan Type to create a file type include or exclude list.
      • Include
        —DLP cloud service inspects only the file types you add to the File Type Array.
      • Exclude
        —DLP cloud service inspects all supported file types except for those added to the File Type Array.
    3. Click
      Modify
      to add the file types to the File Type Array and click
      OK
      .
  11. Select traffic
    Direction
    you want to inspect.
    You can select
    Upload
    ,
    Download
    , or
    Both
    .
  12. Set the
    Log Severity
    recorded for files that match this rule.
    You can select
    critical
    ,
    high
    ,
    medium
    ,
    low
    , or
    informational
    . The default severity is
    informational
    .
  13. Click
    OK
    to save your changes.
  14. Attach the data filtering profile to a Security policy rule.
    1. Select
      Policies
      Security
      and specify the
      Device Group
      .
    2. Select the Security policy rule to which you want to add the data filtering profile.
    3. Select
      Actions
      and set the
      Profile Type
      to
      Profiles
      .
    4. Select the
      Data Filtering
      profile you created previously.
    5. Click
      OK
      .
  15. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    • Full configuration push from Panorama
      1. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      2. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      3. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
    • Partial configuration push from Panorama
      You must always include the temporary
      __dlp
      administrator when performing a partial configuration push. This is required to keep
      Panorama
      and the DLP cloud service in sync.
      For example, you have an
      admin
      Panorama
      admin user who is allowed to commit and push configuration changes. The
      admin
      user made changes to the
      Enterprise DLP
      configuration and only wants to commit and push these changes to managed firewalls. In this case, the
      admin
      user is required to also select the
      __dlp
      user in the partial commit and push operations.
      1. Select
        Commit
        Commit to
        Panorama
        .
      2. Select
        Commit Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial commit.
        In this example, the
        admin
        user is currently logged in and performing the commit operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      3. Commit
        .
      4. Select
        Commit
        Push to Devices
        .
      5. Select
        Push Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial push.
        In this example, the
        admin
        user is currently logged in and performing the push operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Click
        OK
        .
      8. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .

Non-File Based for
Panorama

Create a data filtering profile for the
Enterprise Data Loss Prevention (E-DLP)
on the
Panorama™ management server
to inspect non-file traffic for sensitive data.
  1. Log in to the
    Panorama
    web interface.
  2. Edit the Data Filtering Settings on
    Panorama
    to configure the minimum and maximum data size limits and the actions the firewall takes when uploading non-file data to the DLP cloud service.
    Palo Alto Networks recommends verifying you
    Enable Non File DLP
    after you install
    Panorama
    plugin for
    Enterprise DLP
    3.0.1.
  3. Create one or more data patterns.
  4. (
    Optional
    ) Create a custom application filter or application group to define predefined or custom application traffic you want to exclude from inspection.
    The application filter and application group must be
    Shared
    to be used in the data filtering profile application exclusion list. Data filtering profiles for non-file traffic inspection support either both custom application filters and application groups. You aren’t required to add both.
  5. (
    Optional
    ) Create a custom URL category to define URL traffic you want to exclude from inspection.
    The URL category must be
    Shared
    to be used in the data filtering profile URL exclusion list.
    To include the custom URL category in the URL exclusion list of a data filtering profile, adding the custom URL category to a URL Filtering profile isn’t required.
  6. Select
    Objects
    DLP
    Data Filtering Profiles
    .
  7. Add
    a new data filtering profile.
  8. (
    Optional
    ) Configure the data filtering profile to scan
    File Based
    traffic.
    Data filtering profiles support scanning both file based and non-file based traffic. Select
    Yes
    to scan for both file based and non-file based traffic. Select
    No
    to only scan for non-file based traffic. Configuring the data filtering profile not to scan for file based traffic has no impact on scanning non-file based traffic.
  9. Configure the data filtering profile to scan
    Non-File Based
    traffic.
    Select
    Yes
    to scan for non-file based traffic.
  10. Verify that
    Shared
    is enabled.
    All
    Enterprise DLP
    data profiles must be
    Shared
    across all device groups. This setting is enabled by default and cannot be disabled.
  11. Define the match criteria.
    • If you select
      Basic
      , configure the following:
      • Primary Pattern
        Add
        one or more data patterns to specify as the match criteria.
        If you specify more than one data pattern, the managed firewall uses a boolean OR match in the match criteria.
      • Match
        —Select whether the pattern you specify should match (
        include
        ) or not match (
        exclude
        ) the specified criteria.
      • Operator
        —Select a boolean operator to use with the
        Threshold
        parameter. Specify
        Any
        to ignore the threshold.
        • Any
          —Security policy rule action triggered if
          Enterprise DLP
          detects at least one instance of matched traffic.
        • Less than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with the maximum being the specified
          Threshold
          .
        • More than or equal to
          —Security policy rule action triggered if
          Enterprise DLP
          detects instances of matched traffic, with a minimum being the specified
          Threshold
          .
        • Between (inclusive)
          —Security policy rule action triggered if
          Enterprise DLP
          detects any number of instances of matched traffic between the specific
          Threshold
          range.
      • Occurrence
        —Specify the number of instances of matched traffic required to trigger a Security policy rule action. Range is
        1
        -
        500
        .
        For example, to match a pattern that appears three or more times in a file, select
        more_than_or_equal_to
        as the
        Operator
        and specify
        3
        as the
        Threshold
        .
      • Confidence
        —Specify the confidence level required for a Security policy rule action to be taken (
        High
        or
        Low
        ).
    • If you select
      Advanced
      , you can create expressions by dragging and dropping data patterns,
      Confidence
      levels,
      Operators
      , and
      Occurrence
      values into the field in the center of the page.
      Specify the values in the order that they’re shown in the following screenshot (data pattern,
      Confidence
      , and
      Operator
      or
      Occurrence
      ).
  12. Select an
    Action
    (
    Alert
    or
    Block
    ) to perform on matching traffic.
    If the data profile has both Primary and Secondary Patterns, changing the data profile Action on
    Panorama
    deletes all Secondary Pattern match criteria.
  13. (
    Optional
    ) Configure the URL category list to exclude URL traffic from inspection.
    The URL category list can only be configured when
    Non-File Based
    traffic inspection is enabled.
    1. Select
      URL Category List Excluded From Non-File
      .
    2. Add
      a new URL category list.
    3. Select a predefined URL category, custom URL category or EDL.
  14. Configure the application exclusion list to exclude application traffic from inspection.
    The application list can only be configured when
    Non-File Based
    traffic inspection is enabled. At least one application list or application group is required to create a data filtering profile for inspecting non-file traffic.
    1. Select
      Application List Excluded From Non-File
      .
    2. Add
      an application filter or application group.
      If you didn’t create a custom application filter or application group, you must add the
      DLP App Exclusion Filter
      .
  15. For the
    Direction
    , only
    Upload
    is supported for inspection of non-file based traffic.
  16. Set the
    Log Severity
    recorded for files that match this rule.
    You can select
    critical
    ,
    high
    ,
    medium
    ,
    low
    , or
    informational
    . The default severity is
    informational
    .
  17. Click
    OK
    to save your changes.
  18. Attach the data filtering profile to a Security policy rule.
    1. Select
      Policies
      Security
      and specify the
      Device Group
      .
    2. Select the Security policy rule to which you want to add the data filtering profile.
    3. Select
      Actions
      and set the
      Profile Type
      to
      Profiles
      .
    4. Select the
      Data Filtering
      profile you created previously.
    5. Click
      OK
      .
  19. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    • Full configuration push from Panorama
      1. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      2. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      3. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
    • Partial configuration push from Panorama
      You must always include the temporary
      __dlp
      administrator when performing a partial configuration push. This is required to keep
      Panorama
      and the DLP cloud service in sync.
      For example, you have an
      admin
      Panorama
      admin user who is allowed to commit and push configuration changes. The
      admin
      user made changes to the
      Enterprise DLP
      configuration and only wants to commit and push these changes to managed firewalls. In this case, the
      admin
      user is required to also select the
      __dlp
      user in the partial commit and push operations.
      1. Select
        Commit
        Commit to
        Panorama
        .
      2. Select
        Commit Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial commit.
        In this example, the
        admin
        user is currently logged in and performing the commit operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      3. Commit
        .
      4. Select
        Commit
        Push to Devices
        .
      5. Select
        Push Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial push.
        In this example, the
        admin
        user is currently logged in and performing the push operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Click
        OK
        .
      8. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .

Recommended For You