Enable Existing Data Patterns and Filtering Profiles
Focus
Focus
Enterprise DLP

Enable Existing Data Patterns and Filtering Profiles

Table of Contents

Enable Existing Data Patterns and Filtering Profiles

Enable existing data patterns and filtering profiles not configured using
Enterprise Data Loss Prevention (E-DLP)
.
Where Can I Use This?
What Do I Need?
  • NGFW (Panorama Managed)
  • Enterprise Data Loss Prevention (E-DLP)
    license
  • Support license
  • Device management license
After you successfully install the
Enterprise Data Loss Prevention (E-DLP)
plugin on
Panorama
, existing data patterns and filtering profiles are no longer displayed but you can still reference them in your Security policy rules. If you have existing data filtering patterns and profiles configured that you need to edit after installing the
Enterprise DLP
plugin, you can display them again in your
Panorama
web interface.
Existing data patterns and data filtering profiles aren’t hidden if you’re using
Enterprise DLP
for
Prisma Access (Panorama Managed)
.
  1. Enable existing data patterns and filtering profiles on
    Panorama
    .
    1. Log in to the
      Panorama
      CLI.
    2. Enable the existing data patterns and filtering profiles.
      admin>
      request plugins dlp hide-old-config no
      Panorama
      returns a
      pass
      message to confirm the existing data patterns and filtering profiles are now displayed.
      Enter the following command to disable the displaying of existing data patterns and filtering profiles.
      admin>
      request plugins dlp hide-old-config yes
  2. (
    Optional
    ) Enable existing data patterns and filtering profiles on the managed firewall if you have any Security policy rules configured locally on the firewall.
    1. Enable the existing data patterns and filtering profiles.
      admin>
      request plugins dlp hide-old-config no
      The firewall returns a
      pass
      message to confirm the existing data patterns and filtering profiles are now displayed.
      Enter the following command to disable the displaying of existing data patterns and filtering profiles.
      admin>
      request plugins dlp hide-old-config yes
  3. Log in to the
    Panorama
    web interface.
  4. Edit your existing data patterns and filtering profiles.
    1. Select
      Objects
      Custom Objects
      Data Patterns
      and edit your data patterns.
    2. Select
      Objects
      Security Profiles
      Data Filtering
      and edit your data filtering profiles.
  5. Select
    Policies
    Security
    and select the
    Device Group
    to modify your Security policy rules as needed.
  6. Commit and push the new configuration to your managed firewalls to complete the
    Enterprise DLP
    plugin installation.
    This step is required for
    Enterprise DLP
    data filtering profile names to appear in Data Filtering logs.
    The
    Commit and Push
    command isn’t recommended for
    Enterprise DLP
    configuration changes. Using the
    Commit and Push
    command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
    • Full configuration push from Panorama
      1. Select
        Commit
        Commit to
        Panorama
        and
        Commit
        .
      2. Select
        Commit
        Push to Devices
        and
        Edit Selections
        .
      3. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      4. Click
        OK
        .
      5. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .
    • Partial configuration push from Panorama
      You must always include the temporary
      __dlp
      administrator when performing a partial configuration push. This is required to keep
      Panorama
      and the DLP cloud service in sync.
      For example, you have an
      admin
      Panorama
      admin user who is allowed to commit and push configuration changes. The
      admin
      user made changes to the
      Enterprise DLP
      configuration and only wants to commit and push these changes to managed firewalls. In this case, the
      admin
      user is required to also select the
      __dlp
      user in the partial commit and push operations.
      1. Select
        Commit
        Commit to
        Panorama
        .
      2. Select
        Commit Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial commit.
        In this example, the
        admin
        user is currently logged in and performing the commit operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      3. Commit
        .
      4. Select
        Commit
        Push to Devices
        .
      5. Select
        Push Changes Made By
        and then click the current Panorama admin user to select additional admins to include in the partial push.
        In this example, the
        admin
        user is currently logged in and performing the push operation. The
        admin
        user must click
        admin
        and then select the
        __dlp
        user. If there are additional configuration changes made by other Panorama admins they can be selected here as well.
        Click
        OK
        to continue.
      6. Select
        Device Groups
        and
        Include Device and Network Templates
        .
      7. Click
        OK
        .
      8. Push
        your configuration changes to your managed firewalls that are using
        Enterprise DLP
        .

Recommended For You