Enterprise DLP
Enable Existing Data Patterns and Filtering Profiles
Table of Contents
Enable Existing Data Patterns and Filtering Profiles
Enable existing data patterns and filtering profiles not configured using
Enterprise Data Loss Prevention (E-DLP)
.Where Can I Use This? | What Do I Need? |
---|---|
|
|
After you successfully install the
Enterprise Data Loss Prevention (E-DLP)
plugin on Panorama
, existing data patterns and filtering profiles are no longer
displayed but you can still reference them in your Security policy rules. If you
have existing data filtering patterns and profiles
configured that you need to edit after installing the Enterprise DLP
plugin,
you can display them again in your Panorama
web interface.Existing data patterns and data filtering profiles aren’t hidden if you’re using
Enterprise DLP
for Prisma Access
(Panorama Managed)
.- Enable existing data patterns and filtering profiles onPanorama.
- Log in to thePanoramaCLI.
- Enable the existing data patterns and filtering profiles.admin>request plugins dlp hide-old-config noPanoramareturns apassmessage to confirm the existing data patterns and filtering profiles are now displayed.Enter the following command to disable the displaying of existing data patterns and filtering profiles.admin>request plugins dlp hide-old-config yes
- (Optional) Enable existing data patterns and filtering profiles on the managed firewall if you have any Security policy rules configured locally on the firewall.
- Enable the existing data patterns and filtering profiles.admin>request plugins dlp hide-old-config noThe firewall returns apassmessage to confirm the existing data patterns and filtering profiles are now displayed.Enter the following command to disable the displaying of existing data patterns and filtering profiles.admin>request plugins dlp hide-old-config yes
- Log in to thePanoramaweb interface.
- Edit your existing data patterns and filtering profiles.
- Selectand edit your data patterns.ObjectsCustom ObjectsData Patterns
- Selectand edit your data filtering profiles.ObjectsSecurity ProfilesData Filtering
- Selectand select thePoliciesSecurityDevice Groupto modify your Security policy rules as needed.
- Commit and push the new configuration to your managed firewalls to complete theEnterprise DLPplugin installation.This step is required forEnterprise DLPdata filtering profile names to appear in Data Filtering logs.TheCommit and Pushcommand isn’t recommended forEnterprise DLPconfiguration changes. Using theCommit and Pushcommand requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Full configuration push from Panorama
- SelectandCommitCommit toPanoramaCommit.
- SelectandCommitPush to DevicesEdit Selections.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.
- Partial configuration push from PanoramaYou must always include the temporary__dlpadministrator when performing a partial configuration push. This is required to keepPanoramaand the DLP cloud service in sync.For example, you have anadminPanoramaadmin user who is allowed to commit and push configuration changes. Theadminuser made changes to theEnterprise DLPconfiguration and only wants to commit and push these changes to managed firewalls. In this case, theadminuser is required to also select the__dlpuser in the partial commit and push operations.
- Select.CommitCommit toPanorama
- SelectCommit Changes Made Byand then click the current Panorama admin user to select additional admins to include in the partial commit.In this example, theadminuser is currently logged in and performing the commit operation. Theadminuser must clickadminand then select the__dlpuser. If there are additional configuration changes made by other Panorama admins they can be selected here as well.ClickOKto continue.
- Commit.
- Select.CommitPush to Devices
- SelectPush Changes Made Byand then click the current Panorama admin user to select additional admins to include in the partial push.In this example, theadminuser is currently logged in and performing the push operation. Theadminuser must clickadminand then select the__dlpuser. If there are additional configuration changes made by other Panorama admins they can be selected here as well.ClickOKto continue.
- SelectDevice GroupsandInclude Device and Network Templates.
- ClickOK.
- Pushyour configuration changes to your managed firewalls that are usingEnterprise DLP.