What’s Supported with Enterprise Data Loss Prevention (DLP)?
Supported applications and operational parameters for
Enterprise Data Loss Prevention (DLP).
Enterprise Data Loss Prevention (DLP) is supported on
all hardware-based firewalls and VM-Series firewalls except for CN-Series firewalls running PAN-OS
10.0.2 or later releases with the minimum Application
& Threats content version 8334-6362.
Here are the supported applications and operational
parameters that you can use with Enterprise Data Loss Prevention
(DLP).
Web Application | PDF | doc/docx | ppt/pptx | xls/xlsx | rtf | CSV | Multi-file uploads | File Size |
|---|---|---|---|---|---|---|---|---|
Web Browsing | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
Onedrive Web App | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
Sharepoint Web App | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
Gmail Web App | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
Box Web App | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
Slack Web App | Yes | Yes | Yes | Yes | Yes | Yes | Yes | 20MB |
- Applications—You can enforce DLP for web-based (HTTP- or HTTPS-based) uploads for the following applications:
- Box (App-ID is boxnet-uploading)
- Gmail (App-ID is gmail-uploading)To use Gmail, you must disable the QUIC protocol. Palo Alto Networks recommends disabling QUIC in Chrome. To do so, specifychrome://flags/in Chrome’s URL bar, findExperimental QUIC Protocol, and selectDisabled.
- Microsoft OneDrive (App-ID is sharepoint-online-uploading)
- Microsoft SharePoint (App-ID is sharepoint-online-uploading)
- Slack (App-ID is slack-uploading)
- Web browsing (App-ID is web-browsing)
- File operations—You can upload files using HTTP and HTTPS (no FTP or SMTP) using HTTP/1.1.Some applications, such as SharePoint and OneDrive, use HTTP/2 by default. To use HTTP/2 files with HTTP/1.1, you need to create a decryption profile and a security policy to strip out the ALPN headers. See Enable Enterprise Data Loss Prevention (DLP) for more information.
- Data flow—File uploads are supported (downloads are not supported).
- Concurrent file uploads—25 concurrent file uploads are supported.
- File size—Files of up to 20 MB are supported.If you use Box to upload multiple files, and one or more of the files are larger than 20 MB, the upload of all files will not complete. To continue, find the files in Box that are larger than 20 MB and clickXto stop the upload of those files.
- File types—Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx) .csv, .pdf, and .rtf.
- Response—Block and Alert actions are supported for HTTP and HTTPS files. The Block page does not display the name of the file that managed firewall blocked.
- Data Patterns and Data Filtering Profiles—Use predefined data patterns and data filtering profiles, or create your own data patterns and data filtering profiles. Data pattern cloning is not currently supported; however, you can clone predefined data filtering profiles if you want to add, remove, or modify data identifiers in the existing profile.For each data filtering profile, Enterprise DLP allows a maximum of 10 data patterns for a Block rule and 50 data patterns for an Alert rule.Predefined data patterns use either machine learning or regex based detection for scanned files. Enterprise DLP returns verdicts for the following predefined machine learning based data patterns for scanned files up to 1MB:
- Bank - Bankruptcy Filings
- Bank - Statements
- Financial - Financial Accounting
- Financial - Generic
- Financial - Invoice
- Financial - Personal Finance
- Health - Generic
- Legal - Generic
- Legal - Lawsuits
- Legal - Merger and acquisition
- Legal - Patent Filings
- Legal - Standard Business Agreements
- Source Code- Cfamily
- Source Code- Generic
- Source Code- java
- Source Code- javascript
- Source Code- perl
- Source Code- powershell
- Source Code- python
- Source Code- r
- Source Code- ruby
- Source Code- vbs
- Source Code- verilog
- Source Code- vhd1
- Source Code- x86_assembly
