What’s Supported with Enterprise Data Loss Prevention (DLP)?

Supported applications and operational parameters for Enterprise Data Loss Prevention (DLP).
Enterprise Data Loss Prevention (DLP) is supported on all hardware-based firewalls and VM-Series firewalls except for CN-Series firewalls running PAN-OS 10.0.2 or later releases with the minimum Application & Threats content version 8334-6362.
Here are the supported applications and operational parameters that you can use with Enterprise Data Loss Prevention (DLP).
Web Application
PDF
doc/docx
ppt/pptx
xls/xlsx
rtf
CSV
Multi-file uploads
File Size
Web Browsing
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Onedrive Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Sharepoint Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Gmail Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Box Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
Slack Web App
Yes
Yes
Yes
Yes
Yes
Yes
Yes
20MB
  • Applications
    —You can enforce DLP for web-based (HTTP- or HTTPS-based) uploads for the following applications:
  • File operations
    —You can upload files using HTTP and HTTPS (no FTP or SMTP) using HTTP/1.1.
    Some applications, such as SharePoint and OneDrive, use HTTP/2 by default. To use HTTP/2 files with HTTP/1.1, you need to create a decryption profile and a security policy to strip out the ALPN headers. See Enable Enterprise Data Loss Prevention (DLP) for more information.
  • Data flow
    —File uploads are supported (downloads are not supported).
  • Concurrent file uploads
    —25 concurrent file uploads are supported.
  • File size
    —Files of up to 20 MB are supported.
    If you use Box to upload multiple files, and one or more of the files are larger than 20 MB, the upload of all files will not complete. To continue, find the files in Box that are larger than 20 MB and click
    X
    to stop the upload of those files.
    dlp-box-delete-files.png
  • File types
    —Microsoft Office (.doc, .docx, .ppt, .pptx, .xls, .xlsx) .csv, .pdf, and .rtf.
  • Response
    —Block and Alert actions are supported for HTTP and HTTPS files. The Block page does not display the name of the file that managed firewall blocked.
  • Data Patterns and Data Filtering Profiles
    —Use predefined data patterns and data filtering profiles, or create your own data patterns and data filtering profiles. Data pattern cloning is not currently supported; however, you can clone predefined data filtering profiles if you want to add, remove, or modify data identifiers in the existing profile.
    For each data filtering profile, Enterprise DLP allows a maximum of 10 data patterns for a Block rule and 50 data patterns for an Alert rule.
    Predefined data patterns use either machine learning or regex based detection for scanned files. Enterprise DLP returns verdicts for the following predefined machine learning based data patterns for scanned files up to 1MB:
    • Bank - Bankruptcy Filings
    • Bank - Statements
    • Financial - Financial Accounting
    • Financial - Generic
    • Financial - Invoice
    • Financial - Personal Finance
    • Health - Generic
    • Legal - Generic
    • Legal - Lawsuits
    • Legal - Merger and acquisition
    • Legal - Patent Filings
    • Legal - Standard Business Agreements
    • Source Code- Cfamily
    • Source Code- Generic
    • Source Code- java
    • Source Code- javascript
    • Source Code- perl
    • Source Code- powershell
    • Source Code- python
    • Source Code- r
    • Source Code- ruby
    • Source Code- vbs
    • Source Code- verilog
    • Source Code- vhd1
    • Source Code- x86_assembly

Recommended For You