VM-Series and Panorama Plugins Release Notes
    : Limitations
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series and Panorama Plugins Release Notes
    3. Panorama Plugin for Enterprise Data Loss Prevention
    4. Limitations
    Download PDF

    VM-Series and Panorama Plugins Release Notes

    Limitations

    Table of Contents

    Limitations

    Limitations associated with the Enterprise Data Loss Prevention (E-DLP) plugin.
    The following are limitations associated with Enterprise Data Loss Prevention (E-DLP) Plugin.
    Issue ID
    Description
    When using Enterprise DLP on Hub 1.0, the DLP app on the hub supports only Superuser administrative privileges. Role based access control for Enterprise DLP is supported on Hub 2.0 only.
    A custom block response page for matched traffic blocked by Enterprise DLP is not supported for NGFW (Panorama Managed), NGFW (Cloud Managed), Prisma Access (Cloud Management), and SaaS Security.
    WIF-1127
    For PA-3250 firewalls running PAN-OS 10.2.4 or PAN-OS 10.2.5,
    .zip
     file uploads to the Zendesk application cannot be successfully blocked by Enterprise DLP and do not generate a DLP Incident on Panorama or the managed firewall (
    Monitor
    Logs
    Data Filtering
    ).
    WIF-484
    Detection of floating images is not supported when Optical Character Recognition on Panorama or Prisma Access (Cloud Managed) is enabled.
    WIF-215
    On the Panorama management server, the original connection to the Service URL FQDN is terminated before the connection to the new Service URL FQDN can be established after reconfiguring the Service URL Setting (
    Device
    Setup
    Content-ID
    ).
    PLUG-12944
    After you upgrade Panorama and managed devices to PAN-OS 11.0.2, the Panorama plugin for Enterprise DLP 4.0.1 you downloaded on Panorama prior to upgrade does not automatically install.
    Workaround:
     After you successfully upgrade Panorama to PAN-OS 11.0.2, manually install the downloaded Enterprise DLP plugin (
    Panorama
    Plugins
    ).
    PLUG-12756
    This limitation is addressed in Enterprise DLP version 3.0.4.
    Predefined data filtering profile (
    Objects
    DLP
    Data Filtering Profiles
    )
    File Direction
     displays
    Default
     instead of
    Upload
    .
    PLUG-11837
    On the Panorama management server, downgrading from the following PAN-OS releases does not restore the default
    Upload
    File Direction
     for data filtering profiles (
    Objects
    DLP
    Data Filtering Profiles
    ).
    • Downgrading from PAN-OS 11.0.1 to PAN-OS 11.0.0.
    • Downgrading from PAN-OS 10.2.4 to PAN-OS 10.2.3 or earlier release.
    PLUG-10323
    After you downgrade Panorama and managed devices to PAN-OS 10.2.0 and Enterprise DLP plugin 3.0.0, the
    Non-File Based
     (
    Objects
    DLP
    Data Filtering Profiles
    ) setting for a data filtering profile configured for non-file traffic data inspection erroneously displays as enabled on the managed firewall CLI.
    Workaround:
     Disable the Non-File Based setting on the data filtering profile before downgrading to PAN-OS 10.2.0 and Enterprise DLP plugin 3.0.0.
    1. Log in to the Panorama web interface.
    2. Select
      Objects
      DLP
      Data Filtering Profiles
      .
    3. Configure the Non-File Based setting as
      No
       and click
      OK
      .
    4. Commit and push your configuration changes to your managed firewalls leveraging Enterprise DLP.
      1. Select
        Commit
        Commit to Panorama
         and
        Commit
        .
      2. Select
        Commit
        Push to Devices
         and
        Edit Selections
        .
      3. Select
        Device Groups
         and
        Include Device and Network Templates
        .
      4. Push
         your configuration changes to your managed firewalls leveraging Enterprise DLP.
    PLUG-10252
    Renaming an existing data profile on the DLP app on the hub creates an entirely new data filtering profile (
    Objects
    DLP
    Data Filtering Profiles
    ) on the Panorama management server.
    PLUG-10172
    On the Panorama management server, the commit fails if the same profile (
    Objects
    DLP
    Data Filtering Profiles
    ) is being edited on Panorama and the DLP app at the same time.
    Workaround:
     If you experience a commit failure when editing the data filtering profile on Panorama, you must discard the edits, reset the Enterprise DLP plugin, and reconfigure the data filtering profile.
    PLUG-6159
    On the Panorama management server, all Enterprise Data Loss Prevention (E-DLP) data profiles (
    Objects
    DLP
    Data Filtering Profiles
    ) are not displayed if you
    Remove Config
     (
    Panorama
    Plugins
    ) for the Enterprise DLP plugin and install the Cloud Services plugin.
    Workaround:
     After you successfully Enterprise DLP plugin configuration, log in to the Panorama CLI and reset the Enterprise DLP plugin to display the DLP data profiles.
    admin> 
    request plugins dlp reset
    PLUG-6121
    On the Panorama management server, Enterprise Data Loss Prevention (E-DLP) data patterns and profiles do not function as expected after you load or revert a firewall configuration.
    Workaround:
     After you successfully load or revert a managed firewall configuration, log in to the Panorama CLI and reset the Enterprise DLP plugin.
    admin> 
    request plugins dlp reset
    PAN-215405
    File uploads to the Box application exceeding 20MB create multiple sessions if the data filtering profile (
    Objects
    DLP
    Data Filtering Profile
     Action is set to
    Block
    . This results in the Box application requiring multiple retries before the file upload is successfully attempted and blocked by the DLP cloud service.
    PAN-211913
    Enterprise DLP does not support maintaining a session connection to continue inspection if a file download is paused. The DLP cloud service inspection is terminated for the file if the download operation is paused.
    PAN-206877
    The Gmail file attachment operation may sometimes get stuck or fail after multiple attempts if the DLP cloud service already scanned and blocked the file.
    PAN-157255
    Commit failure occurs on downgrade from PAN-OS 10.0.2 to PAN-OS 10.0.1 or earlier release if Enterprise Data Loss Prevention (E-DLP) -based custom reports (
    Monitor
    Manage Custom Reports
    ) are configured on downgrade.
    Workaround:
     Delete or modify any Enterprise DLP custom reports.
    PAN-142785
    Enterprise Data Loss Prevention (E-DLP) does not support custom response pages on the Panorama management server and uses the default File Blocking Block Page response page (
    Device
    Response Pages
    ).
    PAN-140057
    Enterprise Data Loss Prevention (E-DLP) and IoT logs share log severity levels and cannot be configured individually.
    DIT-27539
    (
    Enterprise DLP 3.0.3 only
    ) Increasing the max file size for the Enterprise DLP data filtering settings to 21 MB or greater is supported only from the Panorama CLI.
    2. Enter configuration mode.
      admin>
      configure
    3. Set the max file size data filtering setting.
      admin#
      set template <template_name> config shared dlp-settings max-file-size <1 - 100>

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.