VM-Series and Panorama Plugins Release Notes
    : Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.1
    Focus
    Download PDF
    Focus
    1. Home
    2. VM-Series and Panorama Plugins Release Notes
    3. Panorama Plugin for Enterprise Data Loss Prevention
    4. Panorama Plugin for Enterprise Data Loss Prevention (DLP) 3.0
    5. Known and Addressed Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.1
    6. Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.1
    Download PDF

    VM-Series and Panorama Plugins Release Notes

    Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.1

    Table of Contents

    Known Issues in Enterprise Data Loss Prevention (DLP) Plugin 3.0.1

    Known issues in Enterprise DLP Plugin 3.0.1.

    WIF-523

    This issue is addressed in PAN-OS 10.2.2.
    Managed firewalls leveraging Enterprise DLP erroneously display as
    not licensed
    , even though the firewall is successfully licensed, when you enter the following command in the firewall CLI.
    admin>
     
    show ctd-agent status security-client
    This issue is observed only when you initially activate the DLP license on the managed firewall and before you push the Enterprise DLP configuration from the Panorama management server for the first time.
    Workaround:
     Finish setting up and configuring Enterprise DLP.
    This requires you to commit and push the Enterprise DLP configuration to your managed firewall leveraging Enterprise DLP which restores the correct license state on the managed firewall.

    PLUG-14534

    This is addressed in Enterprise DLP plugin 4.0.3 and 3.0.7.
    On the Panorama management server, the Enterprise DLP plugin fails to complete post commit tasks and causes all commits (
    Commit
    Commit to Panorama
    ) to get stuck at 99%.

    PLUG-14201

    This is addressed in Enterprise DLP plugin 3.0.7, 4.0.3, and 5.0.1.
    The Panorama management server is unable to a generate report if a data filtering log (
    Monitor
    Logs
    Data Filtering
    ) with Report ID of
    0
     for a DLP incident. A DLP Incident has a Report ID of
    0
     if the DLP cloud service was unable to scan the file.

    PLUG-13729

    This is addressed in Enterprise DLP plugin 4.0.3 and 5.0.1.
    The Panorama management server is unable to synchronize new data profiles (
    Objects
    DLP
    Data Filtering Profiles
    ) from the DLP cloud service.

    PLUG-13111

    This issue is addressed in Enterprise DLP 3.0.6.
    On the Panorama management server, the list of predefined URL categories are not displayed for a data profile configured for non-file inspection (
    Objects
    DLP
    Data Filtering Profiles
    <select a data profile>
    URL Category List Excluded From
    ).

    PLUG-12430

    This issue is addressed in PAN-OS 10.2.4-h3 and Enterprise DLP plugin 3.0.5.
    On the Panorama management server, Enterprise Data Loss Prevention (E-DLP) allows you to create multiple data filtering profiles (
    Objects
    DLP
    Data Filtering Profiles
    ) with the same
    Name
    .

    PLUG-11851

    On the Panorama management server, an outdated default DLP block response page is displayed when traffic matches a data filtering profile with the Action set to
    Block
     when leveraging Enterprise DLP.

    PLUG-11197

    This issue is addressed in Enterprise DLP version 3.0.2.
    The DLP plugin install or uninstall fails if the local administrator account does not exist.

    PLUG-10330

    This issue is addressed in Enterprise DLP version 3.0.2.
    On a multi-vsys managed firewall managed, the
    Shared
     URL Category (
    Objects
    Custom Objects
    URL Category
    ) pushed from the Panorama management server to multiple vsys of the multi-vsys firewall do not successfully match beyond vsys1.

    PLUG-10252

    This issue is addressed in PAN-OS 10.2.3 and 11.0.0.
    Renaming an existing data profile on the DLP app on the hub creates an entirely new data filtering profile (
    Objects
    DLP
    Data Filtering Profiles
    ) on the Panorama management server.

    PLUG-9811

    This issue is addressed in Enterprise DLP 3.0.6.
    Creating a new data profile from the Panorama management server CLI fails.
    Workaround:
     Create a new data profile from the Panorama web interface.

    PLUG-9323

    This issue is addressed in Enterprise DLP version 1.0.6 and 3.0.2.
    On the Panorama management server, the Secondary Pattern for a data filtering profile (
    Objects
    DLP
    Data Filtering Profiles
    ) is not displayed for the data filtering profile is successfully created and pushed to managed firewalls.

    PLUG-6254

    Firewalls leveraging Enterprise Data Loss Prevention (DLP) do not display the Enterprise DLP data filtering profiles (
    Objects
    DLP
    Data Filtering Profiles
    ) or Enterprise DLP Settings (
    Device
    Setup
    DLP
    ), and cannot be overridden locally on the firewall.

    PLUG-6145

    On the Panorama management server, you cannot create an admin role (
    Panorama
    Admin Roles
    ) to control access to Enterprise Data Loss Prevention (DLP) filtering settings and snippet configuration (
    Device
    Setup
    DLP
    ).

    PAN-191513

    This issue is addressed in Enterprise DLP version 3.0.2.
    For multi-vsys firewalls, the DLP cloud service continues to exclude an application added to a
    Shared
     application group (
    Objects
    Application Groups
    ) or a
    Shared
     application filter (
    Objects
    Application Filters
    ) from non-file traffic inspection when removed from the application group or filter that was added to the App Exclusion List (
    Objects
    DLP
    Data Filtering Profiles
    ).
    Workaround:
     Create a new
    Shared
     application group or filter if you need to remove an application. Alternatively, you can restart the managed firewall each time you push an updated
    Shared
     application group or filter to a multi-vsys firewall.

    PAN-191014

    This issue is addressed in Enterprise DLP version 3.0.2.
    On the Panorama management server, the on device help for data filtering profiles (
    Objects
    DLP
    Data Filtering Profiles
    Add
    ) and data filtering patterns
    Objects
    DLP
    Data Filtering Patterns
    Add
    ) do not display correctly.

    PAN-155923

    Enterprise Data Loss Prevention (DLP) data filtering profiles (
    Objects
    DLP
    Data Filtering Profiles
    ) names do not display in Data Filtering logs (
    Monitor
    Logs
    Data Filtering
    ) until a commit is performed on firewalls leveraging Enterprise DLP after you successfully install the Enterprise DLP plugin.

    PAN-144897

    Enterprise Data Loss Prevention (DLP) data profile
    Thread ID/Name
     filter is not available when you configure a custom report (
    Manage
    Manage Custom Reports
    ) on the Panorama management server or locally on a firewall leveraging Enterprise DLP.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.