Enterprise DLP
Reasons for Inspection Failure
Table of Contents
Reasons for Inspection Failure
Review and understand the reasons why Enterprise Data Loss Prevention (E-DLP) was unable to scan
traffic
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Or any of the following licenses that include the Enterprise DLP license
|
In some cases, Enterprise Data Loss Prevention (E-DLP) is unable to inspect and render a verdict on
either file or non-file based traffic that match an Enterprise DLP
data profile, and as a result no DLP incident is generated.
However, a log is generated if Enterprise DLP is unable to inspect matched
traffic.
- Strata Cloud Manager—View the File log ()Apply a Sub Type = dlp or Sub Type = dlp-non-file filter to narrow down the list of file logs.If the Reason for Data Filtering Action column is not displayed, expand the menu for any displayed column to search for and check (enable) Reason for Data Filtering Action.
![]()
- Panorama™ management server—View the Data Filtering log ().Apply a (subtype eq dlp) filter to narrow down the list of data filtering logs.If the Reason for Action column is not displayed, expand the menu for any displayed column and click Columns and check (enable) Reason for Action.
![]()
File logs display a Reason for Data Filtering Action and
data filtering logs display a Reason for Action column
describing what data filtering action was taken by your security endpoint. In this case,
the reason why Enterprise DLP was unable to inspect the matched traffic is
described. Review the list of reasons why Enterprise DLP was unable to inspect
matched traffic.
|
Reason for Action
|
Description
|
|---|---|
|
Scan Skipped: File Size > Limit
|
Inspection skipped because the maximum file size limit was
exceeded.
To avoid this in the future, you can increase the
Max File Size.
|
|
Scan Skipped: Latency > Limit
|
Inspection skipped because the maximum latency limit was
exceeded.
To avoid this in the future, you can increase the
Max Latency
|
|
Scan Skipped: Rate > Limit
|
Inspection skipped because the DLP cloud service received the maximum
number of inspection requests.
|
|
Scan Skipped: Out of memory
|
Inspection skipped because the DLP cloud service memory usage was
exceeded.
|
|
Scan Skipped: Profile not found
|
Inspection skipped because the matched data profile cannot be
found.
Review your Security policy rules to ensure the associated data
profile exists.
|
|
Scan Skipped: Scan req timeout
|
Inspection skipped because the inspection request timed out.
|
|
Scan ERR: Rule1 invalid action
|
Inspected traffic matched the Primary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert.
|
|
Scan ERR: Rule2 invalid action
|
Inspected traffic matched the Secondary rule in the data profile, but
the Action is invalid. The
Action must be either
Block or
Alert.
|
|
FW Skipped: Resource Limit
|
DLP cloud service was unable to inspection traffic due to an error
when forwarding traffic. This can occur when the firewall memory
usage reaches 100%.
|
|
FW Skipped: Fail to Start
|
Firewall was unable to forward logs to the DLP cloud service for
inspection because the session between the firewall and DLP cloud
service could be initialized. This can occur when the firewall
memory usage reaches 80% or higher.
|
|
FW Skipped: Transmit Pkts
|
Firewall encountered an error when forwarding packets or finishing
the forwarding operation to the DLP cloud service. This can occur
when the firewall memory usage reaches 100%.
|
|
Internal Errors
|
Generic error due to an internal error. Requires troubleshooting by
Palo Alto Networks Support to understand
the cause of the error that prevent traffic inspection by the DLP
cloud service.
|