Platform Support

• Only a Superuser on Panorama can create Enterprise DLP patterns and profiles, and can associate profiles to Security policy rules for tenants.
• A Superuser must commit all changes to Panorama whenever they make changes to patterns and profiles.
• All tenants share a single copy of pattern and profile configurations; therefore, any changes done to them are reflected across all tenants.
• Since Security policy rules can be different across tenants, each tenant can have different data profiles associated with Security policy rules.

• NGFW PAN-OS Version—PAN-OS 10.0.2 or a later version.
  PA-410 firewalls are not supported.
• PanoramaPAN-OS Version—M-Series or virtual appliance running PAN-OS 10.0.2 or later version.
  To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
  Enterprise DLP doesn’t support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
• Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
  Upgrade to PAN-OS 10.0.3 and install Application and Threats content release version 8413 or later version for additional application support.
• Licenses—Support licenses (NGFW and Panorama) and a Panorama device management license.

• Prisma Access Version—Prisma Access 2.0 Innovation or a later version.
• PanoramaPAN-OS Version—M-Series or virtual appliance running PAN-OS 10.0.2 or later version.
  To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
  Enterprise DLP doesn’t support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
• Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
  Install Application and Threats content release version 8413 or later version for additional application support.
• Licenses—Prisma Access license, Strata Logging Service license, and Panorama support license.

• NGFW PAN-OS Version—PAN-OS 10.2.3 or a later version.
• Apps & Threats Content Update Version—Application and Threats content release version 8614 or a later version.
• Licenses—NGFW support license and a AIOps for NGFW Premium license.

• Enterprise DLP is supported on Strata Cloud Manager when using Prisma Access (Managed by Strata Cloud Manager), SaaS Security, or both.
• Enterprise DLP is supported on PA-Series firewalls managed by Strata Cloud Manager.
• DLP is an add-on license on Strata Cloud Manager when using Strata Cloud Manager from a Single Prisma SASE Platform or Multitenant Prisma SASE Platform.
  Enterprise DLP is included by default and doesn’t require a separate license when using Strata Cloud Manager from the CASB-X Platform.
• Important: Install Panorama plugin for Enterprise DLP 1.0.6 or later release if you’re using Enterprise DLP on Strata Cloud Manager and managing the Enterprise DLP configuration from Panorama for Palo Alto Networks Next-Generation Firewalls (NGFW) and Prisma Access (Managed by Panorama). This is required to ensure Enterprise DLP configurations are successfully synchronized across all your security platforms.
  DLP policy enforcement on Strata Cloud Manager is supported when using Panorama to manage your Enterprise DLP configuration.