Platform Support

• Only a Superuser on Panorama can create Enterprise DLP patterns and profiles, and can associate profiles to Security policy rules for tenants.
• A Superuser must commit all changes to Panorama whenever they make changes to patterns and profiles.
• All tenants share a single copy of pattern and profile configurations; therefore, Enterprise DLP synchronizes any changes done you make across all your tenants where you activated Enterprise DLP.
• Since Security policy rules can be different across tenants, each tenant can have different data profiles associated with Security policy rules.

• NGFW and VM-Series (Managed by Panorama)
  PA-410, PA-415, and PA-415-5G firewalls are not supported.
  • NGFW PAN-OS Version—PAN-OS 10.0.2 or a later version.
  • Panorama PAN-OS Version—M-Series or virtual appliance running PAN-OS 10.0.2 or later version.
    To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
    Enterprise DLP does not support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
  • Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
    Upgrade to PAN-OS 10.0.3 and install Application and Threats content release version 8413 or later version for additional application support.
  • Licenses—Support licenses (NGFW and Panorama) and a Panorama device management license.
• Prisma Access (Managed by Panorama)
  • Prisma Access Version—Prisma Access 2.0 Innovation or a later version.
  • PanoramaPAN-OS Version—M-Series or virtual appliance running PAN-OS 10.0.2 or later version.
    To successfully use Enterprise DLP, you must configure your Security policy rule and Security Profile Group on Panorama and push these configurations to your managed firewalls.
    Enterprise DLP does not support pushing an Enterprise DLP data filtering profile to your managed firewall and referencing the data filtering profile in a Security policy rule or Security Profile Group created locally on the firewall.
  • Apps & Threats Content Update Version—Application and Threats content release version 8334 or a later version.
    Install Application and Threats content release version 8413 or later version for additional application support.
  • Licenses—Prisma Access license, Strata Logging Service license, and Panorama support license.
• NGFW (Managed by Strata Cloud Manager)
  PA-410, PA-415, and PA-415-5G firewalls are not supported.
  • Review the list of NGFW supported on Strata Cloud Manager.
  • NGFW PAN-OS Version—PAN-OS 10.2.3 or a later version.
  • Apps & Threats Content Update Version—Application and Threats content release version 8614 or a later version.
  • Licenses—NGFW support license and a AIOps for NGFW Premium license.
• Prisma Access (Managed by Strata Cloud Manager)
  • Enterprise DLP is an add-on license for Prisma Access when using Strata Cloud Manager from a Single Prisma SASE Platform or Multitenant Prisma SASE Platform.
    However, the CASB-X and CASB-PA licenses include the Enterprise DLP license by default and does not require a separate license to activate and use Enterprise DLP.
  • Important: Install the Panorama plugin for Enterprise DLP 1.0.6 or later release if you’re using Enterprise DLP on both NGFW and Prisma Access (Managed by Strata Cloud Manager) and NGFW and Prisma Access (Managed by Panorama).
    This is required to ensure Enterprise DLP configurations are successfully synchronized across both Strata Cloud Manager and Panorama.