Web Form Data Inspection for Enterprise Data Loss Prevention
Table of Contents
10.2
Expand all | Collapse all
-
- CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall as a Kubernetes CNF
- High Availability Support for CN-Series Firewall on AWS EKS
- DPDK Support for CN-Series Firewall
- Daemonset(vWire) IPv6 Support
- Panorama Plugin for Kubernetes 3.0.0
- L3 IPV4 Support for CN-Series
- 47 Dataplane Cores Support for VM-Series and CN-Series Firewalls
- Memory Scaling of the VM-Series Firewall
Web Form Data Inspection for Enterprise Data Loss Prevention
Inspect non-file based traffic for sensitive data when using Enterprise data loss
prevention (DLP).
Enterprise Data Loss Prevention (DLP) now supports inspection of non-file format traffic to
prevent exfiltration of sensitive information in data exchanged in collaboration
applications, web forms, Cloud applications, custom applications, and social media.
Managed firewalls using Enterprise DLP send all non-file based traffic that match data filtering
profile criteria to the DLP cloud service to render a verdict. However, use URL
categories and application filters to determine which application traffic is
excluded from inspection. Enterprise DLP includes a predefined DLP App
Exclusion Filter filter containing common applications that can’t
be inspected or don’t require inspection. You can use the predefined application
filter or create a custom application filter to specify applications to exclude from
inspection. You can modify existing data filtering profiles to scan both file based
and non-file based traffic. Inspection of non-file based traffic is supported on
Panorama, Prisma Access (Panorama Managed), and
Prisma Access (Cloud Managed).
Enterprise
DLP supports inspection of non-file based traffic of sensitive data
for the following HTTP content types:
- JSON
- URL encoded form
- Multipurpose Internet Mail Extensions (MIME)
Web form inspection for non-file based traffic is supported only for the HTTP/1.x network
protocol. Web form inspection for non-file based traffic isn’t supported for the
HTTP/2 network protocol.
The
steps below describe how to configure web form inspection Enterprise
DLP on Panorama and Prisma Access (Panorama Managed).
- Log in to the Panorama web interface.
- Create a Data Pattern on Panorama.
- (Optional) Create a custom URL category for URL or domain traffic you don’t want to send to the DLP cloud service for inspection.
- (Optional) Create a custom application filter for application traffic
that you don’t want to send to the DLP cloud service for inspection.
- Select ObjectsApplication Filters and Add a new application
filter.You can also select and Clone the predefined DLP App Exclusion Filter to create a custom application filter.
- Check (enabled) Shared.
- Configure the application filter as needed.See Create an Application Filter for more information.
- Click OK.
- Select Commit and Commit to Panorama.
- Select ObjectsApplication Filters and Add a new application
filter.
- Create a data filtering profile to inspect non-file based traffic.See Create a Data Filtering Profile on Panorama for additional details on creating a data filtering profile.
- Select ObjectsDLPData Filtering Profile and Add a data filtering profile.
- Enter descriptive Name for the data filtering profile.
- For Non File Based, select Yes.
- Enable (check) Shared.
- Add the Primary Pattern and Secondary Pattern match criteria as needed.
- (Optional) Select URL Category and
Add a URL category to exclude from
inspection.
- Select Application List and
Add an application list to exclude from
inspection.At least one application filter is required to successfully create a data filtering profile for non-file based traffic.
- Configure the Action.
- Configure the Log Severity.
- Click OK.
- Attach the data filtering profile to a Security policy
rule.
- Select PoliciesSecurity and specify the Device Group.
- Select the Security policy rule to which you want to add the data filtering profile.
- Select Actions and set the Profile Type to Profiles.
- Select the Data Filtering profile that you created previously.
- Click OK to save your policy rule.
- Commit and push your configuration changes to your managed firewalls that are
using Enterprise DLP.The Commit and Push command isn’t recommended for Enterprise DLP configuration changes. Using the Commit and Push command requires the additional and unnecessary overheard of manually selecting the impacted templates and managed firewalls in the Push Scope Selection.
- Select CommitCommit to Panorama and Commit.
- Select CommitPush to Devices and Edit Selections.
- Select Device Groups and Include Device and Network Templates.
- Click OK.
- Push your configuration changes to your managed firewalls that are using Enterprise DLP.