Why do we see paloalto-dlp-service traffic generated from a firewall without a DLP license or configuration?

Why do we see paloalto-dlp-service traffic generated from a firewall without a DLP license or configuration?

629
Created On 01/20/25 09:41 AM - Last Modified 10/18/25 03:18 AM


Question


Why do we see paloalto-dlp-service traffic generated from a firewall without a DLP license or configuration?

Environment


  • Prisma Access Firewalls
  • Enterprise DLP
  • No DLP license.
  • Active SaaS Security Inline or Advanced Threat Prevention licenses.

Answer


  1. The application paloalto-dlp-service matches SSL traffic to specific servers (e.g., hawkeye.services-edge.paloaltonetworks.com).
  2. These servers are for services such as DLP, AppID Cloud Engine (ACE), and Advanced Threat Prevention (ATP) cloud service.
  3. When either ACE or ATP is licensed and connected, traffic is expected to be classified as paloalto-dlp-service.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HEqqCAG&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail