DLP incidents not created for file uploads on an NGFW due to missing DLP configuration

• Occasionally DLP incidents will not get created for a file upload traffic flowing through the firewall. 
• Other symptoms include the command “show ctd-agent dp-config” displays blank output

• Strata Cloud Manager (SCM)
• Panorama managed NGFW 
• Enterprise DLP 

• Corrupt DLP installation.
• During the time of plugin installation, the install flow fails to create dlp folder under /opt/pancfg/mgmt/plugins/appdata/ on firewall file structure. This directory holds all DLP configuration.
• As a result “show ctd-agent dp-config” displays blank. 
• Since there was no config, the DLP will not function.

1. Review “plugin_dlp.log” from the firewall tech support file. The following error help evaluate the issue

ERROR: [p1-commit] create_dlp_config: Exception: [Errno 2] No such file or directory: '/opt/pancfg/mgmt/plugins/appdata/dlp/dp-config.xml'
ERROR: [p1-commit] DLP Configuration not found

2. Run command “show ctd-agent dp-config” in CLI and if it shows blank that means there is no data plane config for DLP
3. Check the firewall UI->Device->Plugins. Uninstall and install a DLP plugin (Same or a different one).
4. Once this is done, commit/push from SCM or Panorama.
5. This will create a DLP folder /opt/pancfg/mgmt/plugins/appdata/dlp/ enabling all DLP configuration into the firewall.
6. After this, upload or download tests should create incidents.