You are not seeing DLP incidents for large files uploaded via ZTNA
search cancel

You are not seeing DLP incidents for large files uploaded via ZTNA

book

Article ID: 279950

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service for REST

Issue/Introduction

You are trying to upload a file through ZTNA and send it to DLP for inspection.

You are not seeing any updates in DLP for blocked but the file is never received. In the ZTNA console you see errors like the following:

"Activity restricted by inspection policy"

"Inspection verdict: Not scanned [exceeded file size]"

 

Environment

Zero Trust Network Access (aka "Secure Access Cloud")

DLP Cloud Detection Service for REST

Cause

ZTNA has caps on how big files can be before sending them to DLP - this is hard-coded and set at 30 Mb.

Resolution

ZTNA has caps on how big files can be before sending them to DLP - they have set that at 30 Mb.

Results depending on file size:

  1. Files exceeding 30 Mb will either be blocked or excluded from scanning, depending on the "failure mode" configuration.
    • A file larger than 30 Mb produces this error: 
      "Inspection verdict: Not scanned [exceeded file size]".
  2. Files larger than 300MB will be blocked even in "fail open" mode.

    • And for 1 Gb file - it will be blocked, by ZTNA, with this error reported in the ZTNA console:

      "Activity restricted by inspection policy".
Powered by Wolken Software