Configure Services for Global and Virtual Systems

• Edit Services to define the destination IP addresses of DNS servers, the Update Server, and the Proxy Server. Use the dedicated NTP tab to configure Network Time Protocol settings. See Table 12 for field descriptions of the available Services options.
• In Service Features, click Service Route Configuration to specify how the firewall will communicate with other servers/devices for services such as DNS, email, LDAP, RADIUS, syslog, and many more. There are two ways to configure global service routes:
  • The Use Management Interface for all option will force all firewall service communications with external servers through the management interface (MGT). If you select this option, you must configure the MGT interface to allow communications between the firewall and the servers/devices that provide services. To configure the MGT interface, select Device > Setup > Management and edit the settings.
  • The Customize option allows you granular control over service communication by configuring a specific source interface and IP address that the service will use as the destination interface and destination IP address in its response. (For example, you could configure a specific source IP/ interface for all email communication between the firewall and an email server, and use a different source IP/interface for Palo Alto Networks Services.) Select the one or more services you want to customize to have the same settings and click Set Selected Service Routes. The services are listed in Table 13, which indicates whether a service can be configured for the Global firewall or Virtual Systems, and whether the service supports an IPv4 and/or IPv6 source address.