Access external services using a service route from a
firewall interface.
The firewall uses the management (MGT)
interface by default to access external services, such as DNS servers,
external authentication servers, Palo Alto Networks
® services such
as software, URL updates, licenses and AutoFocus. An alternative
to using the MGT interface is to configure a data port (a regular interface)
to access these services. The path from the interface to the service
on a server is known as a
service route. The service
packets exit the firewall on the port assigned for the external service
and the server sends its response to the configured source interface
and source IP address.
You can
Configure Service Routes globally for
the firewall or
customize service routes for
a virtual system on a firewall enabled for multiple virtual
systems so that you have the flexibility to use interfaces associated
with a virtual system. Any virtual system that does not have a service
route configured for a particular service inherits the interface
and IP address that are set globally for that service.