Enable Service Routes for Telemetry
Table of Contents
Enable Service Routes for Telemetry
Enable different service routes for telemetry to provide
connection with Strata Logging Service.
You can configure specific configuration requirements
for device telemetry that collects data about your next-generation
firewall. For each virtual system, you can configure service routes
to use specific interfaces for outbound telemetry data and share
it by uploading to Strata Logging Service.
- Select .Click the Service Route Configuration link under Services Features.Select Customize.Click Add for each destination you want to configure.Enter the FQDNs or IP addresses for each Destination.Only explicitly enter IP addresses when testing. IP addresses are dynamic and may be subject to change. If the IP address resolves but the URL does not, review DNS related information about the firewall.Some common Palo Alto Network Service Destinations for Strata Logging Service may include:
- api.paloaltonetworks.com
- apitrusted.paloaltonetworks.com
- lic.lc.prod.us.cs.paloaltonetworks.com (if US based)
- storage.googleapis.com
- br-prd1.us.cdl.paloaltonetworks.com (if US based)
Review the FQDNs required for Strata Logging Service for your specific locale.You can find the licensing destination using the
command in the CLI.Show device-telemetry detailsChoose the custom Source Interface you want to route the telemetry traffic through.Choose the custom Source Address associated with the interface.The image below shows a sample configuration based on common Strata Logging Service FQDNs.![]()
Commit the configuration.
