Configure Services for Global and Virtual Systems

Edit
Services
to define the destination IP addresses of DNS servers, the Update Server, and the Proxy Server. Use the dedicated
NTP
tab to configure Network Time Protocol settings. See Table 12 for field descriptions of the available Services options.
In
Service Features
, click
Service Route Configuration
to specify how the firewall will communicate with other servers/devices for services such as DNS, email, LDAP, RADIUS, syslog, and many more. There are two ways to configure global service routes:
The
Use Management Interface for all
option will force all firewall service communications with external servers through the management interface (MGT). If you select this option, you must configure the MGT interface to allow communications between the firewall and the servers/devices that provide services. To configure the MGT interface, select Device > Setup > Management and edit the settings.
The
Customize
option allows you granular control over service communication by configuring a specific source interface and IP address that the service will use as the destination interface and destination IP address in its response. (For example, you could configure a specific source IP/ interface for all email communication between the firewall and an email server, and use a different source IP/interface for Palo Alto Networks Services.) Select the one or more services you want to customize to have the same settings and click
Set Selected Service Routes
. The services are listed in Table 13, which indicates whether a service can be configured for the
Global
firewall or
Virtual Systems
, and whether the service supports an IPv4 and/or IPv6 source address.