How can I get PAN updates via the MGMT Interface if its on an isolated network inside my organization. NOTE: Its not on the internal zone. The route is working as i can see my packets leaving via egress when i ping from the host connected to the MGMT port. I want to avoid using Service route configuration via the external facing interface. Cheers!
You either have the management interface get be allowed internet access to pull updates, create a service route, or manually upload and apply updates. That's really the only three options you have as far as updates go.
@supruzerin Device > Setup > Services > Service Route Configuration you can addcustomized interface configuration per service so those connections go out of a dataplane interface instead of the management interface. This comes in handy if you want to pull in dynamic updates while your management interface has no route to the internet.
Make sure that you also account for DNS, as the firewall will need to resolve updates.paloaltonetworks.com. You may need to add a service route for DNS as well
Also set up appropriate security rules so the connections are allowed to go out
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!