I just inherited a PA-820 and know nothing about this device. It's unable to connect to the cloud for updates. Currently it's service route is set as the default (Management Interface). I was told by support to switch it to an untrusted interface to resolve this. I can see how that is done via this article: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClGJCA0
My question: Is the Service Route strictly for device management and updates? Because I don't know anything about this device, I certainly don't want to screw anything up by making this change. Is there any risk to doing this?
Service Route is for routing specific traffic from any other interface as per requirement. By default, it uses management interface. Now services like NTP, Syslogs, SNMP Palo alto updates etc are listed under service Route config. Now in your case, you want to do service route changes for Palo Alto updates, you can just select particular settings for this, and select any other interface and it's associated IP address and Ok. Then commit.
Once you commit, palo alto updates request will go from the newly configured interface instead of management interface. And this is applicable for only Palo Alto updates as you have made changes for this service only. All other will go via default i.e. management interface.
Hope it helps!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!