GUI:
Use Device > Setup > Services > Service Route Configuration > Customize and configure the appropriate service routes.

To configure service routes for non-predefined services, the destination addresses can be manually entered in the Destination section:

In the example above, the service routes for 192.168.27.33 and 192.168.27.34 are configured to source from 192.168.27.254 on a dataplane interface and the management interface, respectively.
On the CLI
Run the command set deviceconfig system route service to show the options for the command.
> configure
# set deviceconfig system route service
autofocus AutoFocus Cloud
crl-status CRL servers
deployments Panorama pushed updates
dns DNS server(s)
edl-updates External Dynamic List update server
email SMTP gateway(s)
hsm Hardware Security Module server(s)
http HTTP Forwarding server(s)
kerberos Kerberos server
ldap LDAP server
mdm MDM servers
mfa Multi-Factor Authentication
netflow Netflow server(s)
ntp NTP server(s)
paloalto-networks-services Palo Alto Networks Services
panorama Panorama server
proxy Proxy server
radius RADIUS server
scep SCEP
snmp SNMP server(s)
syslog Syslog server(s)
tacplus TACACS+ server
uid-agent UID agent(s)
url-updates URL update server
vmmonitor VM monitor
wildfire-private WildFire Appliance
<value> Service name
Select the service and source address. Example given below. The source address listed is the address configured on the dataplane interfaces.
# set deviceconfig system route service paloalto-networks-services source address
10.0.0.1/24 ip 10.0.0.1/24
172.16.0.1/24 ip 172.16.0.1/24
192.168.0.230/24 ip 192.168.0.230/24
192.168.27.254/24 ip 192.168.27.254/24
192.168.27.5 mgmt 192.168.27.5
198.51.100.1/24 ip 198.51.100.1/24
<value> Source IP address to use to reach destination
Example command to set a service route for receiving Palo Alto Networks updates using one of the available dataplane interfaces:
# set deviceconfig system route service paloalto-networks-services source address 198.51.100.1/24
Non-predefined service routes can also be configured through CLI. For example:
# set deviceconfig system route destination 192.168.27.33 source address 192.168.27.254/24
Note: Explicit policies are required in the security rules to log and allow traffic.