How to set a service route on an interface with dynamic IP
15774
Created On 10/17/19 02:56 AM - Last Modified 01/02/23 22:54 PM
Objective
- If any configured services are not reachable via management interface and can only be reachable via dataplane interfaces, then one should set up a service route.
- When one tries to configure the same, only the interfaces configured with Static IP are displayed in the list. The interfaces configured with Dynamic IP are not displayed (Example below)
- The objective of this article is to show how to set this service route using this interface with a dynamic IP configuration.
GUI: Device > Setup > Services > Service Route Configuration
Environment
- Palo Alto Firewall
- Supported PAN-OS.
- Dataplane interface with dynamic IP configuration.
- Service route using dataplane interface
Procedure
In the Service route configuration, instead of assigning using the interface, it is possible to do it via the destination.
To do so :
- Go to GUI: Device> Setup>Services
- Click on "Service routes configuration"
- Click on "Customize" radio button
- Click on the tab "Destination"
- Click on "Add" and Enter the Destination information (IP address) and the Source Interface to use.
Note:
- Select "Any" - Source Interface makes all IP addresses on all interfaces available in the Source Address drop-down from which you select an address.
- Select "MGT" - causes the firewall to use the MGT interface for the service route.
- As displayed, the service route to reach 8.8.8.8 is sourced from the IP 10.129.128.76 which is the assigned IP address to the interface ethernet1/1
- Commit the configuration.
Additional Information
Admin Guide
Configure Service Routes