: Interface Used for Accessing External Services on the VM-Series Firewall
Focus
Focus

Interface Used for Accessing External Services on the VM-Series Firewall

Table of Contents

Interface Used for Accessing External Services on the VM-Series Firewall

Interfaces that the VM-Series firewall uses for making API calls.
To access the Palo Alto Networks servers for retrieving licenses and software and content updates, and for publishing custom PAN-OS metrics or retrieving IP address and tag mapping for monitoring virtual machines in your deployment, the VM-Series firewall uses the management interface except where noted below. To use a dataplane interface instead of the management interface where supported, you must set up a service route that specifies the dataplane interface that the firewall can use to access the server or service.
Access to Server or Service
Interface Used on the VM-Series Firewall
Licensing
Management interface only
Software Updates
Management interface or Service Route
Bootstrapping from a cloud storage location such as AWS S3 bucket, Azure storage file service, or Google storage bucket
Management interface only, including when interfaces are swapped
If your bootstrap.xml file includes license authcodes, you cannot use a service route. To license the firewall, the management interface must be used.
Publishing PAN-OS metrics to a cloud monitoring service such as AWS CloudWatch, Azure Application Insights or Google Stackdriver
Management interface only, including when interfaces are swapped
VM Monitoring
Management interface or Service Route