The firewall uses the MGT interface (by default) to access external services, such as DNS servers, software updates, and software licenses. An alternative to using the MGT interface is to configure a data port (a regular interface) to access these services. The path from the interface to the service on a server is known as a
. Service routes can be configured for the firewall or for individual virtual systems. Each service allows redirection of management services to the respective virtual system owner through one of the interfaces associated with that virtual system.
The ability to configure service routes per virtual system provides the flexibility to customize service routes for numerous tenants or departments on a single firewall. The service packets exit the firewall on a port that is assigned to a specific virtual system, and the server sends its response to the configured source interface and source IP address. Any virtual system that does not have a service route configured for a particular service inherits the interface and IP address that are set globally for that service.
To configure service routes for a virtual system, see
Customize Service Routes for a Virtual System.