An administrator wants a new Palo Alto Networks NGFW to obtain automatic application updates daily, so it is configured to use a scheduler for the application database. Unfortunately, they required the management network to be isolated so that it cannot reach the Internet.
Which configuration will enable the firewall to download and install application updates automatically?
To enable the firewall to download and install application updates automatically while keeping the management network isolated from the Internet, you need to configure a service route using a dataplane interface that can access the Internet. This involves setting up a service route for Palo Alto Networks Services and possibly creating a Security policy rule to permit traffic from that interface to the update servers. This way, the firewall can use an alternate interface to reach the Internet for updates without exposing the management interface.
Correct Answer: B
Agree. Service Route will solve this problem. B
https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-networking-admin/service-routes/service-routes-overview
If management port cannot reach the Internet you should manually configure service routes
B is correct.
B is correct
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-admin/networking/service-routes