Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Participant

NTP Server

Can anyone explain clear about NTP server in checkpoint, how it's getting synchronization with other server time?. Also Share the steps to proceed in GUI and command which used in CLI for clear understanding.

0 Kudos
10 Replies
Highlighted

Hi Erakul, 

The Check Point gateway itself doesn't act as an NTP server itself but does sync with other time sources to maintain it's time. 

Is your question "How does Check Point appliances sync with an NTP Server?"

Also would be good to know what version and hardware you are running then we can advise specifically. 

Regards

Mark

Highlighted
Participant

Hi Mark, Thank you for your answer.

Actually I want know about indeed concept of NTP server, like main reason for NTP sever, how its getting work, sync concepts, where and all it will get effect suppose NTP no working?.

 Can you help me in this kind of case.

0 Kudos
Highlighted
Participant

Hi Gunther, Thank you for your valuable reference for NTP.

Can you help me out for one more action, for some instead id like sk32027 telling like "To view this solution, Advanced access is required." what I want to do in this kind of case.

0 Kudos
Highlighted
Leader
Leader

see WebUI TimeServer section. Place an external or internal NTP host and wait Smiley Happy

on CLI (expert mode) you can always query localhost like that

ntpq -pn

this will show you whether the host is syncing-up or not

Jerry
Highlighted
Participant

Hi Jerry, Thank You.

"Place an external or internal NTP host and wait " -  can you able to explain this briefly. Because I have no clear idea about NTP server how its working and synchronization with other system server.

0 Kudos
Highlighted
Leader
Leader

That's fine.

you need to place IP addresses into the field by WebUI section.

when you do that SYNC from Check Point device towards local IP address of your locally-hosted NTP server that sync does not leave your network,

when you do that SYNC from Check Point device towards external IP address ie. 195.66.241.10 - that is an external public (well known and with good reliability) NTP server - that traffic is leaving your local network towards an Internet host. Either way you need to create Access Rules for that purpose allowing udp/123 port through. How you're going to do that? I think this is a matter of creating respective Rules in your Smart Dashboard and allow traffic as a principle.

In the mean time please do think about allowing that NTP sync to all "network devices" not only CP host (your FW). Local hosts like PC usually sync-ntp (time w32t) against their DC (domain controller) so no need to allow "hosts" to sync via Internet or locally to your NTP server. IT is now a matter ... can you deploy that yourself? Smiley Happy 

hope it helps.

J.

Jerry
Highlighted
Participant

It's really helpful Jerry Thank You.

I will think and try this one how its getting sync with all the device over NTP server.

0 Kudos
Highlighted
Admin
Admin

If you want to learn about how NTP works in general (not Check Point specific): ntp.org: Home of the Network Time Protocol 

Various features in the product rely on the security gateway having an accurate clock, specifically TLS, IPSEC, logging, state sync, and others.

Highlighted
Participant

Sure Dameon, I will refer and learn that first and use it in Checkpoint.

Thank you so much...

0 Kudos