cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

NTP Server

Can anyone explain clear about NTP server in checkpoint, how it's getting synchronization with other server time?. Also Share the steps to proceed in GUI and command which used in CLI for clear understanding.

0 Kudos
10 Replies

Re: NTP Server

Hi Erakul, 

The Check Point gateway itself doesn't act as an NTP server itself but does sync with other time sources to maintain it's time. 

Is your question "How does Check Point appliances sync with an NTP Server?"

Also would be good to know what version and hardware you are running then we can advise specifically. 

Regards

Mark

Re: NTP Server

Hi Mark, Thank you for your answer.

Actually I want know about indeed concept of NTP server, like main reason for NTP sever, how its getting work, sync concepts, where and all it will get effect suppose NTP no working?.

 Can you help me in this kind of case.

0 Kudos

Re: NTP Server

Hi Gunther, Thank you for your valuable reference for NTP.

Can you help me out for one more action, for some instead id like sk32027 telling like "To view this solution, Advanced access is required." what I want to do in this kind of case.

0 Kudos
Jerry
Gold

Re: NTP Server

see WebUI TimeServer section. Place an external or internal NTP host and wait Smiley Happy

on CLI (expert mode) you can always query localhost like that

ntpq -pn

this will show you whether the host is syncing-up or not

Jerry

Re: NTP Server

Hi Jerry, Thank You.

"Place an external or internal NTP host and wait " -  can you able to explain this briefly. Because I have no clear idea about NTP server how its working and synchronization with other system server.

0 Kudos
Jerry
Gold

Re: NTP Server

That's fine.

you need to place IP addresses into the field by WebUI section.

when you do that SYNC from Check Point device towards local IP address of your locally-hosted NTP server that sync does not leave your network,

when you do that SYNC from Check Point device towards external IP address ie. 195.66.241.10 - that is an external public (well known and with good reliability) NTP server - that traffic is leaving your local network towards an Internet host. Either way you need to create Access Rules for that purpose allowing udp/123 port through. How you're going to do that? I think this is a matter of creating respective Rules in your Smart Dashboard and allow traffic as a principle.

In the mean time please do think about allowing that NTP sync to all "network devices" not only CP host (your FW). Local hosts like PC usually sync-ntp (time w32t) against their DC (domain controller) so no need to allow "hosts" to sync via Internet or locally to your NTP server. IT is now a matter ... can you deploy that yourself? Smiley Happy 

hope it helps.

J.

Jerry

Re: NTP Server

It's really helpful Jerry Thank You.

I will think and try this one how its getting sync with all the device over NTP server.

0 Kudos
Admin
Admin

Re: NTP Server

If you want to learn about how NTP works in general (not Check Point specific): ntp.org: Home of the Network Time Protocol 

Various features in the product rely on the security gateway having an accurate clock, specifically TLS, IPSEC, logging, state sync, and others.

Re: NTP Server

Sure Dameon, I will refer and learn that first and use it in Checkpoint.

Thank you so much...

0 Kudos