Thank you very much for the KB. Actually the traffic was getting NAT to the cluster vip and after allowing the cluster VIP for NTP, firewall was able to sync with NTP server.
I have couple of questions:
Though the traffic getting NAT to cluster VIP when I run the tcpdump utility on the gateway I still see the physical ip of the interface ip trying to connect to the NTP server. Is there any other options available to capture the traffic from the egress interface to confirm the source ip?
Further I have noticed though perform_cluster_hide_fold option was enabled for R80.20 cluster similar to R77.20, on the NTP server I’m receiving the traffic on the physical interface ip rather than cluster VIP. Is there any other options that will override the NAT.
Thanks in advance