Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Vladimir
Champion
Champion

Unexpected rejection of NTP traffic by URLF

Can anyone tell me the reason I am seeing NTP traffic being bagged by the gateway?

NTP is not listed as the service associated with the Facebook and it is actually an Apple's service/domain:

Facebook_Block_stops_NTP_Rules_and_Services.pngFacebook_Block_stops_NTP_Log.png

0 Kudos
7 Replies
HeikoAnkenbrand
Champion Champion
Champion

Hi @Vladimir,

try the following:
1) Create a clone of the service ntp-udp
2) Enable "Protocol Signature"ntp-udp.PNG
3) Use the new service ntp-udp_Clone in the ruleset.

This limits the PSL analysis only to UDP port 123.

➜ CCSM Elite, CCME, CCTE
Vladimir
Champion
Champion

Thanks @HeikoAnkenbrand , but this does not explain why it was rejected in the first place, which is what I am trying to figure out:)

0 Kudos
PhoneBoy
Admin
Admin

Going to guess a bad signature got pushed out.

0 Kudos
Vladimir
Champion
Champion

You may want to alert relevant team about his one: either apple or NTP bound to have issues...

0 Kudos
the_rock
Legend
Legend

Hm...I see your point, thats very odd. Looking at your rule, it only shows app facebook,not any ntp services, so its not very logical as to why it would drop it on that rule. Did this just start happening recently or you ever noticed it before after you created the rule?

 

Andy

0 Kudos
Vladimir
Champion
Champion

Did not see it before, but then thi is a lab setup where I work out some issues for the clients or trying things out for myself. This gem manifested only after said rule was created.

0 Kudos
Avi_Bechor
Employee
Employee

Hi Vladimir,
I have contacted you in a private message which will help better understand your case. To my current understanding, the NTP detection worked as expected, but more details regarding your case and environment may be needed. Let's continue this offline
Thanks,
Avi

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events