This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Erakul_Siddhart
Participant
‎2019-02-21 02:42 AM

NTP Server

Can anyone explain clear about NTP server in checkpoint, how it's getting synchronization with other server time?. Also Share the steps to proceed in GUI and command which used in CLI for clear understanding.

0 Kudos
13 Replies
Mark_Mitchell
Advisor
‎2019-02-21 06:44 AM

Hi Erakul, 

The Check Point gateway itself doesn't act as an NTP server itself but does sync with other time sources to maintain it's time. 

Is your question "How does Check Point appliances sync with an NTP Server?"

Also would be good to know what version and hardware you are running then we can advise specifically. 

Regards

Mark

Erakul_Siddhart
Participant
‎2019-02-22 02:17 AM
In response to Mark_Mitchell

Hi Mark, Thank you for your answer.

Actually I want know about indeed concept of NTP server, like main reason for NTP sever, how its getting work, sync concepts, where and all it will get effect suppose NTP no working?.

 Can you help me in this kind of case.

0 Kudos
1212akil
Explorer
‎2025-02-11 09:33 PM
In response to Mark_Mitchell

Checkpoint pb-20, is it possible to sync NTP time with it

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-02-12 12:21 PM
In response to 1212akil

GAIA os can sync time with other NTP servers, it cannot be NTP itself:

Important Note: You can configure Gaia OS only as an NTP Client. -> https://support.checkpoint.com/results/sk/sk83820

Syntax

  • To add a new NTP server:

    set ntp
          active {on | off}
          server
                primary <IPv4 address or Hostname of NTP Server> version {1|2|3|4}
                secondary <IPv4 address or Hostname of NTP Server> version {1|2|3|4}

  • To show NTP configuration:

    show ntp
          active
          current
          servers

  • To delete an NTP server:

    delete ntp server <IPv4 address or Hostname of NTP Server>
-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
1212akil
Explorer
‎2025-02-11 11:14 PM
In response to Mark_Mitchell

Hey, we have a checkpoint PB-20 model 5100, does that support NPT sync

0 Kudos
Erakul_Siddhart
Participant
‎2019-02-22 02:13 AM
In response to G_W_Albrecht

Hi Gunther, Thank you for your valuable reference for NTP.

Can you help me out for one more action, for some instead id like sk32027 telling like "To view this solution, Advanced access is required." what I want to do in this kind of case.

0 Kudos
Jerry
Mentor
Mentor
‎2019-02-22 12:21 AM

see WebUI TimeServer section. Place an external or internal NTP host and wait Smiley Happy

on CLI (expert mode) you can always query localhost like that

ntpq -pn

this will show you whether the host is syncing-up or not

Jerry
Erakul_Siddhart
Participant
‎2019-02-22 02:22 AM
In response to Jerry

Hi Jerry, Thank You.

"Place an external or internal NTP host and wait " -  can you able to explain this briefly. Because I have no clear idea about NTP server how its working and synchronization with other system server.

0 Kudos
Jerry
Mentor
Mentor
‎2019-02-22 04:06 AM
In response to Erakul_Siddhart

That's fine.

you need to place IP addresses into the field by WebUI section.

when you do that SYNC from Check Point device towards local IP address of your locally-hosted NTP server that sync does not leave your network,

when you do that SYNC from Check Point device towards external IP address ie. 195.66.241.10 - that is an external public (well known and with good reliability) NTP server - that traffic is leaving your local network towards an Internet host. Either way you need to create Access Rules for that purpose allowing udp/123 port through. How you're going to do that? I think this is a matter of creating respective Rules in your Smart Dashboard and allow traffic as a principle.

In the mean time please do think about allowing that NTP sync to all "network devices" not only CP host (your FW). Local hosts like PC usually sync-ntp (time w32t) against their DC (domain controller) so no need to allow "hosts" to sync via Internet or locally to your NTP server. IT is now a matter ... can you deploy that yourself? Smiley Happy 

hope it helps.

J.

Jerry
Erakul_Siddhart
Participant
‎2019-02-25 11:45 PM
In response to Jerry

It's really helpful Jerry Thank You.

I will think and try this one how its getting sync with all the device over NTP server.

0 Kudos
PhoneBoy
Admin
Admin
‎2019-02-23 04:40 PM

If you want to learn about how NTP works in general (not Check Point specific): ntp.org: Home of the Network Time Protocol 

Various features in the product rely on the security gateway having an accurate clock, specifically TLS, IPSEC, logging, state sync, and others.

Erakul_Siddhart
Participant
‎2019-02-25 11:47 PM
In response to PhoneBoy

Sure Dameon, I will refer and learn that first and use it in Checkpoint.

Thank you so much...

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top