Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Frank_Hauser1
Explorer

NTP service not available as standard

Hello,

I was working on my CP 600 Release "R77.20.80 (990172392)" observed the following:

the standard service NTP is not available/visible CP, I had to create it extra as udp/123.
E.g. there is also the phenomenon that network objects e.g. cannot perform ICMP. However, it is enabled in the rules.
Only a change to "any" has created a remedy, but this is not supposed to be the case !!!!
Also I don't see a problem in monitoring, except that it was forbidden.
The configuration/monitoring is always done with the GUI.
Does a "RESET" and the import of a backup help here?

Best Regards and Happy New Year,

Frank.

0 Kudos
4 Replies
PhoneBoy
Admin
Admin

Not sure what you mean by "network objects cannot perform ICMP."
Do you mean you are unable to define specific rules?
Screenshots may help.

Also, I don't understand what you mean by "I don't see a problem in monitoring except it was forbidden."
Again, screenshots might help.
0 Kudos
Frank_Hauser1
Explorer

Thanks for the answer.
The NTP service is not defined in the standard. I had to set it up specially:

See Screenshot: NTP.jpg

See Screenshot from Log: Log.jpg

See Screenshot Policy Control: AccesPolicyControl.JPG

If I configure this IP  to "any", then the traffic works.
1. All other objects have no problem with "icmp".
2. Screenshot Policy.JPG is the manual release in the rule.
3. Screenshot active Service: ActivePolicyforService.jpg

Is it possibly the last firmware update that causes me problems?

0 Kudos
PhoneBoy
Admin
Admin

NTP is not among the default services created on the SMB appliances.
Note that R77.20.80 (possibly with a newer build number) is the latest firmware available for the 600 Series.
Other than important security/bug fixes, there will be no additional firmware release for these appliances.

You're defining a rule in the section called "Outgoing access to the Internet" whereas the ICMP drop is to something on the same subnet.
What happens if you create the same rule on "Incoming, Internal and VPN traffic" section?

I don't understand what you are trying to accomplish with the rules related to NTP.
What is the intended source and destination of this traffic?
0 Kudos
HristoGrigorov

Yeah, the appliance itself cannot act as a NTP server so it makes no sense to add it as a destination for NTP protocol.

 

You complain that NTP is not already on the Services objects list and you have a valid point here as it is more or less widely used service and should be there. Perhaps you can submit enhancement request to CheckPoint but it is unlikely that it will be added because as @PhoneBoy already said there will be only security and bug fixes for this device.

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events