This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Hugo_vd_Kooij
Advisor
‎2022-06-09 03:54 AM

effect of using nl.pool.ntp.org as domain object

We have a customer that asked to allow NTP to nl.pool.ntp.iorg but that pool is rather big so the FQDN result will vary a lot over the course of a day. Nut sure if that will cause issues where a device will be in NTP sync for a few hours but then run into sync issues do to the varying nature of the results.

Has anyone done this before? Or should I juist put any in the destion and accept that NTP traffic may go all ove the place?

Any thoughts on this?

Regards, Hugo.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
4 Replies
Hugo_vd_Kooij
Advisor
‎2022-06-09 03:57 AM

Using a Country as destination might be another way to limit that scope without it becoming impractical in terms of management or security.

<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>
0 Kudos
Nik_Bloemers
Advisor
Advisor
‎2022-06-09 05:33 AM

Hi Hugo,

I've recently made a rule for the domain object .pool.ntp.org
It seems to work just fine.

Nik

0 Kudos
Wolfgang
Authority
Authority
‎2022-06-10 05:01 AM

FQDN domain objects are a really nice feature and we are happy to use them. No problem with changes of the records. The gateway follows the TTL of the DNS records and too updates the FQDN object every 60min and with policy install.

See Domain Objects in R8x and How do Domain Objects work? 

With Domains Tool (domains_tool) you can check the actual information in the gateways cache.

No worry using these objects.

0 Kudos
Vladimir
Champion
Champion
‎2022-06-10 09:35 AM

@Hugo_vd_Kooij , There is got to be some serious drift on devices in question for this situation to have material effect. Generally, if situation warrants high-precision timekeeping, I'd suggest having an on-premises time server (even software-based https://www.meinbergglobal.com/english/sw/) and use external servers only as references for those.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events