Gents and Galls,
We are having an issue with time. For on of our customers we are forwarding logs to a SOC SIEM solution. From the guys running that platform we are getting complaints that we do not keep all gateways on the same time.
All gateways are running NTP, however as we support customers globally on Internet connections from many different suppliers, there is no single NTP server that we can use.
In these case we mostly use pool.ntp.org the only problem there is that Check Point forces you to enter a version. Why is this a problem? When you set the primary with lets say version 3 and a secondary with version 4. The primary will get a server from the pool, will it run V3? who knows?
What we found is that most of the times when we add 2 NTP servers like pool.ntp.org and uk.pool.ntp.org it still fails to work properly.
So one of the primary questions would be: Why is Check Point forcing us to add a version?
Yes we could setup our own NTP server, however before I have that properly setup and running it takes me about a month.