Enable NTP and Configure NTP Servers

Network Time Protocol (NTP) synchronizes computer clock times across a network. Your Firebox can use NTP to automatically get the correct time from NTP servers on the Internet to set the system clock. Because the Firebox uses the time from its system clock for each log message it generates, it is important that the time on your device is set correctly. Your device can use a maximum of three NTP servers. When you enable NTP, you can use the three default NTP servers, or you can remove these and specify different NTP servers.

When NTP is enabled, your device contacts an NTP server to synchronize the time. When NTP is enabled, you can optionally enable your Firebox as an NTP server. When you enable your device as an NTP server, clients on your private networks can contact your Firebox to synchronize the time.

To use NTP, your device configuration must allow DNS. DNS is allowed in the default configuration by the Outgoing policy. You must also configure DNS servers for the external interface before you enable NTP.

For more information about how to configure DNS servers, go to Add WINS and DNS Server Addresses.

Enable NTP

In Fireware v11.11.2 and higher, NTP is enabled automatically when you run the Web Setup Wizard or Quick Setup Wizard, or use Policy Manager to create a new Firebox configuration.

You can configure your Firebox to get the time from up to three NTP servers.

If there is a difference of more than 1000 seconds between the Firebox and NTP, you must synchronize the time manually. For more information, go to Synchronize the System Time.

Enable the Firebox as an NTP Server

After you enable NTP, you can optionally enable your device to function as an NTP server for clients on your private networks.

To enable your device as an NTP server, from Policy Manager or Fireware Web UI:

  1. Enable NTP on your device as described in the previous section.
  2. In the NTP settings, select the Enable this device as an NTP server check box.

When you enable your device as an NTP server, the NTP Server policy is automatically created, if an NTP policy does not already exist. This policy allows NTP traffic from clients on your trusted and optional networks to the Firebox. If you want clients on a custom network to use the Firebox as an NTP server, you must edit this policy to add the alias of each custom interface to the From list.

For clients to use your Firebox as an NTP server, you must configure the clients to get the time from the Firebox. On Windows and macOS, you configure this in the date and time settings on the client. In the date and time settings, configure the client to get the date and time from a trusted or optional interface IP address of your device, or from a domain name that resolves to the trusted or optional interface IP address.

If you edit the NTP Server policy to allow NTP traffic from a custom interface, you can use the IP address of the custom interface in the date and time settings for clients that connect to that custom network.

Related Topics

About the DNS-Proxy