Network Time Protocol (NTP) synchronizes computer clock times across a network. Your Firebox can use NTP to automatically get the correct time from NTP servers on the Internet to set the system clock. Because the Firebox uses the time from its system clock for each log message it generates, it is important that the time on your device is set correctly. Your device can use a maximum of three NTP servers. When you enable NTP, you can use the three default NTP servers, or you can remove these and specify different NTPservers.
When NTP is enabled, your device contacts an NTP server to synchronize the time. When NTP is enabled, you can optionally enable your Firebox as an NTP server. When you enable your device as an NTPserver, clients on your private networks can contact your Firebox to synchronize the time.
To use NTP, your device configuration must allow DNS. DNS is allowed in the default configuration by the Outgoing policy. You must also configure DNS servers for the external interface before you enable NTP.
For more information about how to configure DNSservers, go to Add WINS and DNS Server Addresses.
Enable NTP
You can configure your Firebox to get the time from up to three NTPservers.
If there is a difference of more than 1000 seconds between the Firebox and NTP, you must synchronize the time manually. For more information, go to Synchronize the System Time.
To enable NTP, from Policy Manager:
- Select Setup > NTP.
The NTP Setting dialog box appears.
- Select the Use NTP to synchronize the system time check box.
- To remove a server, select the server entry in the NTP Server Names/IPs list and click Remove.
- To add an NTPserver, type the IP address or host name of the NTP server you want to use in the text box and click Add.
- Click OK.
To enable NTP, from Fireware Web UI:
- Select System >NTP.
The NTP Setting page appears
- Select the Use NTP to synchronize the system time check box.
- To remove a server, select the server entry and click Remove.
- To add an NTPserver, from the Choose Type drop-down list, select Host IPor Host Name, then type the IPaddress or host name of the NTPserver you want to add in the adjacent text box.
- Click Save.
Enable the Firebox as an NTPServer
After you enable NTP, you can optionally enable your device to function as an NTP server for clients on your private networks.
To enable your device as an NTP server, from Policy Manager or Fireware Web UI:
- Enable NTP on your device as described in the previous section.
- In the NTP settings, select the Enable this device as an NTP server check box.
When you enable your device as an NTP server, the NTP Server policy is automatically created, if an NTPpolicy does not already exist. This policy allows NTP traffic from clients on your trusted and optional networks to the Firebox. If you want clients on a custom network to use the Firebox as an NTP server, you must edit this policy to add the alias of each custom interface to the From list.
For clients to use your Firebox as an NTP server, you must configure the clients to get the time from the Firebox. On Windows and macOS, you configure this in the date and time settings on the client. In the date and time settings, configure the client to get the date and time from a trusted or optional interface IP address of your device, or from a domain name that resolves to the trusted or optional interface IP address.
If you edit the NTPServer policy to allow NTPtraffic from a custom interface, you can use the IP address of the custom interface in the date and time settings for clients that connect to that custom network.
Related Topics
About the DNS-Proxy
© 2024 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and the WatchGuard logo are registered trademarks or trademarks of WatchGuard Technologies in the United States and other countries. Various other trademarks are held by their respective owners.
