https://community.sophos.com/sophos-xg-firewall/f/discussions/148046/open-port-123-for-ubiquiti-ntp-accessHi all, I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTPen-USTelligent Community 12https://community.sophos.com/thread/548896?ContentTypeID=1Thu, 21 Nov 2024 12:42:14 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:8e182565-74fe-49e2-9f43-8331b3584107LHerzog<p>the Unifi devices will connect to the NTP servers defined in the Network server / controller.&nbsp;</p> <p><img alt=" " src="/resized-image/__size/1280x960/__key/communityserver-discussions-components-files/126/pastedimage1732192772478v2.png" /></p> <p>That&#39;s what you need to allow</p> <p>Unifi devices do not need NTP before they register at the Network server. After they register, they will use the time servers defined by you there.</p> <p>Unifi devices will ignore NTP servers that you set as DHCP option (41).</p><div style="clear:both;"></div>https://community.sophos.com/thread/548895?ContentTypeID=1Thu, 21 Nov 2024 12:30:29 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:d3c53cba-0e6f-41f9-93da-2cbff0c3fba8RickWeiss<p>I have used the following Sophos Recommended Read to allow NTP access for all my internal devices.&nbsp; It has worked well for the last couple of years.</p> <p>I used Option 1 and chose to use us.pool.ntp.org but you can use what ever ntp source is appropriate for your location.</p> <p>&nbsp;<a href="/sophos-xg-firewall/f/recommended-reads/118433/sophos-firewall-using-nat-to-achieve-ntp-proxy-like-functionality">https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/118433/sophos-firewall-using-nat-to-achieve-ntp-proxy-like-functionality</a></p><div style="clear:both;"></div>https://community.sophos.com/thread/548874?ContentTypeID=1Thu, 21 Nov 2024 07:34:51 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:9a831fde-2326-4f1c-8aad-84d208417f98rfcat_vk<p>Please try adding a UDP for NTP to the service definition.</p> <p>Ian</p><div style="clear:both;"></div>https://community.sophos.com/thread/548869?ContentTypeID=1Thu, 21 Nov 2024 04:25:50 GMT4be5eb7d-caa4-4ff5-8e60-8f9463545a35:65f93413-2621-4ba2-95f9-056b4bab725fErick Jan<p>Hi MCBLC,</p> <p>Thank you for reaching out to Sophos Community.</p> <p>I recommend checking the logs and performing a packet capture/TCPDump to gain more insight into what has happened to the traffic.</p> <p><span>You may also create&nbsp;an allow firewall rule and position the rule on top without any other policies</span></p> <p>Kindly check the following links and similar posts.&nbsp;</p> <ul> <li><a href="https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/FirewallRules/FirewallRuleAdd/index.html">Add a firewall rule</a></li> <li>&nbsp;<a href="https://community.sophos.com/sophos-xg-firewall/f/discussions/141584/allow-port-in-sophos-firewall">Allow Port in Sophos Firewall</a>&nbsp;</li> </ul><div style="clear:both;"></div>