This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NTP & REDs

Hi,

I'm digging through our logfiles and daily report and noticed, that our unified REDs affect much blocked traffic by using NTP-Servers in the Internet.

Found this in manuals: "If you deploy a RED device manually, you have to ensure that Sophos UTM is acting as NTP server. Therefore activate NTP on Sophos UTM and allow the correct network or at least the IP address of the RED."

NTP was not allowed for the RED networks, now it is. Still the same blocked traffic NTP 123.

It's not the RED InterfaceIP which causes this traffic, but the first IP in the RED DHCP range which ist assigned to "RED15w". I think thats ok - Interface= Interface for this network on UTM? First IP in Range = RED itselft? There's no other traffic with this IP.

If I use the "time-server Code 4" for this DHCP-Range and define it as the RED Interface ID the traffic is stopping and it ssems that the RED is getting the time information.

But I don't want other devices in the network to use the Sophos as NTP server.
If we use a firewallrule that allows the RED-IPs to use Port 123 to the internet, we have to define each RED IP as a host object (these IPs are still DHCP and, of course unlikely, can change).

Is this really the proper way? Maybe i'm missing something.

Is it possible to define NTP settings for all REDs?

Greetings



This thread was automatically locked due to age.
  • Hi,

    the RED (in the Standard/Unified operation mode) only make a layer2/ethernet connection, so the gateway IP-interface for the remote site is on the Sophos UTM itself, just check the Interfaces (especially the reds? interfaces).

    That concludes that the first IP in the DHCP must be from a real device there. If you want that they can use a different NTP server, just define it in the corresponding  DHCP-server and add a firewall rule which allow this for DHCP-Range or any/all remote sites. If you have many remote sides I prefer to group all this networks in one Network group (see Network definitions) and make one firewall rule for this group.

    bye Josef

    BERGMANN engineering & consulting GmbH, Wien/Austria