Hi,
I'm digging through our logfiles and daily report and noticed, that our unified REDs affect much blocked traffic by using NTP-Servers in the Internet.
Found this in manuals: "If you deploy a RED device manually, you have to ensure that Sophos UTM is acting as NTP server. Therefore activate NTP on Sophos UTM and allow the correct network or at least the IP address of the RED."
NTP was not allowed for the RED networks, now it is. Still the same blocked traffic NTP 123.
It's not the RED InterfaceIP which causes this traffic, but the first IP in the RED DHCP range which ist assigned to "RED15w". I think thats ok - Interface= Interface for this network on UTM? First IP in Range = RED itselft? There's no other traffic with this IP.
If I use the "time-server Code 4" for this DHCP-Range and define it as the RED Interface ID the traffic is stopping and it ssems that the RED is getting the time information.
But I don't want other devices in the network to use the Sophos as NTP server.
If we use a firewallrule that allows the RED-IPs to use Port 123 to the internet, we have to define each RED IP as a host object (these IPs are still DHCP and, of course unlikely, can change).
Is this really the proper way? Maybe i'm missing something.
Is it possible to define NTP settings for all REDs?
Greetings
This thread was automatically locked due to age.