I'm migrating a customer over to the XG firewall and they're not sure what devices are statically assigned the UTM as their NTP server.
I know I can do tcpdump dst port 123, but that will show all traffic for NTP (not just NTP traffic straight to the firewall).
I've tried tcpdump host 10.110.10.1 port ntp, but I get invalid syntax.
Make a logging firewall rule to allow traffic to utm's ntp service.
Somewhat related, I just have a dnat rule forcing any ntp traffic to the utm.
Btw, last I checked XG did not have a NTP server. Did that change recently?
I would think all networked devices use ntp to update time unless explicitly set to manual. I have an old asus rt-something router used as a semi-smart (vlan) switch only. Time not really important, but it still polls a ntp server. I would just use a dnat rule similar to above to force any port 123 traffic to what ever ntp server you're running.
