The new NAT engine in V18 provides a high degree of flexibility when it comes to solving some interesting network problems. I don't know if it has been shared here or not, but you can use NAT to achieve NTP proxy like functionality. A standard use case seen is that clients would like to use the IP address of the firewall as the NTP server. Consider this as an example environment:
To make this work, create a NAT policy like the following:
Naturally, you can create variations of this NAT policy, based on your network configuration and the location of the NTP server.
In the new XG V18 architecture training course, there are a few more examples demonstrating how to control NTP and DNS traffic. I encourage you to check out the training material as it provides more in-depth knowledge of the new V18 features.
I voted, like the other 665 administrators, to implement the NTP server in the XG Firewall. Unfortunately, even though the NTP server is the second most demanded feature at the ideas.sophos…
I tried exactly the same configuration but it doesn't work, it seems the NAT rule not matching the NTP traffic requests.
On the firewall log I found these denied traffic:
172.20.37.254 is the XG LAN IP address and 172.20.37.10 is the device asking for time service (NTP).
...sorry, obviously it needs also a firewall rule to accept the traffic (NAT does only translation).
So by configuring also this firewall rule:
it works like a charm!