NTP server not working with Fortigate in between

Forum|Forum|7 years ago
July 20, 2018
1 reply
7019 views

I had this Fortigate 100D set as a firewall in between 2 different network.

Network A (Linux server. IP:10.1.1.88) --- | Fortigate | --- Network B (NTP server. IP:192.168.1.10)

10.1.1.88 NAT 10.128.255.88

10.128.254.10 NAT 192.168.1.10

The Linux server 10.1.1.88 able to ping to 10.128.254.10 (NAT'ed IP). The NTP server 192.168.1.10 able to ping 10.128.255.88 (NAT'ed IP).

The Linux server even able to run ntpd -q 10.128.254.10.

# ntpdate -q 10.128.254.10
server 10.128.254.10, stratum 2, offset -10.148487, delay 0.04221.

However, when check on the ntpd sync, it won't sync and shows stratum 16 on this server.

# ntpq -c peers remote refid st t when poll reach delay offset jitter ================================== 10.128.254.10 .INIT. 16 u - 1024 0 0.000 0.000 0.000

If I move this NTP server into the same Network A as Linux server, there are no issue. It seems something in the firewall are blocking. When I check on the logs, there are no logs showing traffic block as both site policy are set to allow ALL SERVICES.

aaronfoo1314Author

New Member

I found the solution. Case closed.

Fortigate NAT will translate the port 123 for NTP to another port when run

diag sniffer packet any 'port 123' 4 0 a

Change the NAT to Fixed port. At the selected policy,

set fixedport enable

Then the issue resolved.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded