Description
This article discusses about NTP in the FortiGate VDOM environment.
Solution
In VDOM environment, the management traffic like NTP, DNS etc, will pass through with the management VDOM and by default a management VDOM is 'root' VDOM use by FortiOS to communicate with FortiGuard NTP server and other service’s like SNMP,Fortiguard License etc.
In VDOM environment, an internet connection in the management VDOM for NTP is necessary.
SYNC with the global fortiguard NTP server 'ntp2.fortiguard.com' and 'ntp1.fortiguard.com'.
Find the below command to verify the FortiGuard NTP server used by the FortiGate firewall.
Login from CLI.
Solution 1.
Make the Internet facing VDOM as management VDOM.
Find the below CLI and GUI options.
From GUI.
Go to 'Global VDOM' -> System -> 'VDOM -> select VDOM from the List and select 'Switch Management'.
This article discusses about NTP in the FortiGate VDOM environment.
Solution
In VDOM environment, the management traffic like NTP, DNS etc, will pass through with the management VDOM and by default a management VDOM is 'root' VDOM use by FortiOS to communicate with FortiGuard NTP server and other service’s like SNMP,Fortiguard License etc.
In VDOM environment, an internet connection in the management VDOM for NTP is necessary.
SYNC with the global fortiguard NTP server 'ntp2.fortiguard.com' and 'ntp1.fortiguard.com'.
Find the below command to verify the FortiGuard NTP server used by the FortiGate firewall.
Login from CLI.
# config global
# diagnose sys ntp status
synchronized: yes, ntpsync: enabled, server-mode: disabledIf the Internet line is on a different VDOM instead of management VDOM then there is two solutions for the case :
ipv4 server(ntp2.fortiguard.com) 208.91.113.71 -- reachable(0xd7) S:0 T:456
server-version=4, stratum=2
reference time is e25a00d7.8fc275c6 -- UTC Mon May 4 02:47:51 2020
clock offset is -0.087029 sec, root delay is 0.000092 sec
root dispersion is 0.012268 sec, peer dispersion is 2371 msec
ipv4 server(ntp2.fortiguard.com) 208.91.114.23 -- reachable(0xff) S:0 T:27 selected <----- NTP server currently using by FortiOS.
server-version=4, stratum=2
reference time is e259fa1c.f83911d7 -- UTC Mon May 4 02:19:08 2020
clock offset is -0.097479 sec, root delay is 0.000244 sec
root dispersion is 0.046616 sec, peer dispersion is 2491 msec
ipv4 server(ntp1.fortiguard.com) 208.91.113.70 -- reachable(0xff) S:0 T:346
server-version=4, stratum=2
reference time is e25a0014.934486c8 -- UTC Mon May 4 02:44:36 2020
clock offset is -0.082452 sec, root delay is 0.000153 sec
root dispersion is 0.013306 sec, peer dispersion is 3659 msec
ipv4 server(ntp1.fortiguard.com) 208.91.114.98 -- reachable(0xbf) S:0 T:97
server-version=4, stratum=2
reference time is e259ff75.db5383eb -- UTC Mon May 4 02:41:57 2020
clock offset is -0.072992 sec, root delay is 0.000107 sec
root dispersion is 0.012192 sec, peer dispersion is 2374 msec
Solution 1.
Make the Internet facing VDOM as management VDOM.
Find the below CLI and GUI options.
From GUI.
Go to 'Global VDOM' -> System -> 'VDOM -> select VDOM from the List and select 'Switch Management'.
Using CLI command.
Or else, provide the Internet access to management VDOM using 'inter-vdom' link to connect MGMT VDOM with internet facing VDOM for internet access.
Related 'inter-vdom' link :
https://cookbook.fortinet.com/inter-vdom-communication-with-static-routing-56/index.html
# config globalSolution 2.
# config sys global
set management-vdom <ANOTHERVDOM>
end
Or else, provide the Internet access to management VDOM using 'inter-vdom' link to connect MGMT VDOM with internet facing VDOM for internet access.
Related 'inter-vdom' link :
https://cookbook.fortinet.com/inter-vdom-communication-with-static-routing-56/index.html
