FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Andreas77_FTNT
Description
This article describes how to configure FortiGate as NTP server.

Solution
FortiGate can be used as authoritative NTP source for other clients.

In our setup, 'port1' is the interface connected to internet and 'port2' the LAN interface (where clients are connected).


The first step is to make sure the local time configuration is correct:

- Configure the correct time zone
- Select the servers that FortiGate will use to synchronize its own time
- Sync interval

1) Standard NTP configuration

Below is an example of configuration which uses:
-    Time Zone GMT+1
-    FortiGuard servers to synchronize (default)
-    Synchronize the time every 30 minutes


2) Custom NTP configuration

One can also configure custom NTP servers that the FortiGate will use to synchronize its own time.
This is only configurable from the CLI:
#config system ntp
    set ntpsync enable
    set type custom
    config ntpserver
        edit 1
            set server "ntpserver.local"
        next
    end
    set server-mode enable
    set interface "port2"
end
“ntpserver.local” has to be replaced with correct NTP server (IP address or hostname). If the hostname is used, the DNS resolution has to be working from the FortiGate.

3) Quick troubleshooting

Once this is configured, the client NTP has to be configured with the IP address of the FortiGate port2 interface.
It is possible to verify the synchronization status from the FortiGate using “diag sys ntp status”.

Below is an example using FortiGuard servers as NTP source:
#VM01_LAB # diag sys ntp status
synchronized: yes, ntpsync: enabled, server-mode: enabled
 
ipv4 server(ntp2.fortiguard.com) 208.91.114.23 -- reachable(0xff) S:3 T:54
    server-version=4, stratum=1
    reference time is e12361d5.f27e0322 -- UTC Wed Sep 11 12:06:45 2019
    clock offset is -0.001569 sec, root delay is 0.000000 sec
    root dispersion is 0.010269 sec, peer dispersion is 19 msec
 
ipv4 server(ntp1.fortiguard.com) 208.91.115.123 -- reachable(0xff) S:3 T:54 selected
    server-version=4, stratum=1
    reference time is e12361d4.4f8b22a5 -- UTC Wed Sep 11 12:06:44 2019
    clock offset is -0.000652 sec, root delay is 0.000000 sec
    root dispersion is 0.010284 sec, peer dispersion is 8 msec
 
ipv4 server(ntp2.fortiguard.com) 208.91.113.71 -- reachable(0xff) S:3 T:54
    server-version=4, stratum=2
    reference time is e12361d6.4caf57ab -- UTC Wed Sep 11 12:06:46 2019
    clock offset is -0.004814 sec, root delay is 0.000137 sec
    root dispersion is 0.011154 sec, peer dispersion is 3 msec
 
ipv4 server(ntp1.fortiguard.com) 208.91.113.70 -- reachable(0xff) S:3 T:54
    server-version=4, stratum=2
    reference time is e123617b.c98e2059 -- UTC Wed Sep 11 12:05:15 2019
    clock offset is -0.005106 sec, root delay is 0.000122 sec
    root dispersion is 0.013382 sec, peer dispersion is 6 msec

Contributors