Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
bmehta
Staff
Staff

Created on ‎07-21-2025 09:09 PM Edited on ‎08-08-2025 08:40 AM By Moderator

Article Id 401815

Technical Tip: Possible Impacts of NTP sync failure or incorrect time on FortiGate

Description The article describes the impact of having incorrect FortiGate time or a Network Time Protocol (NTP) synchronization failure on the FortiGate.
Scope FortiGate.
Solution

FortiGate system date and time may not be accurate if there is an issue with any of the following.

  • NTP server unreachable.
  • Incorrect NTP configuration.
  • Issue with the FortiGate ntpd process (NTP daemon).
  • Faulty battery can cause hardware to be out of ntp sync.

An incorrect or unsynchronized system time can have critical and widespread impacts on FortiGate operations.

 

VPN (IPsec and SSL VPN):

Certificate-based IPsec VPN will fail if the system time is outside the certificate's validation window. SSL VPNs using certs or time-sensitive authentication (e.g., OTP) may also fail.

 

To resolve issues where FortiGate boots with the incorrect time, resulting in a certificate-based IPsec establishment failure due to the incorrect time, see Technical Tip: Workaround for Certificate based IPsec Authentication failure due to NTPSync failure ....

 

Certificate-based services:

Admin GUI access over HTTPS may break if the device’s certificate appears invalid. Connectors that rely on certificate trust, such as REST API or Fabric connector,s may fail. For example, FortiGate connections to FortiClient EMS, FortiManager, and FortiAnalyzer.

Deep Packet Inspection (DPI) or SSL inspection using certificate checking will fail to validate properly.

 

User Authentication:

2FA tokens and password expiration may be impacted due to a mismatch in times.

 

FortiGuard and Licensing services:

License validation may temporarily fail. Services like Web-filtering, antivirus, IPS, and application may not update correctly.

 

Logging and Reporting:

Logs will have incorrect timestamps, which could confuse log correlation and FortiAnalyzer logging. 

 

Scheduled tasks and time-based policies:

Firewall policies with a schedule configured will not work as expected. See this KB article: Technical Tip: How to configure schedule policy with deny action for an example of using a schedule in a firewall policy. Backup jobs, firmware updates, or automation scripts based on time will not trigger or trigger at unintended times.

 

FortiSwitch connectivity issues:
Adding a new FortiSwitch may result in errors and not being able to register if there is an NTP issue between the FortiGate and the FortiSwitch. For instructions on how to troubleshoot these issues between both devices, see 

Technical Tip: FortiSwitch is unable to get online on FortiGate Managed FortiSwitch GUI Menu.

 

To resolve incorrect system time issues, follow NTP synchronization troubleshooting steps on FortiGate found in this KB article: Trobleshooting Tip: Troubleshoot NTP synchronization issue.
339
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.