Help
FortiNAC
NOTE: FortiNAC is now named FortiNAC-F. For post-9.4 articles, see FortiNAC-F. FortiNAC is a zero-trust network access solution that provides users with enhanced visibility into the Internet of Things (IoT) devices on their enterprise networks.
cmaheu
Staff
Staff

Created on ‎01-15-2020 08:42 AM Edited on ‎08-27-2025 07:06 AM By Moderator

Article Id 197575

Troubleshooting Tip: NTP synchronization

Description

 

This article describes how to troubleshoot synchronization issues between FortiNAC and the NTP server.

 

Scope

 

FortiNAC.


Solution

 

The NTP Server is defined in the Administration UI under System -> Settings -> System Management -> NTP and Time Zone

Status is confirmed by using the ntpstat command in the CLI. 

 
Example:
 

> ntpstat
unsynchronised
polling server every 8 s

 

  1. Verify that the NTP server specified in the Administration UI under System -> Settings -> System Management -> NTP and Time Zone can be reached. Run the following command in the CLI: 

 

ntpq -p

The NTP server cannot be reached if the 'when' column is blank or the 'st' column is 16.

Failed example:


> ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 149.20.176.27   .INIT.          16 u    - 1024    0    0.000    0.000   0.000
 time.nullrouten .INIT.          16 u    - 1024    0    0.000    0.000   0.000

 

 

 

  1. If the server cannot be reached, either troubleshoot why the server cannot be reached or try changing the NTP server in the Administration UI to a known good server. If the NTP server is defined as a name, compare the resulting IP address listed in results for 'ntpq -p'.  If different than a known good NTP server synchronization, try using the known good IP address.

 

  1. Once the NTP Server has been changed in the UI and the system has been restarted, verify the server is now reachable.


Working example:

> ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 162.159.200.1   10.16.12.8       3 u   33   64    7   16.481    5.305   4.260


> ntpstat
synchronised to NTP server (162.159.200.1) at stratum 4
   time correct to within 970 ms
   polling server every 64 s

 

Note: ntpstat results may not show the system synchronized immediately. It may take several minutes. 

 

If the system time is dramatically different than the NTP server, then simply synchronizing may not be enough to correct the time automatically. For instructions on correcting the clock, see the related KB article below.
 
For more information on NTP troubleshooting, refer to Linux's time synchronization with NTP troubleshooting guide.

 

Related article:

Technical Tip: Adjusting NTP for drift

Labels:
7177
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.