Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EvanRaci
New Contributor III

Created on ‎03-21-2023 01:14 AM Edited on ‎03-21-2023 01:17 AM

FortiGate Firewall Local NTP Server Not Sync

Hi All ,

 

We've FortiGate Firewalls running Active-Passive HA. We've enabled VDOMs and root VDOM is the management VDOM.

We have local NTP server. But FortiGate time is not syncing with local NTP server.

 

FGT-INR03 (global) # execute time
current time is: 16:08:13
last ntp sync: never

 

sys_update_timer_func:1755 synchronized=0

Sorted NTP endpoints.

NTP daemon uses a upper end of -2000000000.000000 and a lower end of 2000000000.000000.

no server suitable for synchronization found

ntp_dns_cb:1926 in_flight=0 resolved=0 ipv6=0

ntp_dns_cb:1926 in_flight=0 resolved=0 ipv6=0

waiting for 9 seconds .

 

Our FortiGate has no internet access, so it's impossible to reach FortiGuard and we must sync with local NTP server.Can you please help me how can I sync with Local NTP server on VDOM enabled HA  environment?

 

Thank youFGT-Time-Out-Of-Sync.JPG

Labels:
4359
0 Kudos
1 Solution
srajeswaran
Staff
Staff

Created on ‎03-21-2023 04:50 AM

Can you confirm if the NTP server reachable is via dedicated mgmt interface or not? If it is via dedicated mgmt interface, make sure you have enabled HA direct.

 

If it is not via the dedicated mgmt interface, are you able to ping the server? Can you run a sniffer to capture NTP traffic?

 

NTP Sniffer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshoot-NTP-synchronization-issue/ta-...

 

HA-direct : https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/313152/out-of-band-managemen...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.

View solution in original post

4349
3 REPLIES 3
srajeswaran
Staff
Staff

Created on ‎03-21-2023 04:50 AM

Can you confirm if the NTP server reachable is via dedicated mgmt interface or not? If it is via dedicated mgmt interface, make sure you have enabled HA direct.

 

If it is not via the dedicated mgmt interface, are you able to ping the server? Can you run a sniffer to capture NTP traffic?

 

NTP Sniffer: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Troubleshoot-NTP-synchronization-issue/ta-...

 

HA-direct : https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/313152/out-of-band-managemen...

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
4350
EvanRaci
New Contributor III
In response to srajeswaran

Created on ‎03-21-2023 07:19 PM

Thank you and let me check again today

4337
0 Kudos
dbhavsar
Staff
Staff
In response to EvanRaci

Created on ‎08-15-2023 08:56 AM

Hello Evan,
If it's not responding to FortiGuard Servers try setting custom NTP Server [ time.google.com ]. You can only set custom NTP server using CLI. Take the debugs and sniffer whether you see traffic for port 123 or not. 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Custom-NTP-server-configuration/ta-p/19192...

DNB
3727
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.