Hi everyone,
I want to set a different time server than the one provided from Fortinet. I have run diagnose sys ntp status, and have found the synchronisation status set to "no". I have read this is a common issue and want to set a different time server for my Fortigate but I still get the synchronisation status error. The NTP server I want to use uses a hostname and has no static IP address. I have tried to use the guide posted in another thread but it has not worked for me so far (https://community.fortinet.com/t5/FortiGate/Technical-Tip-An-alternate-way-to-sync-the-NTP-server-to...). Does anyone know how may I fix this issue?
P. S. Why is synchronisation with Fortinet NTP server set to "no" despite time being accurate in the GUI?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
The issue was in my local firewall. For some reason it was blocking communication between the device and the ntp server. Thank you everyone for your support!
Greetings!
Regarding the synchronization status showing as "no" despite the time being accurate in the GUI, this could be due to the FortiGate device not being able to synchronize with the configured NTP server successfully. Ensure that the NTP server you are trying to use is reachable from your network and that there are no firewall rules blocking the NTP traffic. If the issue persists after configuring the NTP server with the hostname, you may need to troubleshoot the network connectivity to the NTP server and ensure that the FortiGate device can reach it successfully.
Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
Hello @jefazo92 ,
You can try to create a static route based on the FQDN (https://community.fortinet.com/t5/FortiGate/Technical-Tip-Creating-a-static-route-that-uses-a-FQDN-...)
For Fortiguard NTP server sync issue, what is FortiOS version and hardware model?
Thanks,
Amandeep
Hi Amandeep, I tried creating a static route setting the gate way address as 0.0.0.0 and using the wan1 interface but the time is still not being syncrhonised :( Am I meant to create a specific firewall rule for the fortigate to get the time? I am trying to synchronise with one of pool.ntp.org servers so there should be any problems regarding the ntp server validity.
A static route with gateway 0.0.0.0?
GW should be the GW IP on your interface, 0.0.0.0 can't be routed, as no host on the internet reply on that address.
Depending on how hard you've locked down your FG, NTP should simply work out of the box.
@jefazo92 wrote:The NTP server I want to use uses a hostname and has no static IP address
Does DNS work? I would start there.
The issue was in my local firewall. For some reason it was blocking communication between the device and the ntp server. Thank you everyone for your support!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.