I am using our datacenter Fortigate as NTP server. From all the branches, could see NTP sync towards Datacenter. From DC, I am using Fortiguard as the NTP servers. My DNS reachability is fine. But still my NTP server is in unreachable state. I have created a firewall policy for this traffic, since my source interface of NTP is a different interface which will be forward the traffic to the internet interface. (But not seeing hit in that policy) I understand NTP is a self-originating traffic. Initially for few seconds, could see NTP server as reachable but later went into unreachable status. It hasnt synched post that..
Not sure, what config I am missing.
diagnose sys ntp status
HA master: yes, HA master ip: 18.104.22.168, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=-1
synchronized: no, ntpsync: enabled, server-mode: enabled
ipv4 server(ntp1.fortiguard.com) 22.214.171.124 -- unreachable(0x0) S:7 T:699
ipv4 server(ntp2.fortiguard.com) 126.96.36.199 -- unreachable(0x0) S:7 T:699
ipv4 server(ntp2.fortiguard.com) 188.8.131.52 -- unreachable(0x0) S:7 T:699
ipv4 server(ntp1.fortiguard.com) 184.108.40.206 -- unreachable(0x0) S:7 T:699