Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rajamanickam
Contributor

Created on ‎03-09-2022 02:06 AM

NTP not syncing - Fortinet SDWAN

Hi,

 

  I am using our datacenter Fortigate as NTP server. From all the branches, could see NTP sync towards Datacenter. From DC, I am using Fortiguard as the NTP servers. My DNS reachability is fine. But still my NTP server is in unreachable state. I have created a firewall policy for this traffic, since my source interface of NTP  is a different interface which will be forward the traffic to the internet interface. (But not seeing hit in that policy) I understand NTP is a self-originating traffic. Initially for few seconds, could see NTP server as reachable but later went into unreachable status. It hasnt synched post that..

 

Not sure, what config I am missing.

 

diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=-1
synchronized: no, ntpsync: enabled, server-mode: enabled

ipv4 server(ntp1.fortiguard.com) 208.91.112.63 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp2.fortiguard.com) 208.91.112.62 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp2.fortiguard.com) 208.91.112.60 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp1.fortiguard.com) 208.91.112.61 -- unreachable(0x0) S:7 T:699
no data

Labels:
7241
0 Kudos
5 REPLIES 5
jintrah_FTNT
Staff
Staff

Created on ‎03-09-2022 02:54 AM

Dear Rajamanickam,

 

It appears that the current link through which NTP traffic is send does not succeed. You can try to force the traffic to FortiGuard NTP servers through other links and check the NTP status, https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/848980/local-out-traffic. 

 

Best regards,

Jin

7184
0 Kudos
aahmadzada
Staff
Staff

Created on ‎03-09-2022 03:27 AM

Hi,

Try to configure the interface-select-method parameter as sdwan so the sdwan policies will be respected fo the ntp traffic

https://docs.fortinet.com/document/fortigate/6.4.8/cli-reference/125620/config-system-ntp

Ahmad
7176
rajamanickam
Contributor

Created on ‎03-10-2022 01:32 AM

When I point NTP to Fortiguard servers, I am not getting option to select SDWAN interface-select-method option. I could see that only when I create custom NTP servers.

 

Regards

Raja

7165
0 Kudos
vtsonev
Staff
Staff
In response to rajamanickam

Created on ‎03-10-2022 06:55 AM

Hello Raja,

 

When you use "set type fortiguard" in NTP settings, then it will use the configuration under "config system fortiguard". 

 

config system fortiguard
    set interface-select-method {auto|sdwan|specify}

 

Best regards,

Vasil

Fortinet Technical Team Lead
NSE 1-4,7 Certified
7152
0 Kudos
rajamanickam
Contributor
In response to vtsonev

Created on ‎03-10-2022 08:00 AM

Thanks Vasil, let me try this and update.

7148
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.