Hi,
I am using our datacenter Fortigate as NTP server. From all the branches, could see NTP sync towards Datacenter. From DC, I am using Fortiguard as the NTP servers. My DNS reachability is fine. But still my NTP server is in unreachable state. I have created a firewall policy for this traffic, since my source interface of NTP is a different interface which will be forward the traffic to the internet interface. (But not seeing hit in that policy) I understand NTP is a self-originating traffic. Initially for few seconds, could see NTP server as reachable but later went into unreachable status. It hasnt synched post that..
Not sure, what config I am missing.
diagnose sys ntp status
HA master: yes, HA master ip: 1.0.0.0, management_vfid: 0 ha_direct=0, ha_mgmt_vfid=-1
synchronized: no, ntpsync: enabled, server-mode: enabled
ipv4 server(ntp1.fortiguard.com) 208.91.112.63 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp2.fortiguard.com) 208.91.112.62 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp2.fortiguard.com) 208.91.112.60 -- unreachable(0x0) S:7 T:699
no data
ipv4 server(ntp1.fortiguard.com) 208.91.112.61 -- unreachable(0x0) S:7 T:699
no data
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
It appears that the current link through which NTP traffic is send does not succeed. You can try to force the traffic to FortiGuard NTP servers through other links and check the NTP status, https://docs.fortinet.com/document/fortigate/7.0.5/administration-guide/848980/local-out-traffic.
Best regards,
Jin
Hi,
Try to configure the interface-select-method parameter as sdwan so the sdwan policies will be respected fo the ntp traffic
https://docs.fortinet.com/document/fortigate/6.4.8/cli-reference/125620/config-system-ntp
When I point NTP to Fortiguard servers, I am not getting option to select SDWAN interface-select-method option. I could see that only when I create custom NTP servers.
Regards
Raja
Hello Raja,
When you use "set type fortiguard" in NTP settings, then it will use the configuration under "config system fortiguard".
config system fortiguard
set interface-select-method {auto|sdwan|specify}
Best regards,
Vasil
Thanks Vasil, let me try this and update.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1517 | |
1013 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.