I had this Fortigate 100D set as a firewall in between 2 different network.
Network A (Linux server. IP:10.1.1.88) --- | Fortigate | --- Network B (NTP server. IP:192.168.1.10)
10.1.1.88 NAT 10.128.255.88
10.128.254.10 NAT 192.168.1.10
The Linux server 10.1.1.88 able to ping to 10.128.254.10 (NAT'ed IP). The NTP server 192.168.1.10 able to ping 10.128.255.88 (NAT'ed IP).
The Linux server even able to run ntpd -q 10.128.254.10.
# ntpdate -q 10.128.254.10
server 10.128.254.10, stratum 2, offset -10.148487, delay 0.04221.
However, when check on the ntpd sync, it won't sync and shows stratum 16 on this server.
# ntpq -c peers remote refid st t when poll reach delay offset jitter ================================== 10.128.254.10 .INIT. 16 u - 1024 0 0.000 0.000 0.000
If I move this NTP server into the same Network A as Linux server, there are no issue. It seems something in the firewall are blocking. When I check on the logs, there are no logs showing traffic block as both site policy are set to allow ALL SERVICES.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I found the solution. Case closed.
Fortigate NAT will translate the port 123 for NTP to another port when run
diag sniffer packet any 'port 123' 4 0 a
Change the NAT to Fixed port. At the selected policy,
set fixedport enable
Then the issue resolved.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.