Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mateusguilherme
New Contributor III

Created on ‎06-01-2025 07:42 AM Edited on ‎06-01-2025 07:44 AM

Problem synchronizing date and time

For some reason, my Fortigate 40F (v7.0.13 build0566) is losing the date and time settings when it loses power (maybe the battery is dead) and when the power comes back on, the Fortigate displays the message "Fortigate time is out of sync". I have already set the Fortigate to use the NTP server 200.160.0.8 but it does not work. When running the command "diagnose sniffer packet any 'host 200.160.0.8' 4" I can see the UDP requests being generated from my public IP, but no response is received.

 

image.png

 

In "Fortiview sessions" no sessions are displayed.

If I define this NTP server on a LAN host it works perfectly.

It seems that the problem only occurs when the traffic is generated by the Fortigate itself towards the IP 200.160.0.8. Could this be a bug in this firmware version?

Labels:
382
0 Kudos
1 Solution
mateusguilherme
New Contributor III

Created on ‎06-01-2025 10:54 AM Edited on ‎06-01-2025 11:10 AM

I think my internet provider is blocking source port 123. When enabled, NTP uses the valid IP of a WAN interface and default source port 123 for the NTP request. I will validate this with my internet provider.

 

Just out of curiosity, I tried to set the source IP of the NTP request as the IP of the LAN interface and Fortigate uses this private IP and sends it directly through the WAN interface, without NAT. The behavior I would expect when setting the source IP as the IP of the LAN interface is that Fortigate NATs this request, passes through the SDWAN rules and only then goes to the internet.

 

image.png

View solution in original post

347
0 Kudos
4 REPLIES 4
BillH_FTNT
Staff
Staff

Created on ‎06-01-2025 07:56 AM

Hi mateusguilherme,

As far as I know, we should configure two NTP sources: one as active and the other as passive. Thanks.

372
0 Kudos
mateusguilherme
New Contributor III

Created on ‎06-01-2025 10:54 AM Edited on ‎06-01-2025 11:10 AM

I think my internet provider is blocking source port 123. When enabled, NTP uses the valid IP of a WAN interface and default source port 123 for the NTP request. I will validate this with my internet provider.

 

Just out of curiosity, I tried to set the source IP of the NTP request as the IP of the LAN interface and Fortigate uses this private IP and sends it directly through the WAN interface, without NAT. The behavior I would expect when setting the source IP as the IP of the LAN interface is that Fortigate NATs this request, passes through the SDWAN rules and only then goes to the internet.

 

image.png

348
0 Kudos
jokes54321
Contributor

Created on ‎10-06-2025 07:48 AM

How far off is your clock when it reboots? I came here today because I have a 40F, out of dozens, that reverts to 01/01/2000 00:00:00 after it boots from a power off state. This prevents NTP from working because the drift too far off.

 

I suspect I need to RMA this unit, so if you are seeing the same, you may need to replace it.

13
0 Kudos
BillH_FTNT
Staff
Staff
In response to jokes54321

Created on ‎10-06-2025 09:55 AM

Hi @jokes54321 

Coud you please share the version of your device ? please share some commands output to me through my official email bhoang@fortinet.com. I am Bill from Fortinet.

 

get sys status

dia debug crashlog read

 

get system stat
execute date
execute time
diagnose sys ntp status

get system ntp

show full system ntp

show full-configuration system ntp


# debug ntpd

diagnose debug reset
diagnose debug disable
diagnose debug console timestamp enable
diagnose debug application ntpd -1
diagnose debug enable

 

Regards

Bill

4
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.