Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mateusguilherme
New Contributor III

Created on ‎06-01-2025 07:42 AM Edited on ‎06-01-2025 07:44 AM

Problem synchronizing date and time

For some reason, my Fortigate 40F (v7.0.13 build0566) is losing the date and time settings when it loses power (maybe the battery is dead) and when the power comes back on, the Fortigate displays the message "Fortigate time is out of sync". I have already set the Fortigate to use the NTP server 200.160.0.8 but it does not work. When running the command "diagnose sniffer packet any 'host 200.160.0.8' 4" I can see the UDP requests being generated from my public IP, but no response is received.

 

image.png

 

In "Fortiview sessions" no sessions are displayed.

If I define this NTP server on a LAN host it works perfectly.

It seems that the problem only occurs when the traffic is generated by the Fortigate itself towards the IP 200.160.0.8. Could this be a bug in this firmware version?

Labels:
296
0 Kudos
1 Solution
mateusguilherme
New Contributor III

Created on ‎06-01-2025 10:54 AM Edited on ‎06-01-2025 11:10 AM

I think my internet provider is blocking source port 123. When enabled, NTP uses the valid IP of a WAN interface and default source port 123 for the NTP request. I will validate this with my internet provider.

 

Just out of curiosity, I tried to set the source IP of the NTP request as the IP of the LAN interface and Fortigate uses this private IP and sends it directly through the WAN interface, without NAT. The behavior I would expect when setting the source IP as the IP of the LAN interface is that Fortigate NATs this request, passes through the SDWAN rules and only then goes to the internet.

 

image.png

View solution in original post

261
0 Kudos
2 REPLIES 2
BillH_FTNT
Staff
Staff

Created on ‎06-01-2025 07:56 AM

Hi mateusguilherme,

As far as I know, we should configure two NTP sources: one as active and the other as passive. Thanks.

286
0 Kudos
mateusguilherme
New Contributor III

Created on ‎06-01-2025 10:54 AM Edited on ‎06-01-2025 11:10 AM

I think my internet provider is blocking source port 123. When enabled, NTP uses the valid IP of a WAN interface and default source port 123 for the NTP request. I will validate this with my internet provider.

 

Just out of curiosity, I tried to set the source IP of the NTP request as the IP of the LAN interface and Fortigate uses this private IP and sends it directly through the WAN interface, without NAT. The behavior I would expect when setting the source IP as the IP of the LAN interface is that Fortigate NATs this request, passes through the SDWAN rules and only then goes to the internet.

 

image.png

262
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.