FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 191922


This article provides an example of the configuration of a custom NTP server via CLI.


A custom NTP server can be configured via CLI as follows:
config system ntp
    set ntpsync enable
    set type custom
    set syncinterval 60
config ntpserver
    edit 1
        set server ""   <- NTP server IP
        set ntpv3 disable
    set source-ip
    set server-mode disable
The commands provided are used to configure the Network Time Protocol (NTP) settings on the device. Here's a breakdown:
  • config system ntp: This command navigates into the NTP configuration section of the FortiOS. NTP is used to synchronize the clocks of computers over a network to ensure accurate and coordinated timekeeping.


  • set ntpsync enable: This command enables the NTP synchronization feature. When enabled, the device will regularly synchronize its internal clock with the specified NTP servers.


  • set type custom: This specifies that the NTP settings will be customized, rather than using default or preset configurations.


  • set syncinterval 60: This sets the synchronization interval to 60 minutes. This means the device will contact the NTP server(s) every 60 minutes to ensure its clock is synchronized. If there are discrepancies between the device's time and the time reported by the NTP server, the device will adjust its clock accordingly.


  •  config ntpserver: Enter the configuration section for specifying NTP servers. Here,  define which external NTP servers the device will synchronize its time with.


  • set server "": This sets the IP address of the NTP server to (this is just an example; in a real scenario, use the actual IP address of a valid NTP server).


  • set ntpv3 disable: This command disables NTP version 3. NTPv3 is an older version of the protocol, and disabling it suggests that the device will use a newer version like NTPv4. It's typically good to specify the version explicitly, especially if certain versions are known to have vulnerabilities or other issues.


  • set server-mode disable: This disables the server mode for NTP. When server mode is enabled, the device can act as an NTP server for other devices on the network. By disabling it, the device will only act as an NTP client, synchronizing its own clock with the specified external NTP servers but not providing NTP services to other devices.


More information can be found in the corresponding version of the CLI Reference manual.