- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- NTP over LAN
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
NTP over LAN
Hello Community
I would like to setup the FortiWifi 80F to access a NTP server. This did work successfully to locate public NTP servers over the WAN port. However, I would like a computer on the LAN port to be broadcasting a NTP server. I have not been able to get the fortiwifi to access that address NTP server. Is this possible to get the NTP over LAN?
Labels:
- Labels:
-
FortiGate
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We can setup an NTP server on a LAN for FortiWiFi 80F to access is possible, however we may need to adjust the settings to allow the FortiWiFi to use a LAN-based NTP server. You might configure the Windows Time service to act in a server role and make sure the firewall settings on this computer allow incoming requests on NTP port (UDP 123). Add the IP address of the computer on the LAN that is acting as your NTP server under "System/settings" tab. Ensure that the firewall settings are configured to allow traffic to and from the NTP server on the LAN. This might involve setting up a policy to allow outgoing requests from the FortiWiFi device to the LAN computer on UDP port 123.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for the reply.
The computer on port 1 of the LAN on the FortiWifi is communicating with ntp.ubuntu.com and under ntpstat replies with 'synchronised to NTP server (91.189.91.157) at stratum 3'.
Under the Fortinet GUI System > settings > select server > Custom is the IP to the local computer on port 1. Then on the Fortinet I run the command 'diag sys ntp status' which replies with 'synchronized: no, ntpsync: enabled, server-mode: disabled, no data'.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Not sure I got your point.
FortiGate/FortiWifi (FGT hereinafter) can act as :
- client - so listening to outer, usually public, NTP servers with low stratum. By default it listens to FortiGuard NTP service. And so adjust system time accordingly. Which is BTW critical for stuff like 2FA OTP tokens (FortiToken) proper token code generations, or for certificate based stuff etc.
- server - so FGT can propagate itself as NTP server, for example through DHCP, to the connected clients which then can be in sync to FGT's clock (which is through client part usually synced to outer NTP).
Most default config can look like this:
hudzen-esx45 # show full system ntp
config system ntp
set ntpsync enable <-- FGT as client syncing to outer NTP is enabled
set type fortiguard <-- that outer NTP server is FortiGuard NTP service
set syncinterval 60 <-- sync timing
set source-ip 0.0.0.0 <-- source IP, which will affect egress port selection, by-default auto through routing table
set source-ip6 ::
set server-mode enable <-- this is FGT's server side, enabled
set authentication disable
set interface "fortilink" <-- on which port is NTP server service provided
end
Some parts are commented even in CLI:
hudzen-esx45 # config system ntp
hudzen-esx45 (ntp) # set ?
ntpsync Enable/disable setting the FortiGate system time by synchronizing with an NTP Server.
type Use the FortiGuard NTP server or any other available NTP Server.
syncinterval NTP synchronization interval (1 - 1440 min).
source-ip Source IP address for communication to the NTP server.
source-ip6 Source IPv6 address for communication to the NTP server.
server-mode Enable/disable FortiGate NTP Server Mode. Your FortiGate becomes an NTP server for other devices on your network. The FortiGate relays NTP requests to its configured NTP server.
authentication Enable/disable authentication.
interface FortiGate interface(s) with NTP server mode enabled. Devices on your network can contact these interfaces for NTP services.
So, let's pretend I do not want to use FortiGuard NTP service, as I do have my trusty nuke-based stratum 1 clock downstairs .. connected via port1 and reachable on IP 10.42.0.1
And I still proxy/provide NTP service to other clients connected via fortilink.
Config them might look like this:
hudzen-esx45 # show system ntp
config system ntp
set ntpsync enable
set type custom
config ntpserver
edit 1
set server "10.42.0.1"
set ntpv3 enable
set interface-select-method specify
set interface "port1"
next
end
set server-mode enable
set interface "fortilink"
end
Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff
Related Posts
- IPSec over SDWAN in a preconfigured... 63 Views
- Fortigate BGP neighborhood password 72 Views
- After updating FortiGate 60f lost control... 361 Views
- SD-WAN problem Fortimanager 100 Views
- FortiAnalyzer 7.4.3 User Detailed Browsing Log... 49 Views
Labels
-
FortiGate
6,825 -
FortiClient
1,353 -
5.2
801 -
5.4
639 -
FortiManager
585 -
FortiAnalyzer
431 -
6.0
416 -
5.6
362 -
FortiAP
353 -
FortiSwitch
350 -
FortiClient EMS
277 -
FortiMail
266 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
165 -
6.4
128 -
FortiNAC
115 -
FortiGuard
108 -
IPsec
91 -
FortiSIEM
91 -
FortiGateCloud
90 -
FortiCloud Products
85 -
FortiToken
74 -
SSL-VPN
73 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
45 -
FortiEDR
42 -
Fortivoice
41 -
SD-WAN
36 -
FortiDNS
35 -
FortiExtender
34 -
FortiGate v5.4
34 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
FortiAuthenticator
25 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
DNS
15 -
LDAP
15 -
FortiMonitor
14 -
BGP
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
fortilink
12 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
Authentication
11 -
RADIUS
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
SSO
9 -
4.0MR2
9 -
SSID
8 -
Fortigate Cloud
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.