Configuring Network Time Protocol and NTP Backup Server in NSM Overview
Use the Date/Time option to configure date and time synchronization on security devices. The date and time setting on the device affects VPN tunnel setup and schedule objects used in active security policies.
You configure the device time in relation to GMT.
Configuring Network Time Protocol
To ensure that the security device always maintains the right time, the device can use Network Time Protocol (NTP) to synchronize its system clock with that of an NTP server on the Internet.
To use NTP, first enable Network Time Protocol, and then configure the settings as described in Table 1.
Table 1: Network Time Protocol Settings
You can configure the security device to perform this synchronization automatically at time intervals that you specify. By default, the synchronization interface is set to 10 minutes, with a 3 second maximum adjustment threshold.
You can secure NTP traffic by enabling authentication. When using authentication, for each NTP server you configure on the security device, you must assign a unique server key ID and preshare key; the key ID and preshare key serve to create an MD5 checksum, with which the device and the NTP server can authenticate NTP data. Select the authentication mode that the device uses when connecting to an NTP server:
You can configure up to three NTP servers (one primary and two backups) from which the security device can regularly update its system clock. If you enable authentication by selecting the Required or Preferred authentication options, you must also provide a unique server key ID and preshare key for each NTP server that you configure.
Configuring an NTP Backup Server
You can specify an individual interface as the source address to direct Network Time Protocol (NTP) requests from the device over a VPN tunnel to the primary NTP server or a backup server as necessary. Among other interface types, you can select a loopback interface to perform this function.
The security device sends NTP requests from a source interface and optionally uses an encrypted preshared key when sending NTP requests to the NTP server. The encrypted preshared key provides authentication.