Firmware version: 4.5+
Network Time Protocol (NTP) is an internet protocol used to synchronize with computer clock time sources in a network. Having synchronized clocks is not only convenient but required for many distributed applications. Therefore the firewall policy must allow the NTP service if the time comes from an external server.
The Network Time Protocol (NTP) is important for security because it provides accurate time synchronization across devices on a network. Accurate time synchronization is essential for various security protocols, such as time-based authentication and certificate verification, to function correctly. In addition, it helps prevent attacks like replay attacks, where an attacker intercepts and replays data at a later time. With synchronized clocks, it becomes more difficult for an attacker to successfully execute a replay attack. Therefore, NTP is a critical component for maintaining network security and ensuring secure communication.
In the above scenario in Firewall NTP Server "in.pool.ntp.org" is been added. In Local System's and DB Server's NTP configuration, Firewall IP Address is needed to be added I.e., LAN IP Address.
Firewall IP Address: 192.168.2.128/24
Firewall LAN Network: 192.168.2.0/24
NTP server used: in.pool.ntp.org
Configuration on Firewall:
1. Login to the GajShield firewall management console using your admin credentials.
To add servers to the Local System list.
a. Click on Windows + R and search for regedit or directly search Registry Editor
b. Once the Registry Editor opens, navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
To add a new time server, right-click the empty space and choose New and then String Value.
Enter the appropriate number and double-click on it. In the Value data field entered the server's address (in our case Firewall LAN IP Address).
After doing the above changes click on Sync now under Additional settings
In TCP-DUMP (Packet Capture) logs are available in CLI by taking access from superuser or any other user with CLI access, we can see the proper communication for port no. 123 (NTP Client-Server Communication Port)
For System Level Troubleshooting/Forcefully imitating NTP Discover Request, kindly refer the below link where multiple solutions are provided which needed to be done on Windows OS system for further troubleshooting.