How to configure GajShield Firewall as a NTP Server
Firmware version: 4.5+
Network Time Protocol (NTP)
Network Time Protocol (NTP) is an internet protocol used to synchronize with computer clock time sources in a network. Having synchronized clocks is not only convenient but required for many distributed applications. Therefore the firewall policy must allow the NTP service if the time comes from an external server.
The Network Time Protocol (NTP) is important for security because it provides accurate time synchronization across devices on a network. Accurate time synchronization is essential for various security protocols, such as time-based authentication and certificate verification, to function correctly. In addition, it helps prevent attacks like replay attacks, where an attacker intercepts and replays data at a later time. With synchronized clocks, it becomes more difficult for an attacker to successfully execute a replay attack. Therefore, NTP is a critical component for maintaining network security and ensuring secure communication.
GajShield Firewall as NTP Server Architecture
In the above scenario in Firewall NTP Server "in.pool.ntp.org" is been added. In Local System's and DB Server's NTP configuration, Firewall IP Address is needed to be added I.e., LAN IP Address.
Firewall IP Address: 192.168.2.128/24
Firewall LAN Network: 192.168.2.0/24
NTP server used: in.pool.ntp.org
Configuration on Firewall:
1. Login to the GajShield firewall management console using your admin credentials.
2. Click on the Option button to explore Configurational Tabs of the Firewall.
3. Proceed to Management -> NTP -> NTP Servers
Click on add button '+'
4. Add the desired NTP Server, in our case we have added: in.pool.ntp.org
5. NTP Service needed to be restarted.
6. After restarting the service, proceed to Firewall > Policies > Rules for creating necessary rules.
7. Refer, Rule no. 2 & 3, which needs to be created on firewall for NTP communication.
8. After creating rules Firewall NTP Server Configuration is done, now at Local Windows System.
To add servers to the Local System list.
a. Click on Windows + R and search for regedit or directly search Registry Editor
b. Once the Registry Editor opens, navigate to the following path:
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers
To add a new time server, right-click the empty space and choose New and then String Value.
Enter the appropriate number and double-click on it. In the Value data field entered the server's address (in our case Firewall LAN IP Address).
9. Now for changing adding the NTP Server IP Address, Open - Control Panel > Date and Time
10. Proceed by clicking on Internet Time > Change settings
.png)
11. Select the IP Address of the Firewall under Server option and click on OK.
12. Now, search directly Time & language > Date & time.
13. Turn OFF the Setting of Set the time automatically & Set the time zone automatically and also do change the default/synchronized time to be assured that the time gets updated after getting synchronized with Firewall's NTP Server.
After doing the above changes click on Sync now under Additional settings
14. As checked, the time got properly synced with the status displayed and the Sync now-button is blurred with a Tick Sign before it.
Additional Troubleshooting:
In TCP-DUMP (Packet Capture) logs are available in CLI by taking access from superuser or any other user with CLI access, we can see the proper communication for port no. 123 (NTP Client-Server Communication Port)
For System Level Troubleshooting/Forcefully imitating NTP Discover Request, kindly refer the below link where multiple solutions are provided which needed to be done on Windows OS system for further troubleshooting.