cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6231
Views
0
Helpful
15
Replies
Beginner

How to change NTP server and DNS on FTD ?

Hi,

 

I have an issue with changing NTP and DNS values on my HA of FTD2110.

 

The 2 FTDs are connected to my FMC.

 

I could not find how to change the NTP servers or the DNS servers 

 

> show ntp
NTP Server : 127.127.1.1
Status : Unknown
Offset : 0.000 (milliseconds)
Last Update : 44h (seconds)

NTP Server : 127.0.0.2
Status : Being Used
Offset : 0.238 (milliseconds)
Last Update : 32 (seconds)

 

> show dns
INFO: no activated FQDN
>

 

HELP please 

Everyone's tags (4)
15 REPLIES 15
Cisco Employee

Re: How to change NTP server and DNS on FTD ?

Hi Sam,

 

You need to change the info from platform settings option under Device section of FMC.

Create a new policy and make changes and assign the FTD in that. Deploy the changes to take affect.

 

You may change the DNS settings in FTD from CLI as well.

In the FTD CLISH mode type "configure network dns servers 4.2.2.2" (example)

Then nslookup and use a hostname to verify.

 

Rate if helps,

Yogesh

 

Beginner

Re: How to change NTP server and DNS on FTD ?

Hi

 Tnak you for your help !

 

I added the NTP server (194.2.0.28) but i still see the 127.127.1.1 and my timezone is still wrong.

 

 

2018-03-16_120031.png

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

Try restarting the daemons after making the changes.

 

Switch to expert mode and use the following commands for DNS and NTP respectively:

 

sudo /etc/rc.d/init.d/nscd restart

sudo /ngfw/usr/bin/ntpd restart 
Beginner

Re: How to change NTP server and DNS on FTD ?

Hi,

 

Thank you but still the same :(

 

X1.png

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

Your sensor's ntp is falling back to using localhost (e.g. its own internal clock).

 

Can your sensor reach the configured NTP server on udp/123?

Beginner

Re: How to change NTP server and DNS on FTD ?

I can ping it, how can I test port 123 UDP ?

 

X2.png

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

You can use ntpq from expert mode and look at the peers to see if the configured server is reachable and providing the ntp service.

 

> show ntp
NTP Server                : 103.16.182.23  (time.unisza.edu.my)
Status                    : Available
Offset                    : -11.995 (milliseconds)
Last Update               : 467 (seconds)

NTP Server                : Managing DC
Status                    : Available
Offset                    : 22.754 (milliseconds)
Last Update               : 61 (seconds)

NTP Server                : Managing DC
Status                    : Being Used
Offset                    : 0.479 (milliseconds)
Last Update               : 578 (seconds)

> expert
admin@vftd-new:~$ ntpq
ntpq> peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*127.0.0.2       103.16.182.23    3 u  595 1024  377    5.930    0.479   4.219
+time.unisza.edu 87.120.164.97    2 u  484 1024  367   48.632  -11.995   4.327
+202.45.138.123  202.21.137.10    2 u   78 1024  347   26.536   22.754   4.649
ntpq> 
Beginner

Re: How to change NTP server and DNS on FTD ?

I can see my NTP server ntp0.oleane.net , but what to do to make it primary :

 

x3.png

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

It being in ".INIT." status means that it is configured but not reachable (or not serving up ntp).

 

Once it successfully initializes it should report a stratum better than the Stratum 10 that your localhost provides. (Stratum 16 is the default for unknown or no NTP.)

 

Beginner

Re: How to change NTP server and DNS on FTD ?

Okay, thanks for the explanation.

 

Should I add an access policy to allow flow on port UDP 123 ?

 

or maybe is it because I'm using management interface to reach the NTP server ?

 

Maybe FTD is designed to use only outisde or indide interface for NTP ?

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

The ntp queries from your FTD device should originate from the management interface. That source address must have the udp/123 access to the configured and working ntp server.

Highlighted
Beginner

Re: How to change NTP server and DNS on FTD ?

Hi, where exactly are the setting for dns within the Platform settings for FMC ? I am dont see see any such settings there.

Hall of Fame Master

Re: How to change NTP server and DNS on FTD ?

Platform settings are for managed sensors. For those, there's a DNS tab:

FMC Platform DNS.PNG

 

For FMC's DNS resolver please look under System > Configuration > Management Interfaces > Shared Settings:

FMC DNS.PNG

Beginner

Re: How to change NTP server and DNS on FTD ?

Which version do you have? The FMC that I have doesnt have DNS options:

 

Capture.PNG