Hello All,
I've been troubleshooting an issue with getting Single Signon to work with AnyConnect, using SAML and a hosted id provider. In the end, it appears to have been an issue with time sync. So I wanted to configure both our FMC and FTD to sync time directly an authoritative NTP host on the internet, versus our internal NTP.
This was simple enough for the FMC, however, when configuring our FTD (on ASA) to sync, the status for the external servers stays in 'INIT'. I see in our connection log that FTD is blocking itself from connecting out, and no interface is shown for the ingress interface. So I'm trying to figure out how to allow it to connect out, with a prefilter rule. Would I need to set the source interface to any?
I do have the option to let the FTD sync time with FMC, though, I read a post suggesting that this is not actually recommended.
Thanks
Edit: I forgot to mention our version, 6.7.0.2 on both FTD and FMC