As you see ASA is synced with NTP Server 78.111.50.50 IP address ,I am fresh ,sorry for bad explanation ,when I enter session sfr console ,you see that 

> show ntp 
NTP Server                : No  (Cannot Resolve)
Status                    : Unknown
Offset                    :  (milliseconds)
Last Update               :  (seconds)

Is there any way to configure SFR with any command ?

Marvin ,

I did same thing as you mentioned ,I did following steps.

• Navigated to System > Local > System Policy.
• Edit the system policy applied on your FireSIGHT Systems.
• Selected Time Synchronization.
• then set "Set my clock " ==78.111.50.50 (the address which ASA is synced)
• Managed device is ===via NTP from Defence Center

Please correct me if I am wrong .

I really appreciate your work :) 

Yes, your steps on the System Policy are correct. Make sure you then apply the policy and that it successfully deploys to both the FireSIGHT Management Center and the managed device.

Further troubleshooting tips can be found in this document.

You should also be able to confirm that the FireSIGHT Management Center itself is getting good ntp synchronization.

When it's working your managed device can be seen thus:

Sourcefire 3D7125 v5.4.0.3 (build 37)

> show ntp
NTP Server                : Managing DC (192.168.107.220)
Status                    : Being Used
Offset                    : -0.295 (milliseconds)
Last Update               : 179 (seconds)

> 

and the FireSIGHT server like so:

admin@sfvdc:~$ ntpq -pn   
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*192.168.107.2   64.113.32.5      2 u  287 1024  377    2.443    0.266   0.767
 127.127.1.1     .SFCL.          14 l    -   64    0    0.000    0.000   0.000
admin@sfvdc:~$

it is so strange ,I cant finish to configure normal system ,I am adding output from Defence center 

64 bytes from 46.4.24.238: icmp_req=22 ttl=54 time=99.0 ms
64 bytes from 46.4.24.238: icmp_req=23 ttl=54 time=99.6 ms
64 bytes from 46.4.24.238: icmp_req=24 ttl=54 time=134 ms
From 192.168.0.1: icmp_seq=108 Redirect Network(New nexthop: 192.168.0.150)
From 192.168.0.1: icmp_seq=130 Redirect Network(New nexthop: 192.168.0.150)
From 192.168.0.1: icmp_seq=131 Redirect Network(New nexthop: 192.168.0.150)

As you see it is normal for a while ,but suddenly started to redirect traffic ,I am pinging to check connectivity outside ntp server ! 

192.168.0.150 is Kerio Firewall ,but my Default gateway is 192.168.0.1

Marvin thanks for your help ,I did it now ,it is syncing from outside ,another challenge for me is I cant login to none of my device neither Defense center or Managed device with ASDM ,from ssh is ok ,but from ASDM is rejecting me ,can anybody help ?

ASDM is primarily for managing the base ASA, not the FirePOWER modules

ASDM can only manage sensors (FirePOWER modules) for ASA 5506, 5508 or 5516. And only when there is no Firesight Management Sensor managing the sensor.

ASDM cannot manage a Defense Center / FireSIGHT Management Center.

Mine is 5512 ,so it is ok with me ? I mean it must be supposed as problem right ? )) 

ASDM cannot manage the FirePOWER module on the ASA 5512-X (at least not as as of the current 5.4.x FirePOWER software).

You need to use the Defense Center / FireSIGHT Management Center for that function. No other product can manage the FirePOWER module.

Thank you Marvin ,

I really appreciate you help :) 

Zeynal

So we are in the same perdicament.

We have numerous devices...all connected to our FMC....which are all out of time sync.

We cannot open the firewalls anymore to allow additional traffic out to the net to find an NTP server.

It seems like the FMC thru policy is just providing the sensors the ip information of an NTP server..outside our network where our devices are blocked by our firewall rules.  We need to be able to configure our FMC v6 to be an ntp server...because there are not internal NTP servers available and we cant open up additional ports out to the external ntp server.

Can you verify yes or no..that previous versions of the FMC provided the NTP service....because until we upgraded to the v6...we werent havign these time sync errors