06-30-2022 10:07 AM
Hi,
I'm using FTDv 7 managed by FMC v7. Logging issues are there and there is an error about FTD not synced.
So, first step seems to solve the ntp issues.
FMC GUI is there for ntp which I set and it seems to be ok, but I cannot find where is the ntp settings for FTD device (I go to FMC, devices, choose the FTD device, ... nothing there)
Also when I SSH to FTD and run ntpd -u ntpserver, it says operation not permitted. I set the time exactly as the same with FMC (with date -s command and copy the same output of date command on SSH session of FMC) but the problem is still there)
Any idea?
Regards
Solved! Go to Solution.
07-01-2022 11:43 AM
I managed to solve the problem in this way
Went to FMC and my created FTD policy and chose a timezone (it was blank). Applied it to my FTD and all is ok now.
06-30-2022 10:14 AM
check below document help you :
06-30-2022 10:33 AM
Already checked it. It is not helping about Virtual FTD managed by FMC (virtual). It's all about physical ones, FXOS, etc.
06-30-2022 11:05 AM - edited 06-30-2022 11:16 AM
Let me add that under device, platform setting, I created a FTD policy, added my FTD, set the same NTP server as FMC under the settings and saved and applied the policy to the device. But, the error is still there.
While the date output is exactly the same on FTD and FMC, it syas there is a 54000 seconds offset between the FTD device and its manager
07-01-2022 07:09 AM
It's not recommended to use FMC as the NTP server for managed devices. Use a reliable time server instead.
I use time.nist.gov for US-based customers (along with a valid DNS setup and making sure outbound ntp traffic is allowed through the firewall).
07-01-2022 11:40 AM
I didn't do that. Both were aimed to use an internal ntp server in the network
04-25-2024 05:08 AM
I noticed 127.0.0.2 is shown to be used on our FTD that is managed via FMC. How can I fix this - the FMC is using and configured for a nist NTP server? Not too familiar with FIrepower in comparison to ASA.
04-25-2024 05:11 AM
Make new post it better
MHM
04-25-2024 05:16 AM
@CiscoBrownBelt for an FMC-managed FTD appliance, use the platform settings. Devices > Platforms Settings and then edit the settings under the Time Synchronization section to set the clock via NTP from a valid reachable time server. Deploy the change and watch for it to update on FTD - it will take a few minutes to sync and decide to take the NTP server's assertion as valid.
04-26-2024 05:49 AM
Hi Marvin. It is already set for via NTP from Mgmt Center. There is not reachability issues or anything so not sure why it is not listed as the server in "show ntp"?
04-26-2024 09:12 AM
@CiscoBrownBelt if your FMC is an FMCv, they don't reliably serve up NTP. That's why we configure the managed devices to go directly to an NTP server.
04-26-2024 09:30 AM
No it is a physical FMC. I know its better to peer directly to a NTP server but for now using this.
05-02-2024 07:48 AM
Hi Marvin, although it states:
NTP Server : 127.0.0.2
Status : Being Used
Offset : -0.582 (milliseconds)
Last Update : 13 (seconds)
The time is still correct:
> show time
UTC - Thu May 2 14:43:14 UTC 2024
Localtime - Thu May 02 10:43:15 EDT 2024
Shouldn't it not have accurate time?
05-02-2024 09:16 AM
Time can be accurate without NTP. We use NTP to make it consistently accurate across many devices to ensure that time-dependent services, logs etc. are all in good working order and presenting accurate timestamps.
05-03-2024 08:26 AM
Right but thing is the FTD has been offline recently and clock was never manually hard coded or anything. Where would it get its accurate time from?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide