Hi

 Tnak you for your help !

I added the NTP server (194.2.0.28) but i still see the 127.127.1.1 and my timezone is still wrong.

Try restarting the daemons after making the changes.

Switch to expert mode and use the following commands for DNS and NTP respectively:

sudo /etc/rc.d/init.d/nscd restart

sudo /ngfw/usr/bin/ntpd restart 

Hi,

Thank you but still the same :(

Your sensor's ntp is falling back to using localhost (e.g. its own internal clock).

Can your sensor reach the configured NTP server on udp/123?

I can ping it, how can I test port 123 UDP ?

You can use ntpq from expert mode and look at the peers to see if the configured server is reachable and providing the ntp service.

> show ntp
NTP Server                : 103.16.182.23  (time.unisza.edu.my)
Status                    : Available
Offset                    : -11.995 (milliseconds)
Last Update               : 467 (seconds)

NTP Server                : Managing DC
Status                    : Available
Offset                    : 22.754 (milliseconds)
Last Update               : 61 (seconds)

NTP Server                : Managing DC
Status                    : Being Used
Offset                    : 0.479 (milliseconds)
Last Update               : 578 (seconds)

> expert
admin@vftd-new:~$ ntpq
ntpq> peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*127.0.0.2       103.16.182.23    3 u  595 1024  377    5.930    0.479   4.219
+time.unisza.edu 87.120.164.97    2 u  484 1024  367   48.632  -11.995   4.327
+202.45.138.123  202.21.137.10    2 u   78 1024  347   26.536   22.754   4.649
ntpq> 

I can see my NTP server ntp0.oleane.net , but what to do to make it primary :

It being in ".INIT." status means that it is configured but not reachable (or not serving up ntp).

Once it successfully initializes it should report a stratum better than the Stratum 10 that your localhost provides. (Stratum 16 is the default for unknown or no NTP.)

Okay, thanks for the explanation.

Should I add an access policy to allow flow on port UDP 123 ?

or maybe is it because I'm using management interface to reach the NTP server ?

Maybe FTD is designed to use only outisde or indide interface for NTP ?

The ntp queries from your FTD device should originate from the management interface. That source address must have the udp/123 access to the configured and working ntp server.

Can you please help me as I need to change the NTP server on the FTDv.
I have changed the NTP server on the FMC via the GUI but there is no option to edit the FTD, and now I have an out of sync issue.

@G3000LEE did you do as suggested in one of the earlier responses here? i.e.:

"

You need to change the info from platform settings option under Device section of FMC.

Create a new policy and make changes and assign the FTD in that. Deploy the changes to take affect.

"

Sorry, I am very new to FMC/FTD. I am teaching myself this technology using VM's and only started this week.

I found where to change the NTP setting for the FMC on the FMC. But I then run into issues with the FTDs being out of sync with the FMC. I want to change the FMC and all the FTDs to use my home lab NTP server which is my Cisco switch so all Lab and home hardware are using the same server

I am not advanced enough and don't know what you mean by "Create a new policy and make changes and assign the FTD in that.".

Are you saying I can create a ACP, which will change the FTDs NTP server settings?