Dear Team,
I am trying to have ntp.org pools only used as the ntp session on my config.
object-group network DNS-ISP
description IPv4 ISP's Local DNS
host 10.19.140.1
!
object-group network DNS-UMBRELLA
description IPv4 Umbrella DNS
host 208.67.222.222
host 208.67.220.220
object-group network VALID-DNS
description Valid DNS servers
group-object DNS-UMBRELLA
group-object DNS-ISP
object-group fqdn NTP-POOL
description Valid NTP FQDN servers
pattern "gr\.pool\.ntp\.org"
pattern "nero\.grnet\.gr"
pattern "europe\.pool\.ntp\.org"
object-group service BOOTP
description BOOTP requests
udp eq bootpc
udp eq bootps
!
object-group service SSH
description SSH requests
tcp eq 22
!
object-group service DOMAIN
description DOMAIN requests
udp eq domain
tcp eq domain
!
object-group service NTP
description NTP requests
udp eq ntp
!
object-group service DENY-SERVICES
description Object is used to Deny Services
group-object BOOTP
group-object SSH
group-object DOMAIN
group-object NTP
object-group network Martian_prefixes
description All Martian and bogus prefixes
0.0.0.0 255.0.0.0
127.0.0.0 255.0.0.0
169.254.0.0 255.255.0.0
192.0.0.0 255.255.255.0
192.0.2.0 255.255.255.0
240.0.0.0 240.0.0.0
224.0.0.0 240.0.0.0
224.0.0.0 255.255.255.0
host 255.255.255.255
10.0.0.0 255.0.0.0
192.168.0.0 255.255.0.0
172.16.0.0 255.240.0.0
sh access-lists
Extended IP access list ACCL-IN
10 permit udp object-group VALID-DNS eq domain host 10.19.140.254
11 permit tcp object-group VALID-DNS eq domain host 10.19.140.254
30 permit udp fqdn-group NTP-POOL eq ntp any
40 deny object-group DENY-SERVICES any any
100 deny ip object-group Martian_prefixes any
99999 permit ip any any log-input
When this acl is used on 17.7.X I am getting an error message on the logs and acl is not applied.
Do any knows if this is an SD-WAN feature only ?
Regards
