Apart from the mentioned workaround, an alternative is to have the CAS NME to sync with the NTP server upon boot. As this requires some manual editing on the config files on the CAS, it's recommended to back-up the original files before proceeding.
There are two possibilities to do so, the preferred one is the first option below:
1) Edit the "/etc/init.d/perfigo" file. We need to add the Time check and sync at the end of the "start" section, so you can find where the following section starts in order to figure out where to insert the code. The following section is "stop" so you should look for the following:
~snip~ ;; stop) ~snip~
* Please enter the following lines just above the ";;"
# Clock/NTP setting YEAR=$(date +"%Y") if [ $YEAR -eq "2006" ]; then clock ntpdate -b setclock clock service perfigo stop service perfigo start fi
The idea about these commands is related to the fact that when the NAC-NME module loses the clock sync, it goes back to May 2006. The script checks if the year is set to 2006 upon the perfigo service start; if this is the case it will trigger a NTP sync and then it will stop&start the perfigo services. If, upon the next start the time is not yet in sync, the process will start again with time sync and perfigo stop&start. Once the time is correctly set, then there will be no more time sync done upon service start.
2) The initial version of the script was the one reported here. Although this worked in a lab environment, it didn't work properly at the customer's site. Edit the "/etc/rc.d/rc.local" file and add following commands to the bottom of the file:
This month, we're excited to bring awareness to a newly formed partnership between Cisco Secure and IBM.
Securing today's dynamic enterprise applications is critical. With hybrid and multi-cloud adoption, traditional network-based security ran into limita...
Listen: https://smarturl.it/CCRS8E42Follow us: twitter.com/CiscoChampion
APIClarity is an open source, cloud-native visibility tool for APIs. It utilizes a Service Mesh framework to capture and analyze API traffic and identify potential risks.
Hello everyone, A new video in the Cisco Secure Terraform Series has just been published. If you are interested in Infrastructure as Code, and Terraform, you don't want to miss out on this amazing series with Jason "Canadian Bacon" Maynard! Newe...
The Cisco Secure Firewall and SecureX teams are looking for feedback from active Secure Firewall users who may or may not have already activated SecureX. Your responses will help us improve the Firepower experience in SecureX. Th...