Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
2
Replies

Time Synchronization

s.niyamangkoon
Level 1
Level 1

‎11-27-2001 01:17 AM - edited ‎03-08-2019 09:16 PM

I have three tiers architecture (presentation, application and database). Presentation tier is located at DMZ (demilitarized zone). Application and Database tiers are located in secured network (behind firewall). Using Cisco PIX Firewall as DMZ perimeter, I can create fundamental level of protection. The problem is that we don't have time synchronization between servers in each tiers which cause me some problem running application and logging system. I would like to

use NTP as an accurate timekeeping protocol. Unfortunately, I'm not sure allowing NTP service thru my firewall's policy. From my experience, we should not allow NTP to and from public insecure network (Internet). One function of our system is to serve online auction system. Our servers operate on many operating systems (NT4, SunOS, HP-UX). That causes me the make time synchronization between servers in each tiers and the Internet. I just would like to know how to make it possible while providing same level of protection. Thank you in advance.

Labels:
0 Helpful
2 Replies 2

jwitherell
Level 1
Level 1

‎11-27-2001 03:09 PM

I use two NTP servers on my internal network as Stratum 3. All my NTP needs are served from those two machines. Our sysadmin watches these servers very closely, as they are also doing other vital functions as well. If you don't want to sync your NTP servers across the internet, alot of higher stratum NTP clocks out there have dialup numbers you can use, which ought to help on the security front.

0 Helpful

awalnet
Level 1
Level 1

‎12-02-2001 03:18 AM

I have set up a local time server on a secured segment behind a Cisco 535 which is synchronizing its' time with an ntp server sitting outside the firewall.The servers sitting in the internal secured segments are synchronizing their time using the local time server sitting behind the firewall.

In this case you just have to open a conduit for the specific ntp server sitting on the outside to send back the ntp reply to the local time server.

You can work with the same toplogy as it is working securely for me here.

Regards,

Zeshan Mansoor Jalali

Cisco Security Specialist,CCIE(R&S)-Written, CCNP,CCDA

0 Helpful
Customers Also Viewed These Support Documents