https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46872#M34450 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; We have 2 * 2050's running 4.0.7 here and I was wondering if I could use these devices as NTP servers for other devices to sync against?&nbsp; I've looked through the gui but can't see any way to do it so far.</P><P><BR />Cheers</P><P></P><P>Chris</P></BODY></HTML> Thu, 19 Apr 2012 09:00:46 GMT chrismckean 2012-04-19T09:00:46Z https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46872#M34450 <HTML><HEAD></HEAD><BODY><P>Hi Guys,</P><P>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; We have 2 * 2050's running 4.0.7 here and I was wondering if I could use these devices as NTP servers for other devices to sync against?&nbsp; I've looked through the gui but can't see any way to do it so far.</P><P><BR />Cheers</P><P></P><P>Chris</P></BODY></HTML> Thu, 19 Apr 2012 09:00:46 GMT https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46872#M34450 chrismckean 2012-04-19T09:00:46Z https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46873#M34451 <HTML><HEAD></HEAD><BODY><P>Not that im aware of.</P><P></P><P>However I think you could setup a DNAT rule to forward the NTP request made against some ip thats routed through the PA device (or ip which is already been used by the PA) into some NTP server of your choice.</P><P></P><P>For example if you only use RFC1918 addresses in your core you could address the ip of the PA device and with DNAT similar to:</P><P></P><P>srczone: inner</P><P>dstzone: inner</P><P>srcip: innerrange/cidr</P><P>dstip: PA_ip</P><P>service: udp123</P><P>translated dstzone: outer</P><P>translated dstip: NTP_ip_on_outer</P><P></P><P>along with a security rule that allows inner to reach outer for particular service like udp123 (and ip) and appid=ntp.</P></BODY></HTML> Thu, 19 Apr 2012 09:53:13 GMT https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46873#M34451 mikand 2012-04-19T09:53:13Z https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46874#M34452 <HTML><HEAD></HEAD><BODY><P>Thanks for the suggestion Mikand.</P></BODY></HTML> Fri, 20 Apr 2012 13:17:56 GMT https://live.paloaltonetworks.com/t5/general-topics/use-palo-as-an-ntp-device/m-p/46874#M34452 chrismckean 2012-04-20T13:17:56Z