Unable to connect to pool.ntp.org

Reply
L3 Networker

Unable to connect to pool.ntp.org

Hi

I have a problem with the NTP sync. When i make a "show ntp"

 

NTP state:
NTP not synched, using local clock
NTP server: asia.pool.ntp.org
status: rejected
reachable: no
authentication-type: none
NTP server: pool.ntp.org
status: rejected
reachable: no
authentication-type: none

 

But my mgmt interface is alow via policy rule to use ntp. I am able to ping the ntp host and a traceroute runs good.

So I search a bit you erros.. only found in sysdagent.log TIME: Unable to connect to asia.pool.ntp.org for ntpdate

I test it with "debug software restart process ntp"

 

Any Ideas?

 

L6 Presenter

Re: Unable to connect to pool.ntp.org

@clonesheep 

 

you may need to change the service route for NTP.

 

Device/Setup/Services/Service Route Configuration/NTP.

 

you will need to set this to the same interface that matches your policy.

L3 Networker

Re: Unable to connect to pool.ntp.org

But at the moment I have "Use Management Interface for all" and this will run. So I get PA Updates and Virusupdates and so on. For my MGT there is the default GW the eth2 and this I see in the Monitor Log.

 

But no NTP :(

L6 Presenter

Re: Unable to connect to pool.ntp.org

sorry i did not fully understand your setup.

 

L3 Networker

Re: Unable to connect to pool.ntp.org

Okay look:

MGT IP 10.0.8.1

eth 1/1 public IP

eth 1/2 10.0.8.2 my trust network

 

defualt virtual router route 0.0.0.0 to eth 1/1.

So my Mgmt Rule Src 10.0.8.1 trust zone goes to untrust destiantion any. This is how PA Updates work fine.

L6 Presenter

Re: Unable to connect to pool.ntp.org

what appliance is this on. or is it a VM.

L3 Networker

Re: Unable to connect to pool.ntp.org

Its a PA220

L6 Presenter

Re: Unable to connect to pool.ntp.org

Works for me but I do have my DNS currently set to 8.8.8.8 as palo docs state that the dns must have a reverse lookup for the ntp server.

 

https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Cld0CAC

 

admin@PA-3020(active)> show ntp

 

NTP state:

    NTP synched to asia.pool.ntp.org

    NTP server: asia.pool.ntp.org

        status: synched

        reachable: yes

        authentication-type: none

L6 Presenter

Re: Unable to connect to pool.ntp.org

Hmmmmmm.... not sure about previous link as set dns to internal and still works ok.

 

it does take about 5 mins to be succesful though.....

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!