Is NTP Polling Time Interval Configurable?

Printer Friendly Page

PAN-OS 5.0, 6.0, 6.1

 

The Palo Alto Networks firewall can be configured to use specified Network Time Protocol (NTP) servers. For synchronization with the NTP server(s), NTP uses a minimum polling value of 64 seconds and a maximum polling value of 1024 seconds. These minimum and maximum polling values are not configurable on the firewall.

 

Once the Palo Alto Networks device goes through the initial synchronization process and synchronizes the system clock, it will poll the NTP server within the default minimum and maximum range.

For more information on NTP server polling and the determination of the polling interval, visit www.ntp.org.

 

To manually restart the NTP process, use the following CLI command:

> debug software restart ntp

 

To view whether the NTP process has a new PID, execute:

         >  show system software status | match ntp

          Process  ntp            running  (pid: 2216)

 

To verify NTP state, use the show ntp CLI command as in the following examples:

Example of successful connection:

> show ntp

NTP state:

    NTP synched to ntp.nc.u-tokyo.ac.jp

    NTP server ntp.nict.jp connected: True

    NTP server ntp.nc.u-tokyo.ac.jp connected: True

 

Example of unsuccessful connection (Could be due to: Error in NTP Sync Status Display)

> show ntp

NTP state:

    NTP synched to LOCAL

    NTP server ntp.example.com connected: False

    NTP server ntp2.example.com connected: False

 

To verify current system date and time, use the following CLI command:

> show clock

 

owner: kadak

Tags (6)
Comments

Quoting Error in NTP Sync Status Display:

When the command is successful, it will show the NTP server status as follows:

> show ntp

NTP state:

    NTP synched to ntp.nc.u-tokyo.ac.jp

    NTP server ntp.nict.jp connected: True

    NTP server ntp.nc.u-tokyo.ac.jp connected: True


When it's not working it shows like in How do I debug NTP not working?:

> show ntp

NTP state:
NTP synched to LOCAL
NTP server secondaryNtpIp connected: False
NTP server primaryNtpIp connected: False

command doesn't seem to be complete - 6.1.x

and debug software restart ntp ? doesn't show anything.

userx@RP-PA-200> debug software restart ntp

Invalid syntax.

userx@RP-PA-200>

It worked :

hostname: 137-PA-200 <<<<<<<<<<<<<

ip-address: 10.66.18.137

netmask: 255.255.254.0

default-gateway: 10.66.18.1

ipv6-address: unknown

ipv6-link-local-address: fe80::b60c:25ff:fe3d:3700/64

ipv6-default-gateway:

mac-address: b4:0c:25:3d:37:00

time: Mon Jun  8 11:50:13 2015

uptime: 10 days, 9:30:08

family: 200

model: PA-200

serial: 001606020009

sw-version: 6.1.3 <<<<<<<<<<<<<

global-protect-client-package-version: 2.1.0

app-version: 500-2712

app-release-date: 2015/05/19  14:25:12

av-version: 1559-2034

av-release-date: 2015/05/26  04:00:01

threat-version: 500-2712

threat-release-date: 2015/05/19  14:25:12

wf-private-version: 0

wf-private-release-date: unknown

url-db: brightcloud

wildfire-version: 63334-70072

wildfire-release-date: 2015/05/26  12:36:03

url-filtering-version: 4521

global-protect-datafile-version: 1433778059

global-protect-datafile-release-date: 2015/06/08 15:40:59

logdb-version: 6.1.3

platform-family: 200

vpn-disable-mode: off

multi-vsys: off

operational-mode: normal

admin@137-PA-200> debug software restart ntp

  |        Pipe through a command

  <Enter>  Finish input

admin@137-PA-200> debug software restart ntp

admin@137-PA-200>

woops. actually the firewall is 7.0. i think it may be broken in 7.0.

This is the command to run in 7.0: debug software restart process ntp

To manually restart the NTP process, use the following CLI command:

> debug software restart ntp

 

should be

 

> debug software restart process ntp

 

This command "debug software restart process ntp" is going to restart the ntp process or it will start debugging the ntp

process  ?