For details on cookie usage on our site, read our Privacy Policy
How to allow NTP ONLY to pool.ntp.org
- LIVEcommunity
- Discussions
- General Topics
- Re: How to allow NTP ONLY to pool.ntp.org
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
How to allow NTP ONLY to pool.ntp.org
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-24-2020 01:24 PM
I have a requirement to allow the internal NTP servers to sync with ONLY US.pool.ntp.org. I have tried creating the rule 2 different ways.
- Create a address object using FQDN for us.pool.ntp.org and use that in the rule destination.
- This doesn't work as there are like 500+ ips behind that pool
- Create a custom URL category for us.pool.ntp.org and use that as criteria in the rule.
- This doesn't work either. It seems the traffic is not being given a URL category. I see it listed as ANY.
How best can I create this security policy to limit NTP updates to the us.pool.ntp.org?
- Mark as New
- Subscribe to RSS Feed
- Permalink
09-26-2020 12:29 PM
Hi @jlieberman ,
I finally understand what is the problem with the FQDN object. It seems that DNS return different IP addresses every time a request is sent.
I was going to suggest to use some script that is reading all 500+ server and providing EDL, but I didn't manage to find the full list of addresses so I am not sure of the effort will worth it.
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
