How to allow NTP ONLY to pool.ntp.org

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to allow NTP ONLY to pool.ntp.org

L2 Linker

I have a requirement to allow the internal NTP servers to sync with ONLY US.pool.ntp.org.  I have tried creating the rule 2 different ways.

  1. Create a address object using FQDN for us.pool.ntp.org and use that in the rule destination.
    1. This doesn't work as there are like 500+ ips behind that pool
  2. Create a custom URL category for us.pool.ntp.org and use that as criteria in the rule.
    1. This doesn't work either.  It seems the traffic is not being given a URL category.  I see it listed as ANY.

How best can I create this security policy to limit NTP updates to the us.pool.ntp.org?

PCNSC, PCNSE, Cyber Force Defender
5 REPLIES 5

Hi @jlieberman ,

 

I finally understand what is the problem with the FQDN object. It seems that DNS return different IP addresses every time a request is sent. 

 

I was going to suggest to use some script that is reading all 500+ server and providing EDL, but I didn't manage to find the full list of addresses so I am not sure of the effort will worth it.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!