NTP

In this post we will set NTP and timezone for our Fortigate

CONFIGURE NTP

First lets see the current NTP config

FG1 # show system ntp
config system ntp
    set ntpsync enable
end

FG1 # show full-configuration system ntp
config system ntp
    set ntpsync enable
    set type fortiguard
    set syncinterval 60
    set source-ip 0.0.0.0
    set source-ip6 ::
    set server-mode disable
end


Find a suitable public NTP server and confirm reachability. In this case Google.

FG1 # execute ping time.google.com
PING time.google.com (216.239.35.8): 56 data bytes
64 bytes from 216.239.35.8: icmp_seq=0 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=1 ttl=43 time=142.7 ms
64 bytes from 216.239.35.8: icmp_seq=2 ttl=43 time=142.2 ms
64 bytes from 216.239.35.8: icmp_seq=3 ttl=43 time=142.6 ms
64 bytes from 216.239.35.8: icmp_seq=4 ttl=43 time=143.0 ms

--- time.google.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 142.2/142.6/143.0 ms

FG1 # 



To change to a different NTP server from "Fortigate" we need to set type "custom"

FG1 # config system ntp

FG1 (ntp) # show full-configuration
config system ntp
    set ntpsync enable
    set type fortiguard
    set syncinterval 60
    set source-ip 0.0.0.0
    set source-ip6 ::
    set server-mode disable
end

FG1 (ntp) # set type custom 

Now set the timeserver to be google.

FG1 (ntp) # config ntpserver

FG1 (ntpserver) # edit 1
new entry '1' added

FG1 (1) #
set      Modify value.
unset    Set to default value.
get      Get dynamic and system information.
show     Show configuration.
next     Configure next table entry.
abort    End and discard last config.
end      End and save last config.

FG1 (1) # set
*server            IP address or hostname of the NTP Server.
ntpv3             Enable to use NTPv3 instead of NTPv4.
authentication    Enable/disable MD5(NTPv3)/SHA1(NTPv4) authentication.

FG1 (1) #FG1 (1) # set server time.google.com

FG1 (1) # end

FG1 (ntp) # end

FG1 # show full-configuration system ntp
config system ntp
    set ntpsync enable
    set type custom
    set syncinterval 60
    config ntpserver
        edit 1
            set server "time.google.com"
            set ntpv3 disable
            set authentication disable
        next
    end
    set source-ip 0.0.0.0
    set source-ip6 ::
    set server-mode disable
end

FG1 # 


CHECK NTP STATUS

FG1 # diagnose sys ntp status
synchronized: yes, ntpsync: enabled, server-mode: disabled

ipv6 server(time.google.com) 2001:4860:4806:8:: -- reachable(0xfe) S:0 T:540
         no data
ipv6 server(time.google.com) 2001:4860:4806:c:: -- reachable(0xfe) S:0 T:540
         no data
ipv6 server(time.google.com) 2001:4860:4806:4:: -- reachable(0xfe) S:0 T:540
         no data
ipv4 server(time.google.com) 216.239.35.4 -- reachable(0xff) S:1 T:541 selected
        server-version=4, stratum=1
        reference time is e24cd69f.c3ec145c -- UTC Fri Apr 24 03:08:15 2020
        clock offset is -0.003261 sec, root delay is 0.000000 sec
        root dispersion is 0.000153 sec, peer dispersion is 8 msec

ipv4 server(time.google.com) 216.239.35.8 -- reachable(0xff) S:1 T:541
        server-version=4, stratum=1
        reference time is e24cd6a0.110abec9 -- UTC Fri Apr 24 03:08:16 2020
        clock offset is -0.005655 sec, root delay is 0.000000 sec
        root dispersion is 0.000183 sec, peer dispersion is 0 msec

ipv4 server(time.google.com) 216.239.35.12 -- reachable(0xff) S:1 T:541
        server-version=4, stratum=1
        reference time is e24cd6a0.68cdc6c -- UTC Fri Apr 24 03:08:16 2020
        clock offset is -0.003462 sec, root delay is 0.000000 sec
        root dispersion is 0.000198 sec, peer dispersion is 19 msec

ipv6 server(time.google.com) 2001:4860:4806:: -- reachable(0xfe) S:0 T:540
         no data
ipv4 server(time.google.com) 216.239.35.0 -- reachable(0xff) S:1 T:541
        server-version=4, stratum=1
        reference time is e24cd6a0.688d859 -- UTC Fri Apr 24 03:08:16 2020
        clock offset is -0.003146 sec, root delay is 0.000000 sec
        root dispersion is 0.000183 sec, peer dispersion is 17 msec


SET TIMEZONE

Check current settings.

FG1 # show system global
config system global
    set alias "FortiGate-VM64"
    set hostname "FG1"
    set timezone 04
end

Set timezone for Sydney.

FG1 # config system global

FG1 (global) # set timezone
01    (GMT-11:00) Midway Island, Samoa
02    (GMT-10:00) Hawaii
03    (GMT-9:00) Alaska
04    (GMT-8:00) Pacific Time (US & Canada)
05    (GMT-7:00) Arizona
81    (GMT-7:00) Baja California Sur, Chihuahua
06    (GMT-7:00) Mountain Time (US & Canada)
07    (GMT-6:00) Central America
:
snip
:
64    (GMT+10:00) Brisbane
65    (GMT+10:00) Canberra, Melbourne, Sydney
66    (GMT+10:00) Guam, Port Moresby
67    (GMT+10:00) Hobart
68    (GMT+10:00) Vladivostok
69    (GMT+10:00) Magadan
70    (GMT+11:00) Solomon Is., New Caledonia
71    (GMT+12:00) Auckland, Wellington
72    (GMT+12:00) Fiji, Kamchatka, Marshall Is.
00    (GMT+12:00) Eniwetok, Kwajalein
82    (GMT+12:45) Chatham Islands
73    (GMT+13:00) Nuku'alofa
86    (GMT+13:00) Samoa
76    (GMT+14:00) Kiritimati

FG1 (global) # set timezone 65

FG1 (global) # end

FG1 #

Check timezone working.

Before

FG1 # execute time
current time is: 20:12:24
last ntp sync:Thu Apr 23 20:08:15 2020

After

FG1 # execute time
current time is: 13:16:04
last ntp sync:Fri Apr 24 13:08:15 2020


FG1 # get system status | grep Version
Version: FortiGate-VM64 v6.2.3,build1066,191218 (GA)
Release Version Information: GA