Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server?

Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server?

17076
Created On 09/25/18 17:50 PM - Last Modified 06/14/23 18:06 PM


Resolution


Overview

Currently there is no way to redirect traffic bound for all external NTP servers to a single internal server. However, traffic destined to specific external servers can be translated to the address of an internal server using NAT policies. If the server exists on a different zone than that of the hosts that will be accessing it, a simple destination NAT will suffice. However, if the server is on the same network (zone) as the hosts, a "U-Turn" NAT is needed, as shown here:

NTP_redirect_rule.PNG

In this example "Public NTP Server" is an address object that contains the IP address of a single public NTP server. The "Private NTP Server" is an address object that contains the address of the private NTP server where traffic should be sent.

See Also

How to Configure U-Turn NAT

owner: jhess
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK1CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language