Palo Alto Networks Knowledgebase: Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server?

Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server?

2867
Created On 02/08/19 00:08 AM - Last Updated 02/08/19 00:08 AM
Policy
Resolution

Overview

Currently there is no way to redirect traffic bound for all external NTP servers to a single internal server. However, traffic destined to specific external servers can be translated to the address of an internal server using NAT policies. If the server exists on a different zone than that of the hosts that will be accessing it, a simple destination NAT will suffice. However, if the server is on the same network (zone) as the hosts, a "U-Turn" NAT is needed, as shown here:

NTP_redirect_rule.PNG

In this example "Public NTP Server" is an address object that contains the IP address of a single public NTP server. The "Private NTP Server" is an address object that contains the address of the private NTP server where traffic should be sent.

See Also

How to Configure U-Turn NAT

owner: jhess



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK1CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language