Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
Can all NTP Traffic Going to External Servers be Redirected to ... - Knowledge Base - Palo Alto Networks

Can all NTP Traffic Going to External Servers be Redirected to an Internal Time Server?

20848
Created On 09/25/18 17:50 PM - Last Modified 06/14/23 18:06 PM


Resolution


Overview

Currently there is no way to redirect traffic bound for all external NTP servers to a single internal server. However, traffic destined to specific external servers can be translated to the address of an internal server using NAT policies. If the server exists on a different zone than that of the hosts that will be accessing it, a simple destination NAT will suffice. However, if the server is on the same network (zone) as the hosts, a "U-Turn" NAT is needed, as shown here:

NTP_redirect_rule.PNG

In this example "Public NTP Server" is an address object that contains the IP address of a single public NTP server. The "Private NTP Server" is an address object that contains the address of the private NTP server where traffic should be sent.

See Also

How to Configure U-Turn NAT

owner: jhess
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 240,057
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClK1CAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language