Is NTP Polling Time Interval Configurable?

Is NTP Polling Time Interval Configurable?

108389
Created On 09/25/18 20:40 PM - Last Modified 04/20/20 21:48 PM


Environment


  • Palo Alto Firewall.
  • PAN-OS 5.0 and above.


Resolution


The Palo Alto Networks firewall can be configured to use specified Network Time Protocol (NTP) servers using GUI: Device > Setup > Services. For synchronization with the NTP server(s), NTP uses a minimum polling value of 64 seconds and a maximum polling value of 1024 seconds. These minimum and maximum polling values are not configurable on the firewall.

Once the Palo Alto Networks device goes through the initial synchronization process and synchronizes the system clock, it will poll the NTP server within the default minimum and maximum range.

For more information on NTP server polling and the determination of the polling interval, visit www.ntp.org.

To manually restart the NTP process, use the following CLI command:

> debug software restart ntp
or
> debug software restart process ntp  => newer releases.

To view whether the NTP process has a new PID, execute:

show system software status | match ntp
   Process  ntp            running  (pid: 2216)

To verify NTP state, use the show ntp CLI command as in the following examples:

Example of successful connection:

> show ntp
NTP state:
    NTP synched to ntp.nc.u-tokyo.ac.jp
    NTP server ntp.nict.jp connected: True
    NTP server ntp.nc.u-tokyo.ac.jp connected: True

The following output is seen in the newer releases:

> show ntp
 NTP state:
 NTP synched to 1.pool.ntp.org
 NTP server: 1.pool.ntp.org
        status: synched
        reachable: yes
        authentication-type: none


Example of unsuccessful connection (Could be due to: Error in NTP Sync Status Display)

> show ntp
NTP state:
    NTP synched to LOCAL
    NTP server ntp.example.com connected: False
    NTP server ntp2.example.com connected: False

The following output is in the newer releases:

> show ntp
NTP state:
    NTP server: 0.pool.ntp.org
        status: rejected
        reachable: no
        authentication-type: none


To verify current system date and time, use the following CLI command:

> show clock

 



Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkXCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language