Set custom network time service-NTP in FortiGate device.

Vulnerability:

No Time Synchronization Configured. The time synchronization against a network time service NTP was not configured on Fortigate Device.

 Description:

Time synchronization for network devices is inherently important, not just for the various services that make use of time, but also for the accurate logging of events. Therefore network devices can be configured to synchronize their time against a network time source in order to ensure that the time is synchronized.

 Impact:

Although not a direct threat to security, a device with no time synchronization configured would make it more difficult to correlate events in the logs. This would make a forensic investigation more complex, hindering any troubleshooting. The lack of time synchronization could also cause problems with some systems that depend on accurate time, such as some authentication services.

 Solution:

Netsecaddict recommends that all networked devices should synchronize their clocks with a network time source NTP.

Notes for Fortinet FortiGate Firewall with UTM FGT80E devices:

Fortinet FortiGate Firewall with UTM FGT80E devices can be configured to sync the time against a Network Time Protocol (NTP) time source using the web administration interface and the command line interface. From the web interface this can be configured by browsing to “System” then “Config” then “Time”. A time source can be configured from the command line using the following commands:

With GUI console.

ntp1

Command line

ntp2

config system global

  set ntpserver ip-address

  set syncinterval sync-mins

  set ntpsync enable

end

ntp3

Config System ntp

Set type custom

Set syncinterval X

Config ntpserver

Set server x.x.x.x

Set ntpv3 disable

Next

End

After applied NTP custom setting need to verify that NTP is applied or not.

#diag sys ntp status

This article will help you in VAPT activity. For the best practice NTP should enable on device.

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑

%d bloggers like this: