Firewall Wizards mailing list archives
Re: Time syncing firewalls
From: "Steven M. Bellovin" <smb () research att com>
Date: Fri, 03 Dec 1999 21:07:17 -0500
In message <Pine.GSO.4.20.9912021309200.26387-100000 () carerra corp vicinity com> , "Aaron D. Turner" writes:
We're using a number of FW-1 firewalls with SKIP to provide VPN services between various locations around the world. One problem we're seeing is that every few weeks the VPN will go down for no apparent reason. After talking with Checkpoint, the consensus appears to be that the firewalls are having clock drift which SKIP is very sensitive too.
You could switch to real IPsec...
So, I was wondering what other people were using for secure time-syncing firewalls running on Solaris. NTP? timed? I'd prefer NTP so that I can keep the firewalls in sync with other equipment which generates logs for log syncing purposes, though I'm a bit concerened about opening another port on the firewalls.
GPS receivers are cheap, and they can serve as stratum 1 NTP clocks. Set up your own, internal NTP mesh, using at least two stratum 1 clocks in different locations. --Steve Bellovin
Current thread:
- Time syncing firewalls Aaron D. Turner (Dec 03)
- Re: Time syncing firewalls Darren Reed (Dec 06)
- <Possible follow-ups>
- Re: Time syncing firewalls Steven M. Bellovin (Dec 06)
- RE: Time syncing firewalls Squire, Jonathan (Dec 07)