Firewall Wizards mailing list archives
RE: Time syncing firewalls
From: "Squire, Jonathan" <Jonathan.Squire () dowjones com>
Date: Tue, 7 Dec 1999 08:19:28 -0500
There are also various standalone hardware NTP server: http://www.bancomm.com/cTS2100.htm http://www.spectracomcorp.com/ http://www.truetime.com/ Search the web for others. -Jon
-----Original Message----- From: Darren Reed [mailto:darrenr () reed wattle id au] Sent: Friday, December 03, 1999 10:40 PM To: aturner () vicinity com Cc: firewall-wizards () nfr net Subject: Re: Time syncing firewalls In some email I received from Aaron D. Turner, sie wrote:We're using a number of FW-1 firewalls with SKIP to provide VPN services between various locations around the world. One problem we're seeing is that every few weeks the VPN will go down for no apparent reason. After talking with Checkpoint, theconsensus appearsto be that the firewalls are having clock drift which SKIP is very sensitive too. So, I was wondering what other people were using for secure time-syncing firewalls running on Solaris. NTP? timed? I'd prefer NTP so that I can keep the firewalls in sync with other equipment which generates logs for log syncing purposes, though I'm a bit concerened about opening another port on the firewalls. Comments?Get yourself a GPS receiver and dedicate a PC running NetBSD or some such as your local stratum 0 time server. Fix it up so that the only way it can be reached is via the NTP port. Should cost you less than $2k in materials for a `reliable' time source. Don't forget to setup authoriziation keys for NTP either! Darren
Current thread:
- Time syncing firewalls Aaron D. Turner (Dec 03)
- Re: Time syncing firewalls Darren Reed (Dec 06)
- <Possible follow-ups>
- Re: Time syncing firewalls Steven M. Bellovin (Dec 06)
- RE: Time syncing firewalls Squire, Jonathan (Dec 07)