RE: Time syncing firewalls

["Squire, Jonathan" <Jonathan.Squire () dowjones com>]

There are also various standalone hardware NTP server:
http://www.bancomm.com/cTS2100.htm
http://www.spectracomcorp.com/
http://www.truetime.com/

Search the web for others.

-Jon


> -----Original Message-----
> From: Darren Reed [mailto:darrenr () reed wattle id au]
> Sent: Friday, December 03, 1999 10:40 PM
> To: aturner () vicinity com
> Cc: firewall-wizards () nfr net
> Subject: Re: Time syncing firewalls
>
>
> In some email I received from Aaron D. Turner, sie wrote:
> > We're using a number of FW-1 firewalls with SKIP to provide VPN
> > services between various locations around the world.  One problem
> > we're seeing is that every few weeks the VPN will go down for no
> > apparent reason.  After talking with Checkpoint, the 
> consensus appears
> > to be that the firewalls are having clock drift which SKIP is very
> > sensitive too.
> >
> > So, I was wondering what other people were using for secure
> > time-syncing firewalls running on Solaris.  NTP?  timed?  I'd prefer
> > NTP so that I can keep the firewalls in sync with other equipment
> > which generates logs for log syncing purposes, though I'm a bit
> > concerened about opening another port on the firewalls.
> >
> > Comments?
>
> Get yourself a GPS receiver and dedicate a PC running NetBSD or some
> such as your local stratum 0 time server.  Fix it up so that the only
> way it can be reached is via the NTP port.  Should cost you less than
> $2k in materials for a `reliable' time source.  Don't forget to setup
> authoriziation keys for NTP either!
>
> Darren