Sophos UTM provided the ability to act as an NTP server, which was very usefull in many installations.
It looks like though, that Sophos has no intentions to add this feature to XG.
But Rob Andrews, in the Sophos Community, came up with a very simple workaround, a SNAT rule, that catches NTP traffic comming to the XG LAN IP and passes it on to the NTP server of your choice, I tried it out, and here is what I did:
Create a NAT rule:
Now point your NTP client to the LAN IP of the XG, and see what happends 🙂
Remember to create a firewall rule accordingly, if you do not allow LAN –> WAN (ANY) 🙂
Thanks for the workaround Rob!
Hey, thanks for the instructions.
However, the workaround is like entering the car through the boot. 😉
The NTP feature is definitely missing here. Best regards!
Ha ha exactly!! 😀
Thanks Thorsten 🙂
Best regards!
Dear Martin,
Thank you for your post.
I am struggling to configure the NTP service as mention on your post on the XG310.
It is running the most-updated firmware (SFOS 18.5.3).
I created the NAT rule following your post and can see the Usage value on the NAT rules page increasing every time I query the NTP server.
Firewall rule was set to LAN, Any host to WAN, Any host, Accept Any service. (It is the Default_Network_Protocol rule)
However I had to create a new rule that exact is “LAN, Any host to WAN, Any host, Accept NTP” to make the NTP service to work.
Is this new in the SFOS 18.5.3?
I am new with the Sophos FW and I appreciate any help.
Thank you in advance!
Hi,
Running SFOS v19, have just tested it, but works fine with the illustration I did in the article 🙂
make sure everything is exact as is and you are connecting from that specific zone also 🙂