Sophos XG: XG as NTP server – workaround

Sophos UTM provided the ability to act as an NTP server, which was very usefull in many installations.

It looks like though, that Sophos has no intentions to add this feature to XG.

But Rob Andrews, in the Sophos Community, came up with a very simple workaround, a SNAT rule, that catches NTP traffic comming to the XG LAN IP and passes it on to the NTP server of your choice, I tried it out, and here is what I did:

Create a NAT rule:

Now point your NTP client to the LAN IP of the XG, and see what happends 🙂

Remember to create a firewall rule accordingly, if you do not allow LAN –> WAN (ANY) 🙂

Thanks for the workaround Rob!

 

4 Comments

  1. Thorsten Sult

    Hey, thanks for the instructions.
    However, the workaround is like entering the car through the boot. 😉

    The NTP feature is definitely missing here. Best regards!

    Reply
    1. Martin (Post author)

      Ha ha exactly!! 😀
      Thanks Thorsten 🙂

      Best regards!

      Reply
  2. Van Le

    Dear Martin,

    Thank you for your post.

    I am struggling to configure the NTP service as mention on your post on the XG310.
    It is running the most-updated firmware (SFOS 18.5.3).

    I created the NAT rule following your post and can see the Usage value on the NAT rules page increasing every time I query the NTP server.
    Firewall rule was set to LAN, Any host to WAN, Any host, Accept Any service. (It is the Default_Network_Protocol rule)

    However I had to create a new rule that exact is “LAN, Any host to WAN, Any host, Accept NTP” to make the NTP service to work.

    Is this new in the SFOS 18.5.3?

    I am new with the Sophos FW and I appreciate any help.
    Thank you in advance!

    Reply
    1. Martin (Post author)

      Hi,

      Running SFOS v19, have just tested it, but works fine with the illustration I did in the article 🙂

      make sure everything is exact as is and you are connecting from that specific zone also 🙂

      Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close