What is NTP?
The Network Time Protocol (NTP) is a clock request that allows a client to get the current time from a server. Many devices will regularly make NTP requests to keep their clocks in sync. NTP traffic consists of UDP packets on port 123.
NTP traffic is very common and generally considered safe. However, vulnerable NTP servers can sometimes be exploited for DDoS attacks, and some malware may use the NTP protocol as a covert communication channel.
What is NTP Intercept?
Firewalla's NTP Intercept feature catches NTP requests and processes them locally using standard ntp.org NTP servers (or servers set by your ISP via DHCP).
- NTP Intercept is only supported on boxes in Router Mode or Bridge Mode.
-
Once NTP Intercept is turned on, depending on your network setup, the NTP requests from your devices may either be shown as normal flows without an Outbound Interface (since they're resolved by Firewalla internally) or not show up in your flows.
- Another way of checking if NTP Intercept is working is to query a fake NTP server while it's enabled. See our article on validating Firewalla features for more details.
Why should I use NTP Intercept?
NTP Intercept can improve your network in the following ways:
- Reduces your network's risk exposure – NTP Intercept ensures that all your devices only communicate with trusted NTP servers to keep their time synced, reducing your network's risk exposure and preventing any covert channels over NTP.
- Allows highly restricted devices to sync their time – For example, if you implement a rule to block your security cameras from accessing the Internet, you can use NTP Intercept to make sure their clocks are still accurate.
- Saves bandwidth – NTP Intercept reduces NTP traffic on your WAN.
How does NTP Intercept work?
Once turned on, Firewalla will intercept all NTP requests (from devices or networks with NTP intercept enabled) and then respond locally to that request. From the devices' perspectives, NTP requests simply succeed as usual.
How do I turn on NTP Intercept?
Tap the Services button on your box's main page to enable NTP Intercept. Scroll down and toggle on NTP Intercept. It will be applied to all your networks by default. To specify what networks NTP Intercept is enabled for, tap Apply To, tap Specified Networks, and then choose at least one network.
Comments
5 comments
i would like firewalla to use a NTP server INSIDE my network
so
1 ability to configure which NTP servers firewalla uses
2 ability to select server INSIDE the network (LAN side)
How can we set which NTP servers Firewalla is using?
Agreed, I want to use NTP services that I choose.
I have a GPS-based NTP time receiver in my network. It would be great to intercept requests and I could use my source for the responses. I would very, very much use NTP Intercept if I could specify a host of my choice for Firewalla to use.
If your DHCP doesn't dedicate NTP servers, the default is ntp.org
Please sign in to leave a comment.