What is NTP?
The Network Time Protocol (NTP) is a clock request that allows a client to get the current time from a server. Many devices will regularly make NTP requests to keep their clocks in sync. NTP traffic consists of UDP packets on port 123.
NTP traffic is very common and generally considered safe. However, vulnerable NTP servers can sometimes be exploited for DDoS attacks, and some malware may use the NTP protocol as a covert communication channel.
What is NTP Intercept?
Firewalla's NTP Intercept feature catches NTP requests and processes them locally using standard ntp.org NTP servers (or servers set by your ISP via DHCP).
- NTP Intercept is only supported on boxes in Router Mode or Bridge Mode.
-
Once NTP Intercept is turned on, depending on your network setup, the NTP requests from your devices may either be shown as normal flows without an Outbound Interface (since they're resolved by Firewalla internally) or not show up in your flows.
- Another way of checking if NTP Intercept is working is to query a fake NTP server while it's enabled. See our article on validating Firewalla features for more details.
- NOTE: If your device is using NTS (Network Time Security), Firewalla's NTP Intercept will not work on that device. Please disable NTP Intercept for that network.
Why should I use NTP Intercept?
NTP Intercept can improve your network in the following ways:
- Reduces your network's risk exposure – NTP Intercept ensures that all your devices only communicate with trusted NTP servers to keep their time synced, reducing your network's risk exposure and preventing any covert channels over NTP.
- Allows highly restricted devices to sync their time – For example, if you implement a rule to block your security cameras from accessing the Internet, you can use NTP Intercept to make sure their clocks are still accurate.
- Saves bandwidth – NTP Intercept reduces NTP traffic on your WAN.
How does NTP Intercept work?
Once turned on, Firewalla will intercept all NTP requests (from devices or networks with NTP intercept enabled) and then respond locally to that request. From the devices' perspectives, NTP requests simply succeed as usual.
How do I turn on NTP Intercept?
Tap the Services button on your box's main page to enable NTP Intercept. Scroll down and toggle on NTP Intercept. It will be applied to all your networks by default.
To specify what networks NTP Intercept is enabled for, tap Apply To, tap Specified Networks, and then choose at least one network.
Comments
9 comments
How can we set which NTP servers Firewalla is using?
If your DHCP doesn't dedicate NTP servers, the default is ntp.org
i would like firewalla to use a NTP server INSIDE my network
so
1 ability to configure which NTP servers firewalla uses
2 ability to select server INSIDE the network (LAN side)
Agreed, I want to use NTP services that I choose.
I have a GPS-based NTP time receiver in my network. It would be great to intercept requests and I could use my source for the responses. I would very, very much use NTP Intercept if I could specify a host of my choice for Firewalla to use.
I would like to also put in a vote to be able to tell Firewalla which external NTP servers to use while still intercepting internal requests.
Being able to set the NTP server (either external or LAN, eg a GPS based local NTP server) would be amazing. I hope this feature gets added.
Is it possible to add/support a GNSS/GPS accessory that connects via USB to provide Stratum 1 time and then use NTP Intercept? It would help me in eliminating a simple yet expensive device from my network (Time Server).
i've noticed that if I enable NTP interception and if I disable it that means I disable active protect, devices that are on VPN or even remote ISP connection from one country to another will get the time in the local zone not matching the VPN for Google TV for example it's as good as a DNS leak and it'll break all of the functionality. How do I not disable active protect for all devices and still protect one network from getting the local time through NTP request would be grateful for any advice on this thanks
Please sign in to leave a comment.