yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Set NTP time source on Checkpoint firewall to have correct log timestamps

It is hard to argue that logs are as good as correct they are. And correct timestamps of the logs are crucial to this. Internal clock is prone to drifting with time, in my experience I’ve seen some Check Point UTM appliances to drift as much as 40 minutes in just one year ! Even worse is that you can never be sure of the drift distribution over time – it may be incremental drift every day, or sudden jump due to who knows what.
To prevent this from happening I use NTP time synchronization on all of my servers/firewalls. If you have been in system administration for some time it is old news for you – just use ntpd daemon and pool.ntp.org servers located close to you, and you are set in 5 minutes.
In Checkpoint they took the hardening of the underlying OS to extreme and supplied only outdated ntpdate utility for the task, no ntpd for us.
Not a big deal – I use the cron job below to run every 30 minutes ntpdate to update the firewall clock and so better be you.
Cheers
30 * * * * /usr/sbin/ntpdate 1.uk.pool.ntp.org > dev/null



5 Comments

  1. Issuing the command: “ntp -n 30 1.uk.pool.ntp.org” should also have the same result, which is pretty much a wrapper to set up the cron job.

  2. Yuri

    November 13, 2011 at 9:11 pm

    yep, you are right, indeed ntp is wrapper BASH script that sets environment variables and then fires up the same ntpdat. Probably it is better way to do it, I just looked at these bash scripts and didn’t quite see any value , but may be i am wrong and missed something.
    Thanks anyway.
    Yuri

  3. michael endrizzi

    February 21, 2012 at 3:40 pm

    Look out. ntpdate is broke if the delta is too big, it goes negative. Have to do a -b -f to force it to accept the delta.

  4. Yuri

    February 21, 2012 at 7:26 pm

    Thanks, I haven’t seen yet firewall timing differ that much to cause the issue, but good to know.
    Yuri

  5. On secureplatform you can configure ntp on the webui. Or do you like cli?

Comments are closed.

© 2016 yurisk.info

Theme by Anders NorenUp ↑