Configure NTP Time Synchronization for Threat Defense

Use a Network Time Protocol (NTP) server to synchronize the clock settings on your devices. We recommend you configure all Firewall Threat Defenses managed by an Firewall Management Center to use the same NTP server as the Firewall Management Center. The Firewall Threat Defense gets its time directly from the configured NTP server. If the Firewall Threat Defense's configured NTP servers are not reachable for any reason, it synchronizes its time with the Firewall Management Center.

The device supports NTPv4.

Note

If you are deploying Firewall Threat Defense on the Firepower 4100/9300 chassis, you must configure NTP on the Firepower 4100/9300 chassis so that Smart Licensing will work properly and to ensure proper timestamps on device registrations. You should use the same NTP server for the Firepower 4100/9300 chassis and the Firewall Management Center.

Before you begin

If your organization has one or more NTP servers that your Firewall Threat Defense can reach, use the same NTP server or servers for your devices that you have configured for Time Synchronization on the System > Configuration page on your Firewall Management Center.
If you selected Use the authenticated NTP server only when configuring NTP server or servers for the Firewall Management Center, for your devices use only the NTP server or servers that are configured to authenticate with the Firewall Management Center. (The managed devices will use the same NTP servers as the Firewall Management Center, but their NTP connections will not use authentication.)
If your device cannot reach an NTP server or your organization does not have one, you must use the Via NTP from Defense Center option as discussed in the following procedure.

Procedure

Step 1	Select Devices > Platform Settings and create or edit the Firewall Threat Defense policy.
Step 2	Select Time Synchronization.
Step 3	Configure one of the following clock options: Via NTP from Defense Center—(Default). The managed device gets time from the NTP servers you configured for the Firewall Management Center (except for authenticated NTP servers) and synchronizes time with those servers directly. However, if any of the following are true, the managed device synchronizes time from the Firewall Management Center: The Firewall Management Center’s NTP servers are not reachable by the device. The Firewall Management Center has no unauthenticated servers. Via NTP from—If your Firewall Management Center is using NTP servers on the network, select this option and enter the fully-qualified DNS name (such as ntp.example.com), or IPv4 or IPv6 address, of the same NTP servers you specified in System > Configuration > Time Synchronization. If the NTP servers are not reachable, the Firewall Management Center acts as an NTP server.
Step 4	Click Save.

What to do next

Make sure the policy is assigned to your devices. See Setting Target Devices for a Platform Settings Policy.
Deploy configuration changes; see Deploy Configuration Changes.
If your system includes Classic devices, set up time synchronization for those devices. See Synchronize Time on Classic Devices with an NTP Server.