Time Synchronization

Use a Network Time Protocol (NTP) server to synchronize the clock settings on your devices. We recommend you configure all Firewall Threat Defenses managed by a Cloud-Delivered Firewall Management Center to use the same NTP server as the Cloud-Delivered Firewall Management Center. The Firewall Threat Defense gets its time directly from the configured NTP server. If the Firewall Threat Defense's configured NTP servers are not reachable for any reason, it synchronizes its time with the Cloud-Delivered Firewall Management Center.

The device supports NTPv4.

Note

If you are deploying Firewall Threat Defense on the Firepower 4100/9300 chassis, you must configure NTP on the Firepower 4100/9300 chassis so that Smart Licensing will work properly and to ensure proper timestamps on device registrations. You should use the same NTP server for the Firepower 4100/9300 chassis and the Cloud-Delivered Firewall Management Center.

Before you begin

  • If your organization has one or more NTP servers that your Firewall Threat Defense can reach, use the same NTP server or servers for your devices that you have configured for Time Synchronization on the Administration > Configuration page on your Cloud-Delivered Firewall Management Center.

  • If you selected Use the authenticated NTP server only when configuring NTP server or servers for the Cloud-Delivered Firewall Management Center, for your devices use only the NTP server or servers that are configured to authenticate with the Cloud-Delivered Firewall Management Center. (The managed devices will use the same NTP servers as the Cloud-Delivered Firewall Management Center, but their NTP connections will not use authentication.)

  • If your device cannot reach an NTP server or your organization does not have one, use the Via NTP from Management Center option as discussed in the following procedure.

Procedure

Step 1

Choose Devices > Platform Settings and create or edit the Firewall Threat Defense policy.

Step 2

Select Time Synchronization.

Step 3

Configure one of the following clock options:

  • Via NTP from Management Center—(Default). The managed device gets time from the NTP servers you configured for the Cloud-Delivered Firewall Management Center (except for authenticated NTP servers) and synchronizes time with those servers directly. However, if any of the following are true, the managed device synchronizes time from the Cloud-Delivered Firewall Management Center:

    • The Cloud-Delivered Firewall Management Center’s NTP servers are not reachable by the device.

    • The Cloud-Delivered Firewall Management Center has no unauthenticated servers.

  • Via NTP from—If your Cloud-Delivered Firewall Management Center is using NTP servers on the network, select this option and enter the fully-qualified DNS name (such as ntp.example.com), or IPv4 or IPv6 address, of the same NTP servers you specified in Administration > Configuration > Time Synchronization. If the NTP servers are not reachable, the Cloud-Delivered Firewall Management Center acts as an NTP server.

When multiple NTP servers are configured, the device uses the NTP server that is deemed appropriate based on the criteria defined in RFC. Thus, the status of "Being used" for a specific NTP server indicates that the server is currently used by the device.

Step 4

Click Save.

What to do next

  • Deploy configuration changes.