Technical Tip: Access NTP Server Connected directly with Non-Management VDOM

The NTP is located on the internet and can be reached from the root VDOM, which is the default management VDOM.

But in some scenarios, the NTP server could be directly connected to a VDOM that is not the management VDOM and in this case, the NTP server cannot be reachable from the Global, and the NTP connection breaks.

The Global VDOM is where we configure the NTP server and the connection goes from the root VDOM. So in this case we have two solutions.

• One is to make the other VDOM the management VDOM on which the NTP server is connected but doing it may have some impact on the management of the Firewall i.e the GUI access to the Firewall itself.
• The Other solution is to add the source IP at the Global VDOM. To do that, it is necessary to check from which interface the NTP server has the reach through the root VDOM.

NTP Server Directed connected to NTP-VDOM which is not the Management VDOM:

Setting up the NTP server Source IP address at the Global VDOM:

FGVM02TM23012898 (ntp) # show

config system ntp

    set ntpsync enable

    set source-ip 172.16.1.1    <----- This is the Management Interface IP of the root VDOM.

    set server-mode enable

    set interface "port2"

end

The Management interface IP of the root VDOM is set as the NTP server source IP at the Global VDOM. The NTP server is reachable from the root VDOM Management IP.

Verification Command:

The below commands verify the FortiGuard NTP server used by the FortiGate firewall.

config global
diagnose sys ntp status