Firewall F1060 NTP not syncing & Tracert shows***
- 0 Followed
- 0Collected ,1089Browsed
Network Topology
null
Problem Description
1. Firewall NTP does not synchronize time
Clock status: unsynchronized, Clock stratum: 16
2.
2.Tracert any addresses cannot display the information of each hop through the FW normally, and it shows ***.
Process Analysis
Try adding an all-pass security policy:
security-policy ip
rule 20 name all
action pass
Then re-tested and found that the above problems can be solved.
So we can infer that this is a problem with the security policy settings.
Solution
ip ttl-expires enable
ip unreachables enable
object-group service tracert
service udp destination gt 32768
security-policy ip
rule 21 name ntp
action pass
service ntp
rule 22 name tracert
action pass
service tracert
#
[FW-security-policy-ip] display ntp status
Clock status: synchronized