XG as NTP Server
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?
You can put it inside device access, denying WAN from using NTP server for security reason.
This feature is under consideration for a future release, though a target version or timeframe is not yet set.
Currently (fw v18.0) under defined by Sophos, by default, service NTP include TCP what is a mistake because it can be trojan:
and still no recognizing NTP application, only 3'rd layer checking:
It would simply my life if the XG Firewall could be used as an NTP source for my network devices.
Feature Needed! Thanks
For our public utility company we run several small branch-office-networks with machine controls in it. These pumps and supply pipe controllers rely on quite exact time. If I could use the XG-firewall that we have in each of these networks, that would be great. C'mon, even a 100€ Fritzbox certainly does offer NTP-service.
This Feature was requested almost 5 years ago. How could it be that it is still not yet implemented. Its one of the most basic functionalities that the UTM has to offer. Most of the market competitors are able to implement that. Its time to push this request, so it gets in the next feature release.
Andre Söhnle commented
I hope this simple feature come really soon
Peter Schmidt commented
Would be really nice with such an important service close to the center of the network... Come on now!
30/03/2020 no NTP server ^^
I'm sure that there are many new features that could be added to XG and this is one of that features!
We are now going back to the UTM because of several small things that are not available.
One of the things is NTP which is needed by several different systems.
It would be nice if Alan or Sophos could comment on whether this is still planned ( please indicate the year)
Team B commented
This feature is under consideration for a future release - really 3 years and still nothing? Sales people are asking me to buy XG and can't even have this basic feature after 3 years of consideration. Time to move on.
Lucar Toni commented
PS: Since V18, you can build a reliable NAT redirect to any source, you like.
Must Have this feature ! We Trust in you
"All the workarounds (Forward NTP by business rule e.g.) are a pain and very unstable"
Claudio Fiechter commented
This is an absolute must have feature for an UTM. I can not understand how sophos thought it would be a good idea to not longer implement this feature... All the workarounds (Forward NTP by business rule e.g.) are a pain and very unstable. So fix it ASAP. Thanks
This feature is more than needed for a UTM firewall. It is absolutely ridicolous that I pray for 15 years not to allow DNS and NTP from internal DC to the Internet, as the stateless reply packet poses risk on the most important internal systems, and now the customer switch from UTM to XG runnnig SFOS and do not have this tiny NTP service that the Astaro had for decades.
I'm not sure if Sophos product management really understands the need of the typical UTM market and customer needs, as the lack of feature is an indicator for not being able to do so. Sorry for ranting, just implement the NTP functionality and I promise to be quiet again.
So this has been under review since April 2017, and the request was originally submitted in November 2015...
...How is this not implemented yet?
Hello All. Yes, that's little bit annoying for all customers, which had all their internal NTP clients configured to query SG/UTM as NTP Server. But this is finally a small issue, as you can very simple workaround this by "Emulating" the NTP proxy. I use since XG v15 DNAT rules, which forwards NTP traffic to a specific internal interface to a external NTP server of my choice. Works like a charm. So @Alan: Yes, NTP proxy would be a nice, small enhancement to XG. @All Others: Use the described workaround above to make your NTP requests to yout XG interfaces work ;o)
Is this feature still not available?
We are using Sophos XG210 with SFOS 17.5.5 MR-5 firmware.
Sophos, come on, we have 2019 already! We need this simple feature.