XG as NTP Server
NTP Server is a small package and UTM9 has it. In some small organization, having a central NTP server is a nice feature.
Can you add it into future release?
You can put it inside device access, denying WAN from using NTP server for security reason.
This feature is under consideration for a future release, though a target version or timeframe is not yet set.
30/03/2020 no NTP server ^^
I'm sure that there are many new features that could be added to XG and this is one of that features!
We are now going back to the UTM because of several small things that are not available.
One of the things is NTP which is needed by several different systems.
It would be nice if Alan or Sophos could comment on whether this is still planned ( please indicate the year)
Team B commented
This feature is under consideration for a future release - really 3 years and still nothing? Sales people are asking me to buy XG and can't even have this basic feature after 3 years of consideration. Time to move on.
Lucar Toni commented
PS: Since V18, you can build a reliable NAT redirect to any source, you like.
Must Have this feature ! We Trust in you
"All the workarounds (Forward NTP by business rule e.g.) are a pain and very unstable"
Claudio Fiechter commented
This is an absolute must have feature for an UTM. I can not understand how sophos thought it would be a good idea to not longer implement this feature... All the workarounds (Forward NTP by business rule e.g.) are a pain and very unstable. So fix it ASAP. Thanks
This feature is more than needed for a UTM firewall. It is absolutely ridicolous that I pray for 15 years not to allow DNS and NTP from internal DC to the Internet, as the stateless reply packet poses risk on the most important internal systems, and now the customer switch from UTM to XG runnnig SFOS and do not have this tiny NTP service that the Astaro had for decades.
I'm not sure if Sophos product management really understands the need of the typical UTM market and customer needs, as the lack of feature is an indicator for not being able to do so. Sorry for ranting, just implement the NTP functionality and I promise to be quiet again.
So this has been under review since April 2017, and the request was originally submitted in November 2015...
...How is this not implemented yet?
Hello All. Yes, that's little bit annoying for all customers, which had all their internal NTP clients configured to query SG/UTM as NTP Server. But this is finally a small issue, as you can very simple workaround this by "Emulating" the NTP proxy. I use since XG v15 DNAT rules, which forwards NTP traffic to a specific internal interface to a external NTP server of my choice. Works like a charm. So @Alan: Yes, NTP proxy would be a nice, small enhancement to XG. @All Others: Use the described workaround above to make your NTP requests to yout XG interfaces work ;o)
Is this feature still not available?
We are using Sophos XG210 with SFOS 17.5.5 MR-5 firmware.
Sophos, come on, we have 2019 already! We need this simple feature.
Almost TWO #$%#^ing years now, come on Sophos, do it allready.
This makes no sense to not have NTP available to the internal hosts. Good NTP design starts at the firewall and/or router. Everything should have the same time and use the XG as the source.
--just my 2 cents
It has been requested since early 2017. But I vote anyway.
We need this!
Alan - Sophos has stated its desire that XG will be feature comparable to SG since XG was announced. This is yet another way XG lags behind in development and I mean this with respect. NTP isn't as **** as synchronized security, but it is super important to all kinds of processes, including audits. If Sophos adds ntp, and I hope they do, I would ask that Sophos shouldn't just drop a NTP server package in XG and call it good, they should consider ways to make it part of the hardened security environment. For example, with the NTP server feature should come auditing so that there is some alerting when sanity checking determines something went wrong with an update, ( NTP is a UDP protocol an subject to MITM attacks). Or alerts when the XG its self detects a shift in time outside of some normal parameter. We rely on date/time in our infrastructure and it should receive the same attention as the rest of the feature set. Thank you for considering adding NTP.
wir warten auch schon sehnlichst danach!!!
any update on this? PLEASE!