Announcement

Collapse
No announcement yet.

Clock synchronization on remote servers

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Clock synchronization on remote servers

    In enterprise organization, I would like to know how to set time on a remote server.
    We have 2 networks. 1st is the DMZ and 2nd is the Internal network.
    I need to synchronize the DMZ servers with an NTP server which found in the internal network.
    The problem is that there is a Firewall which blocks initiation from the DMZ to the internal, however, the NTP server can initiate towards the DMZ
    Do you have any idea?
    Thank you.

  • #2
    Re: Clock synchronization on remote servers

    easiest fix would be to allow ntp back through the firewall to your internal server. Other option would be to use the same time source on the internet that your internal server is using (if it does?)

    Comment


    • #3
      Re: Clock synchronization on remote servers

      Thanks for the answer.
      1st- I cannot synchronize from the internet.
      2nd- I cannot open NTP to the internal zone.

      Is there any other option?

      Comment


      • #4
        Re: Clock synchronization on remote servers

        nope.
        Time sync cannot be pushed only being pulled.
        So the server in the dmz need some access to the internet or to internal based on ntp
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Clock synchronization on remote servers

          One way you maybe could do it (a bit dodgy though) you could use a second NIC on the server in the DMZ going back to your internal network and only alllow NTP traffic over it. It would be a bit of messing around to get it to work

          Comment


          • #6
            Re: Clock synchronization on remote servers

            More secure is allowing NTP through the firewall.

            The suggestion hazey just recommended (see below) is something I never would recommend.

            Code:
            firewal----+
             |         |
             |         |
            Webserver  |
             |         |
             |         |
            Internal---+
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment


            • #7
              Re: Clock synchronization on remote servers

              Originally posted by ozn View Post
              Thanks for the answer.
              1st- I cannot synchronize from the internet.
              2nd- I cannot open NTP to the internal zone.

              Is there any other option?
              i dont like my idea either (thats why i said it was dodgy) , but you did ask for other options

              Comment

              Working...
              X