The following NTP properties are available at Configuration > Services > NTP:
|
Validation - If an invalid configuration is entered, a warning message is displayed and the configuration is not committed. This will happen if:
A multicast address is used but no NTP response is found.
An NTP server address is used, but that server does not respond properly to NTP.
Authentication - To prevent against NTP spoofing attacks from rogue servers, NTP has a private key encryption scheme whereby NTP servers are associated with a private key that is used by the client to verify their identity. These keys are not used to encrypt traffic, and they are not used to authenticate the client -- they are only used by the NTP client (that is, the appliance) to authenticate the NTP server. To associate a private key with an NTP server, the private key must first be specified. Each private key has a unique integer associated with it, along with a type and key. The type must be one of the following:
|
After the keys have been specified, an NTP server can be associated with a particular private key. For a given key, all of the key number, key type, and private key values must match between client and server for an NTP server to be authenticated.