Configure NTP Time Synchronization for Threat Defense

Use a Network Time Protocol (NTP) server to synchronize the clock settings on your devices. We recommend you configure all Firewall Threat Defenses managed by an Firewall Management Center to use the same NTP server as the Firewall Management Center. The Firewall Threat Defense gets its time directly from the configured NTP server. If the Firewall Threat Defense's configured NTP servers are not reachable for any reason, it synchronizes its time with the Firewall Management Center.

The device supports NTPv4.

Note

If you are deploying Firewall Threat Defense on the Firepower 4100/9300 chassis, you must configure NTP on the Firepower 4100/9300 chassis so that Smart Licensing will work properly and to ensure proper timestamps on device registrations. You should use the same NTP server for the Firepower 4100/9300 chassis and the Cloud-Delivered Firewall Management Center.

Before you begin

If your organization has one or more NTP servers that your Firewall Threat Defense can reach, use the same NTP server or servers for your devices that you have configured for Time Synchronization on the System > Configuration page on your Cloud-Delivered Firewall Management Center.
If you selected Use the authenticated NTP server only when configuring NTP server or servers for the Firewall Management Center, for your devices use only the NTP server or servers that are configured to authenticate with the Cloud-Delivered Firewall Management Center. (The managed devices will use the same NTP servers as the Cloud-Delivered Firewall Management Center, but their NTP connections will not use authentication.)
If your device cannot reach an NTP server or your organization does not have one, you must use the Via NTP from Defense Center option as discussed in the following procedure.

Procedure

Step 1	Select Devices > Platform Settings and create or edit the Firewall Threat Defense policy.
Step 2	Select Time Synchronization.
Step 3	Configure one of the following clock options: Via NTP from Defense Center—(Default). The managed device gets time from the NTP servers you configured for the Cloud-Delivered Firewall Management Center (except for authenticated NTP servers) and synchronizes time with those servers directly. However, if any of the following are true, the managed device synchronizes time from the Cloud-Delivered Firewall Management Center: The Cloud-Delivered Firewall Management Center’s NTP servers are not reachable by the device. The Cloud-Delivered Firewall Management Center has no unauthenticated servers. Via NTP from—If your Cloud-Delivered Firewall Management Center is using NTP servers on the network, select this option and enter the fully-qualified DNS name (such as ntp.example.com), or IPv4 or IPv6 address, of the same NTP servers you specified in System > Configuration > Time Synchronization. If the NTP servers are not reachable, the Cloud-Delivered Firewall Management Center acts as an NTP server.
Step 4	Click Save.

What to do next

Make sure the policy is assigned to your devices. See Setting Target Devices for a Platform Settings Policy.
Deploy configuration changes; see Deploy Configuration Changes.
If your system includes Classic devices, set up time synchronization for those devices. See Synchronize Time on Classic Devices with an NTP Server.