Configure NTP Time Synchronization for Threat Defense

Use a Network Time Protocol (NTP) server to synchronize the clock settings on your devices. We recommend you configure all threat defenses managed by an management center to use the same NTP server as the management center. The threat defense gets its time directly from the configured NTP server. If the threat defense's configured NTP servers are not reachable for any reason, it synchronizes its time with the management center.

The device supports NTPv4.

Note

If you are deploying threat defense on the Firepower 4100/9300 chassis, you must configure NTP on the Firepower 4100/9300 chassis so that Smart Licensing will work properly and to ensure proper timestamps on device registrations. You should use the same NTP server for the Firepower 4100/9300 chassis and the management center.

Before you begin

  • If your organization has one or more NTP servers that your threat defense can reach, use the same NTP server or servers for your devices that you have configured for Time Synchronization on the System > Configuration page on your management center.

  • If you selected Use the authenticated NTP server only when configuring NTP server or servers for the management center, for your devices use only the NTP server or servers that are configured to authenticate with the management center. (The managed devices will use the same NTP servers as the management center, but their NTP connections will not use authentication.)

  • If your device cannot reach an NTP server or your organization does not have one, you must use the Via NTP from Defense Center option as discussed in the following procedure.

Procedure


Step 1

Select Devices > Platform Settings and create or edit the threat defense policy.

Step 2

Select Time Synchronization.

Step 3

Configure one of the following clock options:

  • Via NTP from Defense Center—(Default). The managed device gets time from the NTP servers you configured for the management center (except for authenticated NTP servers) and synchronizes time with those servers directly. However, if any of the following are true, the managed device synchronizes time from the management center:
    • The management center’s NTP servers are not reachable by the device.

    • The management center has no unauthenticated servers.

  • Via NTP from—If your management center is using NTP servers on the network, select this option and enter the fully-qualified DNS name (such as ntp.example.com), or IPv4 or IPv6 address, of the same NTP servers you specified in System > Configuration > Time Synchronization. If the NTP servers are not reachable, the management center acts as an NTP server.

Step 4

Click Save.


What to do next