In this case the time zone setting was correct, since it was configured for GMT minus 5 hours, but the date and time were incorrect and NTP was disabled.
If the time settings is correct on the system from which you connected to the firewall's GUI interface, you can click on the Sync Clock With Client button. You will then see the question below:
Is the "Automatically adjust clock for daylight savings changes" option on your comupter clock (Date/Time) enabled?
You can select "Yes" or "No". I selected "Yes" in this case and the clock setting changed from the following which appeared at the top of the window:
Up time: 0 day 04:07:22, System time: 1997-01-01 04:07:42 GMT Time Zone -5:00
To the following:
Up time: 0 day 04:07:52, System time: 2015-05-12 21:30:00 GMT Time Zone -5:00
The time value 21:30:00 was the local time on the system from which I connected.
To check the firewall's date and time settings from a command prompt
interface obtainable by an ssh connection to the system, you can use
the get clock command.
ns5gt-> get clock Date 01/01/1997 01:49:47, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 1 hours 49 minutes 47 seconds Since 1 Jan 1997 00:00:00 852083387.407101 seconds since 1/1/1970 0:0:0 GMT GMT time zone area -5:00 GMT time zone offset -250:00
You can correct the date and time information using the set
clock; use set clock ? to see options.
ns5gt-> set clock ? mm/dd/yyyy month/day/year dst-off disable daylight saving time ntp enable network time protocol timezone GMT Time zone area
Since the date and time were incorrect, I reset those values. You need to specify the time after the date, which is specified in mm/dd/yyyy formata
ns5gt-> set clock 05/12/2015
^--command not completed
ns5gt-> set clock 05/12/2015 ?
hh:mm or hh:mm:ss hour/minute or hour/minute/secondTo see the NTP configuration from a command line interface (CLI), i.e., from
an SSH connection, you can use the command get ntp.
ns5gt-> get ntp NTP is Disabled Primary server: Backup1 server: Backup2 server: Authentication Mode: None Max Allowed Adjustment: 3 second(s) Request Interval: 10 minute(s). Sync NTP time to peer: Enabled Update Status: Idle ns5gt->
To set the NTP configuration from the command prompt interface, you can
use set ntp commands. You can see options for a particular
comand by putting a question mark after the initial part of the command,
e.g., set ntp ? or set ntp server ?, etc.
ns5gt-> set ntp server ? <string> ntp server name backup1 set parameters for NTP backup1 server backup2 set parameters for NTP backup2 server key-id set the authentication key-id for this NTP server src-interface src-interface to be used to send NTP requests ns5gt-> set ntp server backup1 ? <string> ntp server name key-id set the authentication key-id for this NTP server src-interface src-interface to be used to send NTP requests ns5gt-> set ntp server backup1 src-interface ? trust trust interface untrust untrust interface serial serial interface vlan1 vlan1 interface null null interface
There are public time servers which you can query to ensure your system
maintins accurate time, such as the Microsoft NTP server
time.windows.com, which is typically used for Microsoft
Windows systems, but which can be used for other systems as well. Other
publicly accessible time servers can be found at the ntp.org website at
Stratum Two Time Servers. Picking time servers that are geographically
closer to your system may reduce the number of network hops between your
system and the time servers.
In the sequence of commands below, I set the primary and two backup time servers, then enabled NTP, changed the max-adjustment value to 5 minutes (300 seconds), set the interval at which a time server would be queried to 15 minutes, and then updated the system clock by synchronizing it with a time server, which resulted in the system asking for confirmation that I wanted to adjust the clock based on the time server response. I confirmed that I wanted to proceed with the update. You can only force synchronization from the command line interface.
ns5gt-> set ntp server time.windows.com ns5gt-> set ntp server backup1 mrow.org ns5gt-> set ntp server backup2 sip.monzil.com ns5gt-> set clock ntp ns5gt-> set ntp max-adjustment 300 ns5gt-> set ntp interval 15 Trying to contact NTP server (Press Control-C to abort)... NTP Response: Server name reached time.windows.com. Adjustment received: 131 mil liseconds (0 seconds). Authentication mode was: None. Do you want to update syst em clock? y/[n] y ns5gt->
When the automatic NTP synchronization feature is enabled, the maximum time adjustment value, max-adjustment, represents the acceptable time difference between the NetScreen device's system clock and the time received from an NTP server. The NetScreen device will only adjust its clock with the NTP server time if the time difference between its clock and the NTP server time is within the maximum time adjustment value that you set. I increased the value from 3 seconds to 300 seconds to allow for synchronization if the NetScreen firewall clock had drifted fairly far, i.e., up to 5 minutes, from the correct time.
Note: if you've made configuration changes and you wish them to be
permanent so that they persist after a reboot, issue the command
save config.
When I checked the configuration from the web-based GUI interface later, it showed the following configuration:
References:
Created: Tuesday May 12, 2015 11:20 PM