get clock
command to view the current date and time on the Netscreen device.
ns5gt-> get clock Date 06/24/1997 07:43:02, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 917 hours 27 minutes 27 seconds Since 17 May 1997 02:15:35 867138182.710668 seconds since 1/1/1970 0:0:0 GMT GMT time zone area -5:00 GMT time zone offset 4:00 ns5gt->
In the above output, I can see that the date and time are not set correctly. I can see that the time offset from Greenwich Mean Time (GMT) is four hours, which is currently correct for this device, though. You can see the current GMT time as well as the times for many major cities throughout the world at The World Clock - Worldwide.
The set clock command can be used to set the date.
ns5gt-> set clock ? mm/dd/yyyy month/day/year dst-off disable daylight saving time ntp enable network time protocol timezone GMT Time zone area ns5gt->
You can specify the month, date, and year in the form mm/dd/yyyy
. The time should be specified after the date in the form hh:mm
or hh:mm:ss.
ns5gt-> set clock 06/11/2016 16:43 ns5gt-> get clock Date 06/11/2016 16:43:07, Daylight Saving Time enabled The Network Time Protocol is Disabled Up 917 hours 37 minutes 11 seconds Since 4 May 2016 11:05:56 1465663387.356069 seconds since 1/1/1970 0:0:0 GMT GMT time zone area -5:00 GMT time zone offset 4:00 ns5gt->
To keep the time set correctly, you should configure the device to
periodically query a
Network Time Protocol (NTP) server. You can see the current NTP settings for
the device with the command get ntp.
ns5gt-> get ntp NTP is Disabled Primary server: Backup1 server: Backup2 server: Authentication Mode: None Max Allowed Adjustment: 3 second(s) Request Interval: 10 minute(s). Sync NTP time to peer: Enabled Update Status: Idle ns5gt->
Microsoft and Apple provide publicly accessible time servers for systems
running their operating systems, i.e., time.windows.com and
time.apple.com respectively. Many countries have organizations
that provide publicly available NTP servers, also. In the U.S., the
National Institute of Standards and Technology (NIST) provides NTP servers
that systems can query to get accurate time. You can find a list of the
NTP servers that NIST provides at
NIST Internet Time Servers.
So I could set NTP servers for the device using the commands below. You can set a primary NTP server and up to two backup NTP servers that will be queried if the prime NTP server is unreachable.
ns5gt-> set ntp server time.windows.com ns5gt-> set ntp server backup1 time.apple.com ns5gt-> set ntp server backup2 time-a.nist.gov ns5gt->
If the device queries an NTP server and finds the time on the device is
incorrect, it will adjust its time. You can set a value for the maximum
adjustment it will make with the set ntp max-adjustment
command. A NetScreen router/firewall will only adjust its clock using a time
from an NTP server if the difference between its current time and the
time provided by the NTP server is no more than the max-adjustment value.
E.g., if you set the max-adjustment value to 5 minutes and the device
queries and NTP server which provides a time that is more than 5 minutes
from the device's current time, then no adjustment will be made to the
device's time. So, if the time is far off, there's likely some problem,
either at the device or the NTP server end, if you've regularly been
synchronizing the time via NTP.
ns5gt-> set ntp max-adjustment ? <number> adjustment in seconds. Range: 0 (no limit) - 3600 (1 hour)
You can set a value for how often the device will query an NTP server
with the set ntp interval command.
ns5gt-> set ntp interval ? <number> 1-1440 minutes
To be polite, you shouldn't query an NTP server too frequently. E.g., for most systems, it probably isn't necessary to query an NTP server every few seconds and NIST states "All users should ensure that their software NEVER queries a server more frequently than once every 4 seconds. Systems that exceed this rate will be refused service. In extreme cases, systems that exceed this limit may be considered as attempting a denial-of-service attack."
In the example below, I've set the maximum adjustment value to be 300
seconds (5 minutes) and have set the NTP query interval to every 10 minutes.
I've then set the device to keep its time synchronized with an NTP server
via the set clock ntp command.
ns5gt-> set ntp max-adjustment 300 ns5gt-> set ntp interval 10 ns5gt-> set clock ntp ns5gt->
I can view the new NTP settings with the get ntp command.
ns5gt-> get ntp NTP is Enabled Primary server: time.windows.com Backup1 server: time.apple.com Backup2 server: time-a.nist.gov Authentication Mode: None Max Allowed Adjustment: 300 second(s) Request Interval: 10 minute(s). Sync NTP time to peer: Enabled Update Status: Idle Last Update at: 06/11/2016 17:18:48 ns5gt->
To save the configuration changes, so that they are permanent, you can
use the save config command.
ns5gt-> save config ns5gt->
For additional information on setting and checking the time on a NetScreen device, such as how to configure NTP settings via the web interface to the device, see Checking and setting NTP information on a NetScreen firewall.