NTP does in fact exist on 3.x version sensors. We do not currently support the use of NTP on sensors, but it is possible to use. We use it on alot of sensors internally. You just need to create the appropriate entries into /etc/inet/ntp.conf and reboot the sensor. There was a vulnerability in NTP that got fixed in one latest service packs, so make sure you are using the latest sensor software (3.1(2)S26+). Just be warned that you may not be supported running in this mode by the TAC. NTP support is officially slated for 4.0.
I currently have 2 4210 sensors running with a NetForensics server. Seems like once a month I have to manually adjust the time on the sensors to be within 30 seconds of the NetForensics server or the data does not get posted into the database. This is a pain in the rear since I can never really tell for sure when they get out of sync. They (netforensics support) recommended setting up ntp on the sensors, but from this post, it looks like you don't recommend or support that. Is there any other option to keep these time sync'd? Would my support contract be void if I did set it up?
The NTP client software is installed on the 3.x sensors. It's just not configured. Do *not* add any patches to the system. This is totally unsupported and will definitely cause problems for TAC cases. As far as NTP goes, we run it internally on quite a few sensors without problems. If you do enable it and run into problems later, the TAC may ask you to disable NTP to return the sensor to a "supported" mode. To configure the sensor for NTP, you must create the file /etc/inet/ntp.conf. Add lines like:
Then, reboot the sensor. Also note, that there was a remotely exploitable bug in NTP for Solaris. I believe a patch for this was included in one of the recent service packs, so make sure that you're running the latest code.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...