SRX Services Gateway
Reply
Contributor
AndrewS
Posts: 103
Registered: ‎05-22-2012
0

Using SRX as NTP server

I have an SRX that I wish to use as an NTP server but it's not working. I've read though http://kb.juniper.net/InfoCenter/index?page=content&id=KB11436 but I don't think it's applicable as I have two security zones setup and I have a policy of any, any setup to allow traffic to flow through all interfaces.

 

I can't run show ntp status either, I get ***Request timed out

 

the security section of the config file is below, does anyone know what I'm missing?


Thanks

 

Andrew.

 

root@SRX240> show configuration security
policies {
    from-zone trust to-zone trust {
        policy trust {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit;
            }
        }
    }
    from-zone trust to-zone intersite {
        policy trust {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit;
            }
        }
    }
    from-zone intersite to-zone trust {
        policy trust {
            match {
                source-address any;
                destination-address any;
                application any;
            }
            then {
                permit;
            }
        }
    }
}
zones {
    security-zone intersite {
        host-inbound-traffic {
            system-services {
                ping;
            }
            protocols {
                ospf;
                pim;
                igmp;
            }
        }
        interfaces {
            ge-0/0/0.0;
            ge-0/0/1.0;
        }
    }
    security-zone trust {
        host-inbound-traffic {
            system-services {
                ping;
                ssh;
                https;
                snmp;
            }
            protocols {
                ospf;
                pim;
                igmp;
            }
        }
        interfaces {
            lo0.0;
            ge-0/0/4.0;
            vlan.2;
            vlan.3;
        }
    }
}

root@SRX240>

 

Super Contributor
johnrbaker
Posts: 210
Registered: ‎02-17-2011
0

Re: Using SRX as NTP server

Have you setup Client  NTP on the SRX?

 

system {
    ntp {
        boot-server 192.168.253.220;
        server 192.168.253.220 prefer;
        server 93.186.33.42;
        server 217.114.59.66;
    }
}

 

That is all I had to setup my SRX as my NTP server

Contributor
jmcgrady
Posts: 79
Registered: ‎05-25-2011
0

Re: Using SRX as NTP server

There seems to be an issue with "set system ntp source-address x.x.x.x". Ive read that x.x.x.x must also be the address that your downstream clients use for ntp server.  This makes problems for routing.  Is it possible for the SRX to use one ip as its source as an ntp client, and a different ip as its server as an ntp server?

Distinguished Expert
Raveen
Posts: 569
Registered: ‎04-15-2010
0

Re: Using SRX as NTP server

You could refer below KB on how to setup SRX for NTP Clinet functionality:

 

http://kb.juniper.net/InfoCenter/index?page=content&id=KB15756

 

Regards,

Raveen

Note: If this answers your question, you could mark this post as accepted solution, that way it helps others as well. Kudos will be cool if I earned it!
Super Contributor
Super Contributor
c_r
Posts: 125
Registered: ‎04-14-2013
0

Re: Using SRX as NTP server

SRX can act as NTP server if and only if NTP client is enabled on SRX.

 

c_r

[Click the "Star" for Kudos if you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.