NTP not being responded to

Question

Hi, 
 
 I am running: 
 SFOS 17.0.6 MR-6 
 but just backed down from:

SFOS 17.0.8 MR-8 
 
 to test this out as I cannot remember this ever happening. 
 
 This weekend I just noticed it as I put a new IP phone for work on my network. The phone authenticates to a remote netowrk and has certificate checking built in (Cisco 8851). The time/date is incorrect on it, so the certificate dates are not in order, but the phone cannot get NTP set straight. My laptop is another device that cannot successfully set NTP, although I have several devices who set NTP properly every single attempt. The firewall has no rules blocking 123 and if I look at the logviewer, the router does not appear to be blocking them either, but I never get responses. If I take the Sophos out and use the provider's router, I have zeroi issues. 
 
 192.168.100.113 is my laptop and 192.168.100203 is the phone.. 
 
 10:29:36.795617 Port4, IN: IP 192.168.100.203.123 > 66.228.59.187.123: NTPv3, Client, length 48 10:29:37.295754 Port4, IN: IP 192.168.100.203.123 > 172.98.193.44.123: NTPv3, Client, length 48 10:29:37.375870 Port4, IN: IP 192.168.100.203.123 > 69.89.207.199.123: NTPv3, Client, length 48 10:29:37.916001 Port4, IN: IP 192.168.100.203.123 > 108.61.56.35.123: NTPv3, Client, length 48 
 
 10:30:58.843858 Port4, IN: IP 192.168.100.113.123 > 17.253.2.253.123: NTPv4, Client, length 48 10:30:59.046868 Port4, IN: IP 192.168.100.113.123 > 17.253.24.125.123: NTPv4, Client, length 48 10:30:59.246885 Port4, IN: IP 192.168.100.113.123 > 17.253.6.125.123: NTPv4, Client, length 48 10:30:59.446711 Port4, IN: IP 192.168.100.113.123 > 17.253.2.125.123: NTPv4, Client, length 48 10:30:59.644085 Port4, IN: IP 192.168.100.113.123 > 17.253.24.253.123: NTPv4, Client, length 48 10:31:00.029138 Port4, IN: IP 192.168.100.150.57147 > 64.6.144.6.123: NTPv4, Client, length 48 10:31:00.059401 Port4, OUT: IP 64.6.144.6.123 > 192.168.100.150.57147: NTPv4, Server, length 48 10:31:00.845343 Port4, IN: IP 192.168.100.113.123 > 17.253.2.253.123: NTPv4, Client, length 48 10:31:01.043974 Port4, IN: IP 192.168.100.113.123 > 17.253.24.125.123: NTPv4, Client, length 48 10:31:01.214974 Port4, IN: IP 192.168.1.5.44139 > 192.168.101.254.123: NTPv3, Client, length 48 10:31:01.243413 Port4, IN: IP 192.168.100.113.123 > 17.253.6.125.123: NTPv4, Client, length 48 10:31:01.444044 Port4, IN: IP 192.168.100.113.123 > 17.253.2.125.123: NTPv4, Client, length 48 10:31:01.643924 Port4, IN: IP 192.168.100.113.123 > 17.253.24.253.123: NTPv4, Client, length 48 10:31:02.846628 Port4, IN: IP 192.168.100.113.123 > 17.253.2.253.123: NTPv4, Client, length 48 10:31:03.046660 Port4, IN: IP 192.168.100.113.123 > 17.253.24.125.123: NTPv4, Client, length 48 10:31:03.246659 Port4, IN: IP 192.168.100.113.123 > 17.253.6.125.123: NTPv4, Client, length 48 10:31:03.446606 Port4, IN: IP 192.168.100.113.123 > 17.253.2.125.123: NTPv4, Client, length 48 10:31:03.646648 Port4, IN: IP 192.168.100.113.123 > 17.253.24.253.123: NTPv4, Client, length 48 10:31:04.844051 Port4, IN: IP 192.168.100.113.123 > 17.253.2.253.123: NTPv4, Client, length 48 10:31:05.044035 Port4, IN: IP 192.168.100.113.123 > 17.253.24.125.123: NTPv4, Client, length 48 10:31:05.243863 Port4, IN: IP 192.168.100.113.123 > 17.253.6.125.123: NTPv4, Client, length 48 10:31:05.444038 Port4, IN: IP 192.168.100.113.123 > 17.253.2.125.123: NTPv4, Client, length 48 
 
 Not sure what to do here.. Should I roll back to something earlier than 17.06? 
 
 TiA, 
 
 Greg

Aditya Patel · Answer

Hi Greg, 
 That is odd, could you check if you could create the firewall rule for your NTP connection with no Policy applied and check if that would help. We have released 17.1 GA so you may downgrade to MR-6 > take backup and then upgrade to 17.1 GA so you may have a firmware to fall back if this does not work.