Sophos as NTP Source?

Question

Hello, 
 In UTM 9 i was able to point Sophos at a time source, and then internal clients could reference it for time. I don't see this option in XG, is this no longer possible? 
 
 Thanks!

lferrara · Accepted Answer

Good question. NTP server is missing. Open a feature request on feature.astaro.com/.../330219-sophos-xg-firewall

Kranthi · Answer

XG firewall uses a predefined NTP servers in the code and one can point the XG to use the predefined servers or custom defined but XG will not listen to the NTP port to serve the time updates

ce_Sophos · Answer

Finally I got it worked. I Forwarded NTP requests coming to Sophos Device to a public NTP server 
 Note: ** Do not use default Sophos NTP service, for some reason it was not working ** Create a custom NTP service with entry only for UDP 123 ** Ensure to masquerade the DNAT rule ** Create new Business rule type DNAT

Alexander Fuchs · Answer

Hi CharlesEapen, 
 
 as i see, we have the same idea to make a workaround for the "open feature". :-) 
 You should remove the "WAN" from the Zones, no need for it. 
 It's not a security leak, like Big_Buck means, because maped to LAN and not WAN, but it looks not realy clean. :-) 
 
 @ rfcat_vk 
 You have to create a separate service, like CharlesEapen did it. 
 The original "NTP" service in the XG contain two entries, TCP 123 and UDP 123. 
 The problem is, a "Business Application Rule" (DNAT), didn't work with more than one target port. :-( 
 So for a NTP TCP & UDP support you have to create two rules, one for NTP_UDP_123 and one for NTP_TCP_123.

At the end of the day, it works but an integrated NTP server is definitely a better solution. 
 Have to create over 30 rules, for a simple NTP "Server" Support on 15 internal networks. :-( 
 
 Alexander Fuchs 
 IT System Admiral 
 IT Technology Senior Evangelist