Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 30 replies
  • Answers 3 answers
  • Subscribers 30 subscribers
  • Views 54724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Application filter for NTP

jamesharper

I have various rules for users with different time restrictions, and then a final rule to always allow various sites and services.

I have added an application policy called "Always Allowed" which includes the application "NTP". It isn't working though.

The application log shows the destination port of 123, but no Application Category or Application, and an Action of Denied. The Policy ID is my catchall rule, and the Message ID is 17051. I'm guessing that port 123 isn't getting correctly detected as NTP and so is being blocked.

The particulars of my rule are:

Source Zone / Network / Time: LAN / Any / All the time

Dest Zone / Network / Services: WAN / Any / Any

Match known users: unticked

Malware scanning: Only HTTP ticked

Intrusion Policy: None

Traffic Shaping Policy: None

Web Policy: None (I have tried Allow All too)

Application Policy: Always Allowed (my rule that includes NTP)

Any idea why this isn't working?

thanks

James



This thread was automatically locked due to age.
Parents
  • 0

    Hi James,

    what have you setup as your NTP sites, test you can access them using the XG tools?

    Ian

  • 0 in reply to rfcat_vk

    NTP works if my device is covered by the for the default Allow All applications rule, just not with my application rule that only allows NTP. And the Application Log shows that port UDP/123 isn't even being detected as NTP.

  • 0 in reply to jamesharper

    James,

    Web and Applications filter should be used only on http/https traffic because XG manages this traffic by inspecting the encapsulated traffic inside the HTTP/HTTPS. For controlling other not-http/s traffic, separate firewall rule must be used.

    So:

    • A network rule for not-http/s traffic where none is used for Web and Application filters fields.
    • A network rule where only http/s traffic is allowed, scanned and controlled by Web and App filters.

    Regards

  • 0 in reply to lferrara

    Hi Iferrara,

    That makes no sense. Why can I create an application rule for NTP if I can't actually use it? There are application definitions for all sorts of non-HTTP(S) traffic.

    James

  • 0 in reply to jamesharper

    James,

    Applications and Web Filters are used to manage only http/s traffic or traffic that is encapsulated inside http/s traffic. Allowing NTP service (udp 123) is done via a network firewall rule without App or Web filters applied. NTP should not be even inside the list of Applications (Maybe a Sophos Mistake).

    Regards

Reply
  • 0 in reply to jamesharper

    James,

    Applications and Web Filters are used to manage only http/s traffic or traffic that is encapsulated inside http/s traffic. Allowing NTP service (udp 123) is done via a network firewall rule without App or Web filters applied. NTP should not be even inside the list of Applications (Maybe a Sophos Mistake).

    Regards

Children
No Data