When setting up Checkpoint Smart-1 / SPLAT / UTM gateway, there is one thing always confusing admin - how to set up correct timezone with daylight saving. Usually WebUI is the first interface to start setting up checkpoint gateway. Unfortunately, the NTP configuration is not that straightforward.
As the screenshot shows, it only allows admin to set time zone to GMT+-12 format. How about daylight saving configuration? Will you change time zone manually twice per year?
The better solution for this is not to use WebUI for NTP settings at all. There is quick wizard configuration method through CLI which listed below including all steps used in our environment.
1. Enter into Expert mode
2. type ntp command to configure NTP source and update frequency.
ntp -n 60 172.1.3.83
note: 172.1.3.83 is our internal NTP server. Gateway will update time every 60 minutes.
3. Sysconfig
Choose a configuration item ('e' to exit):
------------------------------------------------------------------
1) Host name 5) Network Connections 9) Export Setup
2) Domain name 6) Routing 10) Products Installation
3) Domain name servers 7) DHCP Server Configuration 11) Products Configuration
4) Time and Date 8) DHCP Relay Configuration
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 4
Choose a time and date configuration item ('e' to exit):
------------------------------------------------------------------
1) Set time zone 3) Set local time
2) Set date 4) Show date and time settings
------------------------------------------------------------------
(Note: configuration changes are automatically saved)
Your choice: 1
Identify a location so that time zone rules can be set correctly.
Select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) none - I want to specify the time zone using GMT<+|->N format.
12) cancel - I want to quit without changing the time zone.
#? 2
Select a country.
1) Anguilla 19) El Salvador 37) Puerto Rico
2) Antigua & Barbuda 20) French Guiana 38) St Barthelemy
3) Argentina 21) Greenland 39) St Kitts & Nevis
4) Aruba 22) Grenada 40) St Lucia
5) Bahamas 23) Guadeloupe 41) St Martin (French part)
6) Barbados 24) Guatemala 42) St Pierre & Miquelon
7) Belize 25) Guyana 43) St Vincent
8) Bolivia 26) Haiti 44) Suriname
9) Brazil 27) Honduras 45) Trinidad & Tobago
10) Canada 28) Jamaica 46) Turks & Caicos Is
11) Cayman Islands 29) Martinique 47) United States
12) Chile 30) Mexico 48) Uruguay
13) Colombia 31) Montserrat 49) Venezuela
14) Costa Rica 32) Netherlands Antilles 50) Virgin Islands (UK)
15) Cuba 33) Nicaragua 51) Virgin Islands (US)
16) Dominica 34) Panama 52) cancel
17) Dominican Republic 35) Paraguay
18) Ecuador 36) Peru
#? 10
Select one of the following time zone regions.
1) Newfoundland Time, including SE Labrador
2) Atlantic Time - Nova Scotia (most places), PEI
3) Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971
4) Atlantic Time - New Brunswick
5) Atlantic Time - Labrador - most locations
6) Atlantic Standard Time - Quebec - Lower North Shore
7) Eastern Time - Quebec - most locations
8) Eastern Time - Ontario - most locations
9) Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973
10) Eastern Time - Thunder Bay, Ontario
11) Eastern Time - east Nunavut - most locations
12) Eastern Time - Pangnirtung, Nunavut
13) Eastern Standard Time - Resolute, Nunavut
14) Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut
15) Central Time - central Nunavut
16) Central Time - Manitoba & west Ontario
17) Central Time - Rainy River & Fort Frances, Ontario
18) Central Standard Time - Saskatchewan - most locations
19) Central Standard Time - Saskatchewan - midwest
20) Mountain Time - Alberta, east British Columbia & west Saskatchewan
21) Mountain Time - west Nunavut
22) Mountain Time - central Northwest Territories
23) Mountain Time - west Northwest Territories
24) Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia
25) Pacific Time - west British Columbia
26) Pacific Time - south Yukon
27) Pacific Time - north Yukon
28) cancel
#? 8
The following information has been given:
Canada
Eastern Time - Ontario - most locations
Therefore TZ='America/Toronto' will be used.
Is the above information OK?
1) Yes
2) No
3) Cancel
#? 1
Updating time zone succeeded.
Time zone is set.
4. verify the configuration
[Expert@CP-1]# cat /etc/sysconfig/ntp
SERVER1=172.1.3.83
SERVER2=
SERVER3=
INTERVAL=60
MD5_SECRET=
USE_NTP=true
[Expert@CP-1]# hwclock --show
Tue Mar 13 22:07:57 2012 -0.147808 seconds
[Expert@CP-1]# date
03-13-2012
[Expert@CP-1]# /bin/date
Tue Mar 13 22:08:14 EDT 2012
[Expert@CP-1]# ntpdate 172.1.3.83
13 Mar 22:55:33 ntpdate[15774]: step time server 172.1.3.83 offset 78.457643 sec
note: ntpdate can be used to update time right away with ntp server.
Update:
There is time configuration difference between WebUI and Command Line, please be aware of this and never touch webui's Date and Time configuration anymore:
From SPLAT box, when you select 4) to show date and time settings, it will show it is EDT (Eastern Daylight Time).
But from webui, it show GMT+0 although time is right. If you change the settings in WebUI, the Command Line configuration will be gone.
----------------------------------------------------------------------------------------------------------
Cisco Switch NTP tip:
The Catalyst 2950, 2955, 3550 and 3560 switches do not have a hardware-supported clock, and they cannot function as an NTP master clock to which peers synchronize themselves when an external NTP source is not available. These switches also have no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available.
Tuesday, March 13, 2012
New
Checkpoint SPLAT Timezone Configuration Difference on WebUI and CMD
Subscribe to:
Post Comments (Atom)
Thеn, a gradual addition of starch can be added in small quantіties.
ReplyDeleteΤhere are now a great nսmber of ԝeight loss blogs that now exist
all over the internet. Keep your HCG drops out of the sun and
away from sߋurces of heat, and they'll keep for a lot longer.
mʏ homepage lipotropics injections
Youг way of explaining everything іո this article is truly
ReplyDeletepleaѕant, all be able to simply understand it, Thanbks a lot.
Here is my web site: Thesis