Cisco Cisco Firepower Management Center 4000
50-24
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
Time settings are part of the system policy. You can specify the time settings either by creating a new
system policy or by editing an existing policy. In either case, the time setting is not used until you apply
the system policy.
system policy or by editing an existing policy. In either case, the time setting is not used until you apply
the system policy.
Note that time settings are displayed on most pages on the appliance in local time using the time zone
you set on the Time Zone page (America/New York by default), but are stored on the appliance itself
using UTC time. In addition, the current time appears in UTC at the top of the Time Synchronization
page (local time is displayed in the Manual clock setting option, if enabled).
you set on the Time Zone page (America/New York by default), but are stored on the appliance itself
using UTC time. In addition, the current time appears in UTC at the top of the Time Synchronization
page (local time is displayed in the Manual clock setting option, if enabled).
You must use native applications, such as command line interfaces or the operating system interface, to
manage time settings for Sourcefire Software for X-Series. Synchronize time for Sourcefire Software
for X-Series and its managing Defense Center from the same physical appliance or NTP server. For
more information, see the Cisco Software for X-Series Installation Guide.
manage time settings for Sourcefire Software for X-Series. Synchronize time for Sourcefire Software
for X-Series and its managing Defense Center from the same physical appliance or NTP server. For
more information, see the Cisco Software for X-Series Installation Guide.
You can synchronize the appliance’s time with an external time server. If you specify a remote NTP
server, your appliance must have network access to it. Do not specify an untrusted NTP server.
Connections to NTP servers do not use configured proxy settings. To use the Defense Center as an NTP
server, see
server, your appliance must have network access to it. Do not specify an untrusted NTP server.
Connections to NTP servers do not use configured proxy settings. To use the Defense Center as an NTP
server, see
.
Cisco recommends that you synchronize your virtual appliances to a physical NTP server. Do not
synchronize your managed devices (virtual or physical) to a Virtual Defense Center.
synchronize your managed devices (virtual or physical) to a Virtual Defense Center.
Note
Ensure that the time on your Defense Center and managed devices matches after time synchronization.
Otherwise, unintended consequences may occur when the managed devices communicate with the
Defense Center.
Otherwise, unintended consequences may occur when the managed devices communicate with the
Defense Center.
The procedure for synchronizing time differs slightly depending on whether you are using the web
interface on a Defense Center or a managed device. Each procedure is explained separately below.
interface on a Defense Center or a managed device. Each procedure is explained separately below.
To synchronize time:
Access:
Admin
Step 1
Select
System > Local > System Policy
.
The System Policy page appears.
Step 2
You have the following options:
•
To modify the time settings in an existing system policy, click the edit icon (
) next to the system
policy.
•
To configure the time settings as part of a new system policy, click
Create Policy
.
Provide a name and description for the system policy as described in
, and click
Save
.
In either case, the Access List page appears.
Step 3
Click
Time Synchronization
.
The Time Synchronization page appears.
Step 4
If you want to serve time from the Defense Center to your managed devices, in the
Serve time via NTP
drop-down list, select
Enabled
.
Step 5
You have the following options for specifying how the time is synchronized on the Defense Center:
•
To set the time manually, select
Manually in Local Configuration
. See
for information about setting the time after you apply the system policy.