Cisco Cisco Firepower Management Center 4000
50-25
FireSIGHT System User Guide
Chapter 50 Managing System Policies
Configuring a System Policy
•
To receive time through NTP from a different server, select
Via NTP from
and, in the text box, type a
comma-separated list of IP addresses for the NTP servers you want to use or, if DNS is enabled, type
the fully qualified host and domain names.
the fully qualified host and domain names.
Caution
If the appliance is rebooted and your DHCP server sets an NTP server record different than the one you
specify here, the DHCP-provided NTP server will be used instead. To avoid this situation, configure your
DHCP server to set the same NTP server.
specify here, the DHCP-provided NTP server will be used instead. To avoid this situation, configure your
DHCP server to set the same NTP server.
Step 6
You have the following options for specifying how time is synchronized on any managed devices:
•
Select
Manually in Local Configuration
to set the time manually. See
for information about setting the time after you apply the system policy.
•
Select
Via NTP from
Defense Center to receive time through NTP from the Defense Center. See
for more information.
•
Select
Via NTP from
to receive time through NTP from different servers. In the text box, type a
comma-separated list of IP addresses of the NTP servers or, if DNS is enabled, type the fully
qualified host and domain names.
qualified host and domain names.
Note
It may take a few minutes for the managed device to synchronize with the configured NTP
servers. In addition, if you are synchronizing the managed device to a Defense Center that is
configured as an NTP server, and the Defense Center itself is configured to use an NTP server,
it may take some time for the time to synchronize. This is because the Defense Center must first
synchronize with its configured NTP server before it can serve time to the managed device.
servers. In addition, if you are synchronizing the managed device to a Defense Center that is
configured as an NTP server, and the Defense Center itself is configured to use an NTP server,
it may take some time for the time to synchronize. This is because the Defense Center must first
synchronize with its configured NTP server before it can serve time to the managed device.
Step 7
Click
Save Policy and Exit
.
The system policy is updated. Your changes do not take effect until you apply the system policy. See
for more information.
Serving Time from the Defense Center
License:
Any
You can configure the Defense Center as a time server using NTP and then use it to synchronize time
between the Defense Center and managed devices.
between the Defense Center and managed devices.
Note that you cannot set the time manually after configuring the Defense Center to serve time using NTP.
If you need to manually change the time, you should do so before configuring the Defense Center to
serve time using NTP. If you need to change the time manually after configuring the Defense Center as
an NTP server, disable the
If you need to manually change the time, you should do so before configuring the Defense Center to
serve time using NTP. If you need to change the time manually after configuring the Defense Center as
an NTP server, disable the
Via NTP
option and click
Save
, change the time manually and click
Save
, and
then enable
Via NTP
and click
Save
.
Note
If you configure the Defense Center to serve time using NTP, and then later disable it, the NTP service
on managed devices still attempts to synchronize time with the Defense Center. You must disable NTP
from the managed devices’ web interfaces to stop the synchronization attempts.
on managed devices still attempts to synchronize time with the Defense Center. You must disable NTP
from the managed devices’ web interfaces to stop the synchronization attempts.
To configure the Defense Center as an NTP server:
Access:
Admin