Cisco Cisco Firepower Management Center 2000 문제 해결 가이드

NTP Server : 127.0.0.2 (Cannot Resolve)

Status : Being Used

Offset : -8.344 (milliseconds)

Last Update : 188 (seconds)

Note: If a managed device is configured to receive time from a FireSIGHT Management
Center, the device shows a timesource with loopback address, such as

127.0.0.2

2. If an appliance displays that it is syncing with

127.127.1.1

admin@FirePOWER:~$ ntpq -pn

remote refid st t when poll reach delay offset jitter

==============================================================================

192.0.2.200 .INIT. 16 u - 1024 0 0.000 0.000 0.000

*127.127.1.1 .SFCL. 14 l 3 64 377 0.000 0.000 0.001

3. On the

ntpq

command output, if you notice the value of

(stratum) is 16, it indicates that the

timeserver is unreachable and the appliance will not be able to sychronize with that timeserver.

4. On the

ntpq

command output,

reach

shows an octal number that indicates success or failure

to reach source for the most recent 8 polling attempts. If you see the value is 377, it means the
last 8 attempts was successful. Any other values may indicate that the one or more of the last 8
attempts were unsuccessful.

Step 3: Verify Connectivity

1. Check the basic connectivity to the time server.

admin@FireSIGHT:~$ ping <IP_addres_of_NTP_server>

2. Ensure that port 123 is open on your FireSIGHT Systems.

admin@FireSIGHT:~$ netstat -an | grep 123

3. Confirm that port 123 is open on the firewall.

4. Check the hardware clock:

admin@FireSIGHT:~$ sudo hwclock

If the hardware clock is too far out of date, they may never successfully sync. In order to manually
force the clock to be set with a time server, run the following command:

admin@FireSIGHT:~$ sudo ntpdate -u <IP_address_of_known_good_timesource>

Then restart

ntpd

admin@FireSIGHT:~$ sudo pmtool restartbyid ntpd

Step 4: Verify Configuration Files

1. Check if the

sfipproxy.conf

file is populated correctly. This file is responsible for sending

NTP traffic over the sftunnel.