IPS tab
Allow version
Select the checkboxes corresponding to the versions of the NTP protocol that you wish to analyze. The packets corresponding to the unselected versions will raise the alarm "NTP: version denied" and will be blocked by the firewall.
| Version 1 | By selecting this option, you will be enabling the intrusion prevention analysis for NTP version 1. |
| Version 2 | By selecting this option, you will be enabling the intrusion prevention analysis for NTP version 2. |
| Version 3 | By selecting this option, you will be enabling the intrusion prevention analysis for NTP version 3. |
| Version 4 | By selecting this option, you will be enabling the intrusion prevention analysis for NTP version 4. |
General settings
| Max no. of pending requests | Maximum number of requests without responses in a single NTP session. This value must be between 1 and 512 seconds (default value: 10). |
| Maximum request duration (in seconds) | This value is the period after which NTP requests without responses will be deleted. This value must be between 1 and 3600 seconds (default value: 10). |
Protection against Time Poisoning attacks
| Clock skew threshold allowed (minutes) |
This parameter indicates the highest clock skew that an NTP server can send to an NTP client.
As this protection relies on the firewall’s internal clock, ensure that the firewall's clock has been configured correctly (see the Configuration > Date/Time settings module). Setting a value of "0" will disable this protection. |
Support
| Disable intrusion prevention | When this option is selected, the scan of the NTP protocol will be disabled and traffic will be authorized if the filter policy allows it |
| Log each request in NTP client mode | Enables or disables the logging of NTP requests. |