Monday, December 21, 2020

Firewall Question, NTP open, does it need to be??

Hey all, I hope this ends up being a simple question. All of my branch office routers serve as the site’s firewall along with other routing duties. We use the ZBFW, and VPN tunnels back to our HQ.

As a generalist, we had our local VAR give it a base config so we knew it’d be done right. We don’t host any services at our branch offices, so the firewall is only doing basic outbound inspection.

I recently noticed that NTP is open to the self zone (from the WAN to SELF). Our routers are currently configured to reach out to public NTP servers, and I’m guessing through NAT, I’m not sure which interface the router uses to poll?

My first instinct was that was a mistake to have NTP open to the world, but before I just went and closed it, the question is, could that have been done internationally?

Is NTP one of the protocols that doesn’t play well with inspection? If so, I’m wondering if it might be better for me to setup an NTP master at my HQ instead. (probably the better route, its just not a project I have the bandwidth for right now)



No comments:

Post a Comment