Configuring NTP

Use the NTP Configuration page for the Network IPS appliance to add Network Time Protocol (NTP) servers to the appliance. NTP servers get the correct time of day from a specified source and synchronize the time of day for multiple components on your network.

About this task

Navigating in the Network IPS Local Management Interface: Manage System Settings > Appliance > NTP Configuration

Navigating in the SiteProtector™ system: select the NTP Configuration policy

NTP servers are useful for managing the time of day on networks that span different time zones and different continents. You can configure and manage the NTP policy from the SiteProtector system and apply the policy to all of your Network IPS appliances.

FIPS mode: The NTP policy is developed to meet the Federal Information Processing Standard (FIPS) 140-2. Before you configure the NTP policy to use FIPS options, make sure that the firmware version and hardware are FIPS-certified. There is no advantage in configuring the NTP policy with FIPS options if your network does not need to comply with FIPS 140-2.

For specific information about IBM Security products that are FIPS-certified, consult the IBM Security FIPS 140 Security Policy documents. Find these documents on the National Institute of Standards and Technology (NIST) website in the Module Validation Lists section at http://csrc.nist.gov/groups/STM/cmvp/index.html.

Procedure

Click the NTP tab.

Click the Add icon and configure the following options to add NTP servers to the NTP policy:

Option	Description
Enable	Enables the appliance to use the NTP server.
NTP Server IP/Host	Type the IP address or the host name of the NTP server. This feature supports the use of IPv6 addresses for NTP servers.
Version	Select the NTP version of the server. The supported versions are 1, 2, 3, and 4. Note: The latest release of NTP is version 4. For information about the updates and features that are included in NTP version 4, see the Network Time Protocol project at http://www.ntp.org.
Authentication, None	The appliance is not required to authenticate with the NTP server to communicate with it.
Authentication, Symmetric Key Exchange	The appliance uses symmetric key exchanges to communicate with the NTP server. Type a unique Key ID for the NTP server. This option is available for only NTP versions 3 and 4. Important: When you are using multiple servers, avoid conflicts with key IDs. Make sure that the NTP policy configurations on the NTP tab references the correct key ID to authenticate with the correct NTP server. Do not mistakenly configure two NTP servers on the appliance with the same key ID.
Authentication, Autokey	The appliance uses autokey exchanges to communicate with the NTP server. This option is available for only NTP version 4.

What to do next

Configure the Symmetric Keys tab or the Autokey Configuration tab based on the type of key you used. The appliance uses the configurations on these tabs for all your NTP servers by using symmetric key exchanges and autokey exchanges.