Jump to content


Timezone issue with Juniper SSG5


  • Please log in to reply
5 replies to this topic

#1 nguyen hao

nguyen hao

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 04 July 2012 - 01:26 AM

My company has a firewall Juniper SSG5.
I got a requirement to configure so that users cannot access Internet at night.
I configured Schedule for the Policy, configured to sync time with NTP server, checked the log and I see that SSG5 sync time with NTP server OK.
The issue: After some days SSG5 automatically reset the timezone to 0, not which I set some days before --> time of the SSG5 is wrong --> the policy is applied wrongly. If I Sync Clock on SSG5 with my PC then everything is OK but just some days later, the time zone is reset automatically to 0 again.
I tried on two SSG5 and both of them automatically reset timezone to 0 after some days, tried to search but no solution.

Please help.
Thank you.
  • 0

#2 MarkinManchester

MarkinManchester

    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 04 July 2012 - 06:07 AM

Change the sync timer to something like 360s and see if it remains in sync, maybe a case of it slipping to far out of sync and resetting to local time. give it a go and let me know?

Mark
  • 0

#3 nguyen hao

nguyen hao

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 05 July 2012 - 12:13 AM

Thanks for your idea.
Change the sync timer to 360s ? do you mean that change the maximum time adjustment to 360s ?
I set it to 0, it means that SSG5 will accept any value from NTP server but the issue still happen.
I also tried not using NTP server but the TimeZone still be reset to 0 after some days.
  • 0

#4 MarkinManchester

MarkinManchester

    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 05 July 2012 - 02:35 AM

I am thinking polling interval, long time since I have seen an ssg but maybe set clock ntp ????

Maybe "interval number" and value something like 4-18 power of two so 6 would give you 64 secs

Can you see anything in the logs in regard to ntp and is the time source always on?

Mark
  • 0

#5 nguyen hao

nguyen hao

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 05 July 2012 - 01:18 PM

There are a lot of log information as follows:
"The system clock was updated from primary NTP server type us.pool.ntp.org with an adjustment of 475 ms. Authentication was None. Update mode was Automatic"
It means that the time server is OK.
The problem is not the NTP server, the problem is that the SSG5 automatically reset it's timezone to 0 after some days.

Hao
  • 0

#6 MarkinManchester

MarkinManchester

    Village Elder

  • Veterans
  • PipPipPipPipPip
  • 3976 posts
  • Gender:Male
  • Location:Manchester

Posted 05 July 2012 - 06:59 PM

Sorry I have no more ideas other than open a tac with juniper

Mark
  • 0





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users