Re: Acqusition of time

["Ben Nagy" <ben () iagu net>]

I'm all confused.

If a firewall can't reach an NTP server because of some transient network
condition the clock doesn't automatically go haywire - it will just start
drifting as per the normal accuracy of the hardware clock, no?

Or are we talking about some imaginary firewall that doesn't actually have a
hardware clock with a CMOS battery?

I could maybe be convinced that the "best" behaviour would be to start
marking log entries somehow as soon as NTP sync got lost or the correction
was larger than a few seconds, but I'm not sure it's anywhere near as
serious as losing logging ability. (That said, how many people use PIXes
that log via standard, lossy,  syslog ? ;)

Cheers,

ben
----- Original Message -----
From: "Brian Ford" <brford () cisco com>
To: <firewall-wizards () honor icsalabs com>
Sent: Thursday, January 30, 2003 1:01 AM
Subject: Re: [fw-wiz] Acqusition of time


> Paul,
>
> You make a couple of good points.
>
> If a security device uses network time and can't set the clock there needs
> to be a capability to drop the Firewall into a blocking mode[...]


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards