Firewall Wizards mailing list archives
Re: Acqusition of time
From: "Ben Nagy" <ben () iagu net>
Date: Thu, 30 Jan 2003 09:24:00 +0100
I'm all confused. If a firewall can't reach an NTP server because of some transient network condition the clock doesn't automatically go haywire - it will just start drifting as per the normal accuracy of the hardware clock, no? Or are we talking about some imaginary firewall that doesn't actually have a hardware clock with a CMOS battery? I could maybe be convinced that the "best" behaviour would be to start marking log entries somehow as soon as NTP sync got lost or the correction was larger than a few seconds, but I'm not sure it's anywhere near as serious as losing logging ability. (That said, how many people use PIXes that log via standard, lossy, syslog ? ;) Cheers, ben ----- Original Message ----- From: "Brian Ford" <brford () cisco com> To: <firewall-wizards () honor icsalabs com> Sent: Thursday, January 30, 2003 1:01 AM Subject: Re: [fw-wiz] Acqusition of time
Paul, You make a couple of good points. If a security device uses network time and can't set the clock there needs to be a capability to drop the Firewall into a blocking mode[...]
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Acqusition of time, (continued)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Paul D. Robertson (Jan 29)
- RE: Acqusition of time dave (Jan 29)
- RE: Acqusition of time Tina Bird (Jan 29)
- Re: Acqusition of time Volker Tanger (Jan 29)
- Re: RE: Acqusition of time Paul D. Robertson (Jan 29)
- Re: RE: Acqusition of time Joseph S D Yao (Jan 30)
- Re: Acqusition of time Volker Tanger (Jan 29)
- Re: Acqusition of time Ben Nagy (Jan 30)
- Re: Acqusition of time Martin Peikert (Jan 30)
- Re: Acqusition of time Frank Knobbe (Jan 31)
- Re: Acqusition of time Kevin Steves (Jan 31)
- Re: Acqusition of time Martin Peikert (Jan 31)