fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project
Sophos UTM 9.6 settings - time and date
June 27, 2019
Marcel Zimmer
Sophos
Sophos
<p>On your <span class="sophosnick">UTM</span>, the date and time should always be set correctly. This is a prerequisite for ensuring that the information in the log and reporting systems is correct and that cooperation with other computers on the Internet runs smoothly.</p>
<p>&Umally, you do not need to set the time and date manually. This is because automatic synchronisation with public Internet time servers is activated by default (see section <span class="Path">Synchronising the system time with NTP</span> below).</p>
<p>In the unlikely event that you need to disable synchronisation with time servers, you can change the time and date manually. However, if you do so, please note the following important information:</p>
<ul>
<li value="1">¨never change the time from winter time to summer time or vice versa. This change is always made automatically by the set time zone, even if automatic synchronisation with time servers is deactivated.</li>
<li value="2">Never change the date or time while synchronisation with time servers is still activated, as the automatic synchronisation will always immediately make your changes invalid again. If you need to set the date or time manually, remember to first remove all servers from the <span class="Gui">NTP server</span> field in the <span class="Path">Synchronising system time with NTP</span> section and then click <span class="Gui">Übernehmen</span>.</li>
<li value="3">After you have changed the time manually, wait until you see a large confirmation message stating that the change was successful. Then restart the system (<span class="Path">Administration > Shutdown/Restart</span>). This is highly recommended, as many services rely on the time changing continuously and not suddenly. Time jumps can therefore lead to malfunctions in some services. This advice applies to all types of computer systems.</li>
<li value="4">In rare cases, a change in the system time may even terminate your WebAdmin session. If this happens, log in again, check that the time is now set correctly and then restart the system.</li>
</ul>
<p>If you are running several interconnected <span class="sophosnick">UTM</span>s that span different time zones, choose a common time zone, e.g. UTC (coordinated universal time). This makes it much easier to compare log entries.</p>
<p>If you change the system time manually, be aware that you will encounter some side effects even if you have rebooted the system properly.</p>
<ul>
<li value="1">
<p><span class="GuiList">Adjust time</span></p>
<ul>
<li value="1">In time-based reports, data for the corresponding time period is missing. Most charts represent this period as a straight line at the height of the old value.</li>
<li value="2">For network traffic, all values in this period are 0.</li>
</ul>
</li>
<li value="2">
<p><span class="GuiList">Reset Time</span></p>
<ul>
<li value="1">In the time-based reports, there is already log data for the corresponding period (but from the system's point of view, it is from the future).</li>
<li value="2">Most charts represent the values of this time period in compressed form.</li>
<li value="3">The elapsed time since the last pattern check displayed in the dashboard shows the value „never“, although the last check was only a few minutes ago.</li>
<li value="4">Automatically generated certificates on the <span class="sophosnick">UTM</span> can become invalid, as the beginning of their validity lies in the future from the system's point of view.</li>
<li value="5">Report data üon network traffic retain the data already collected, although they are in the future. As soon as the reset time is reached, the network traffic files will continue to be written.</li>
</ul>
</li>
</ul>
<p>Because of these disadvantages, you should set the system time once during the initial configuration and only adjust it slightly later. This is especially true if the collected network traffic and report data are processed further and the accuracy of the data is important.</p>
<h2 class="para">Set date and time</h2>
<p>To manually configure the system time, select the date and time from the corresponding drop-down lists. Click <span class="Gui">&Uml;bernehmen</span> to save your settings.</p>
<h2 class="para">Set time zone</h2>
<p>To change the system time zone, select an area or time zone from the drop-down list. Click <span class="Gui">&Uml;bernehmen</span> to save your settings.</p>
<p>Changing the time zone does not change the system time, but only how the time is output, for example in log and report data. Even if this does not interrupt any services, we strongly recommend restarting afterwards to make sure that all services use the new time setting.</p>
<h2>Synchronising the system time with NTP</h2>
<p>To synchronise the system time using a time server, select a time server.Select one or more <span class="MCTextPopup"><a class="MCTextPopupSpot_0">NTP</a></span> servers. Click <span class="Gui">Übernehmen</span> after you have completed the configuration.</p>
<p><span class="GuiList">NTP Server:</span> The <span class="Gui">NTP Server Pool</span> is preset. This network definition refers to the large virtual pool of public time servers of the <span class="Gui">pool.ntp.org</span> project. If your ISP itself runs NTP servers for customers and you have access to these servers, it is recommended to remove the <span class="Gui">NTP Server Pool</span> and use your provider's servers instead. If you use your own or your provider's servers, using more than one server increases precision and reliability. Using three independent servers is actually always sufficient. The use of more than three servers usually does not bring any further improvement, but increases the server load. It is not recommended to use both the <span class="Gui">NTP Server Pool</span> and your own servers or the servers of your provider, as this usually increases neither the precision nor the reliability.</p>
<p><span class="Notes">Tip –</span> If you want client computers to be able to connect to these NTP servers add them to the allowed networks on the <span class="Path">Network Services > NTP</span> page.</p>
<p><span class="GuiList">Test Configured Servers:</span> Click this button to test whether a connection can be established from your device with the selected NTP servers and whether usable time data is received from the server. This determines the time shift between your system and the servers. Shifts should usually be well under one second if your system is configured correctly and has been stable for some time.</p>
<p>Directly after you have activated NTP or added other servers, it is normal for large shifts to occur. To avoid large time jumps, NTP slowly changes the system time one step at a time so that the time is corrected without jumps. In this case, please be patient. Especially in this case, do <em>not</em> restart the system. Rather, check again in an hour. If the shift is reduced, everything will work as it should.</p> </p> </p> </p> </p> </p> </p> </p> </p> </p> </p> </p> <p>Please be patient.
<p>&Umally, you do not need to set the time and date manually. This is because automatic synchronisation with public Internet time servers is activated by default (see section <span class="Path">Synchronising the system time with NTP</span> below).</p>
<p>In the unlikely event that you need to disable synchronisation with time servers, you can change the time and date manually. However, if you do so, please note the following important information:</p>
<ul>
<li value="1">¨never change the time from winter time to summer time or vice versa. This change is always made automatically by the set time zone, even if automatic synchronisation with time servers is deactivated.</li>
<li value="2">Never change the date or time while synchronisation with time servers is still activated, as the automatic synchronisation will always immediately make your changes invalid again. If you need to set the date or time manually, remember to first remove all servers from the <span class="Gui">NTP server</span> field in the <span class="Path">Synchronising system time with NTP</span> section and then click <span class="Gui">Übernehmen</span>.</li>
<li value="3">After you have changed the time manually, wait until you see a large confirmation message stating that the change was successful. Then restart the system (<span class="Path">Administration > Shutdown/Restart</span>). This is highly recommended, as many services rely on the time changing continuously and not suddenly. Time jumps can therefore lead to malfunctions in some services. This advice applies to all types of computer systems.</li>
<li value="4">In rare cases, a change in the system time may even terminate your WebAdmin session. If this happens, log in again, check that the time is now set correctly and then restart the system.</li>
</ul>
<p>If you are running several interconnected <span class="sophosnick">UTM</span>s that span different time zones, choose a common time zone, e.g. UTC (coordinated universal time). This makes it much easier to compare log entries.</p>
<p>If you change the system time manually, be aware that you will encounter some side effects even if you have rebooted the system properly.</p>
<ul>
<li value="1">
<p><span class="GuiList">Adjust time</span></p>
<ul>
<li value="1">In time-based reports, data for the corresponding time period is missing. Most charts represent this period as a straight line at the height of the old value.</li>
<li value="2">For network traffic, all values in this period are 0.</li>
</ul>
</li>
<li value="2">
<p><span class="GuiList">Reset Time</span></p>
<ul>
<li value="1">In the time-based reports, there is already log data for the corresponding period (but from the system's point of view, it is from the future).</li>
<li value="2">Most charts represent the values of this time period in compressed form.</li>
<li value="3">The elapsed time since the last pattern check displayed in the dashboard shows the value „never“, although the last check was only a few minutes ago.</li>
<li value="4">Automatically generated certificates on the <span class="sophosnick">UTM</span> can become invalid, as the beginning of their validity lies in the future from the system's point of view.</li>
<li value="5">Report data üon network traffic retain the data already collected, although they are in the future. As soon as the reset time is reached, the network traffic files will continue to be written.</li>
</ul>
</li>
</ul>
<p>Because of these disadvantages, you should set the system time once during the initial configuration and only adjust it slightly later. This is especially true if the collected network traffic and report data are processed further and the accuracy of the data is important.</p>
<h2 class="para">Set date and time</h2>
<p>To manually configure the system time, select the date and time from the corresponding drop-down lists. Click <span class="Gui">&Uml;bernehmen</span> to save your settings.</p>
<h2 class="para">Set time zone</h2>
<p>To change the system time zone, select an area or time zone from the drop-down list. Click <span class="Gui">&Uml;bernehmen</span> to save your settings.</p>
<p>Changing the time zone does not change the system time, but only how the time is output, for example in log and report data. Even if this does not interrupt any services, we strongly recommend restarting afterwards to make sure that all services use the new time setting.</p>
<h2>Synchronising the system time with NTP</h2>
<p>To synchronise the system time using a time server, select a time server.Select one or more <span class="MCTextPopup"><a class="MCTextPopupSpot_0">NTP</a></span> servers. Click <span class="Gui">Übernehmen</span> after you have completed the configuration.</p>
<p><span class="GuiList">NTP Server:</span> The <span class="Gui">NTP Server Pool</span> is preset. This network definition refers to the large virtual pool of public time servers of the <span class="Gui">pool.ntp.org</span> project. If your ISP itself runs NTP servers for customers and you have access to these servers, it is recommended to remove the <span class="Gui">NTP Server Pool</span> and use your provider's servers instead. If you use your own or your provider's servers, using more than one server increases precision and reliability. Using three independent servers is actually always sufficient. The use of more than three servers usually does not bring any further improvement, but increases the server load. It is not recommended to use both the <span class="Gui">NTP Server Pool</span> and your own servers or the servers of your provider, as this usually increases neither the precision nor the reliability.</p>
<p><span class="Notes">Tip –</span> If you want client computers to be able to connect to these NTP servers add them to the allowed networks on the <span class="Path">Network Services > NTP</span> page.</p>
<p><span class="GuiList">Test Configured Servers:</span> Click this button to test whether a connection can be established from your device with the selected NTP servers and whether usable time data is received from the server. This determines the time shift between your system and the servers. Shifts should usually be well under one second if your system is configured correctly and has been stable for some time.</p>
<p>Directly after you have activated NTP or added other servers, it is normal for large shifts to occur. To avoid large time jumps, NTP slowly changes the system time one step at a time so that the time is corrected without jumps. In this case, please be patient. Especially in this case, do <em>not</em> restart the system. Rather, check again in an hour. If the shift is reduced, everything will work as it should.</p> </p> </p> </p> </p> </p> </p> </p> </p> </p> </p> </p> <p>Please be patient.
Author:
Marcel Zimmer
Marcel Zimmer is the Technical Managing Director of EnBITCon. During his time in the German Armed Forces, the trained IT developer was able to gain numerous project experiences. His interest in IT security was significantly awakened by his service in command support. Even after his service, he is an active reservist in the Bundeswehr.
His first firewall was a Sophos UTM 120, which he had to set up for a customer project. Since then, his interest in IT security has grown steadily. In the course of time, various security and infrastructure topics have come into his focus. His most interesting projects included, for example, WLAN coverage in an explosion-proof area, as well as a multi-site WLAN solution for a large