Configure Time and NTP¶
Accurate time is critical: log timestamps, cert validity, schedule-based policies (time conditions, MFA windows), and HA all depend on correct system time. Always sync to NTP; never rely on manually-set time.
Steps¶
Set the time zone¶
- System → Settings.
- System Time:
- Time Zone — pick your zone (e.g.
(GMT-5:00) Eastern Time).
- Time Zone — pick your zone (e.g.
- Apply.
📸 Screenshot needed
System → Settings → System Time section, showing timezone dropdown and NTP server config.
Configure NTP¶
- Same page, scroll to NTP.
- Setup Method:
- Synchronize with NTP server (preferred).
- Custom — define your own servers.
- Server —
pool.ntp.org(default) or your internal NTP server. Multiple OK. - Sync interval — minutes between syncs. Default 60.
- Apply.
CLI Equivalent¶
config system global
set timezone 04 # numeric code per FortiOS docs
end
config system ntp
set ntpsync enable
set server-mode disable
set source-ip 0.0.0.0
config ntpserver
edit 1
set server "pool.ntp.org"
next
edit 2
set server "time.nist.gov"
next
end
end
Verify¶
get system status | grep "System time"
diagnose sys ntp status
Should show:
- Current time matching wall clock.
- synchronized = yes.
- Offset close to 0.
FortiGate as an NTP Server (for downstream)¶
To let LAN devices use FortiGate as their NTP source:
config system ntp
set server-mode enable
set interface "internal"
end
Then on the interface, allow NTP:
config system interface
edit "internal"
append allowaccess ntp
next
end
Common Issues¶
- Time wrong by hours. Timezone wrong. Fix in System → Settings → Time Zone.
- Time wrong by minutes. NTP not actually syncing. Test:
execute ping pool.ntp.orgfirst; if fails, fix DNS/routing. - DST not handled. FortiOS handles DST automatically when the right timezone is picked. Don't manually offset.
- Schedule-based policies misfiring. Almost always a timezone/NTP issue. Verify with
get system status.