NTP port 123 outbound traffic

Posted on 2014-08-13
Last Modified: 2016-02-25

I have been monitoring too many NTP traffic going out through Sophos firewall and they are all blocked by default. The destination of the outbound traffic is many different NTP server location not only one server.

Client PCs are trying to get time information from many locations, how can I make PCs to get their time information from internal NTP server rather external NTP server?

This is the list of IP address that internal PCs are trying to reach to get time information.
Question by:Educad
    LVL 10

    Expert Comment

    by:Prashant Girennavar
    Are you using Active directory?

    Make sure you have set the correct registroy entry on the client PC. Check below link

    w32tm /monitor will give you the exact information.


    -Prashant Girennavar.

    Expert Comment

    by:Heera Bisht

    If the systems are in wokrgroup, use w32tm /unregister to unregister the ntp time source on the client system. This will remove any ntp defined settings from the registry.
    and use w32tm /register to register the time source again.

    IF these are domain joined system you can disable the same through group policy.
    LVL 10

    Accepted Solution

    I would suggest if this is in client server (domain environment) : Configure the PDC to be internal time server and allow rule to sync with valid and trustworthy time server to sync. Configure Group policy to push the time to client.
    LVL 13

    Assisted Solution

    If your list of servers is complete, I would think of a mere bute force measure: Configure the servers in your DNS server with IP addresses pointing to your internal NTP server.

    As an alternative, you could stuff that info into the HOSTS file on the clients, but that's a bit more complicated to maintain if changes occur (but more effective if the configuration in your DNS server proves to be tricky).

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    Please see preceding article here: Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
    Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    731 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now