NTP Port udp 123 advice

I have just setup my DC to use external time source and all servers are ok with correct time, however i have NOT opened any ports..i have a Draytek firewall..... Do i need to do anything? my outbound traffic is not restricted... only incoming is! but no errors in event viewer... do i need to open up port udp 123 to my local Lan ip?
jag bAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Adam PedderDirectorCommented:
Drayteks default to using stateful packet inspection with everything outgoing allowed.

In other words you don't need to open anything up, as long as your server starts the conversation it will be able to talk to whatever it needs to.

You can test by running w32tm /resync and checking the event log.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Neil RussellTechnical Development LeadCommented:
You do not need to open ANYTHING inbound at all.
jag bAuthor Commented:
just ran a w32tm /resync  - got no error just:

The system time has changed to ‎2015‎-‎05‎-‎08T10:05:40.516000000Z from ‎2015‎-‎05‎-‎08T10:05:40.524660000Z.

Change Reason: An application or system component changed the time.
Dan McFaddenSystems EngineerCommented:
You should have only modified the Time Service settings for the DC that holds the PDC Emulator role.  All other DC's should have had their Time Service left as is.

All other servers, desktops and laptops in this domain will query and sync time from a DC near them.

The only server that needs to have outbound NTP access is the PDC Emulator Role holder.  If the role is moved, then the rule controlling outbound NTP access needs to follow the PDC Role and IP address.

Dan
jag bAuthor Commented:
i understand the PDC emulator role and NTP.... thats all ok.... just wanted confirmation on the Port as i have not opened anything as Adam has started i dont think i need to do anything as "Drayteks default to using stateful packet inspection with everything outgoing allowed"
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking Protocols

From novice to tech pro — start learning today.