Time and Date

On your Sophos UTM on AWS, date and time should always be set correctly. This is needed both for getting correct information from the logging and reporting systems and to assure interoperability with other computers on the Internet.

Usually, you do not need to set the time and date manually. By default, automatic synchronization with public Internet time servers is enabled (see section Synchronize Time with Internet Server below).

In the rare case that you need to disable synchronization with time servers, you can change the time and date manually. However, when doing so, pay attention to the following caveats:

If you operate multiple interconnected Sophos UTM on AWS units that span several time zones, select the same time zone for all devices, for example UTC (Coordinated Universal Time)—this will make log messages much easier to compare.

Note that when you manually change the system time, you will encounter several side-effects, even when having properly restarted the system:

Because of these drawbacks the system time should only be set once when setting up the system with only small adjustments being made thereafter. This especially holds true if accounting and reporting data needs to be processed further and accuracy of the data is important.

Set Date and Time

To configure the system time manually, select date and time from the respective drop-down lists. Click Apply to save your settings.

Set Time Zone

To change the system's time zone, select an area or a time zone from the drop-down list. Click Apply to save your settings.

Changing the time zone does not change the system time, but only how the time is represented in output, for example in logging and reporting data. Even if it does not disrupt services, we highly recommend to reboot afterwards to make sure that all services use the new time setting.

Synchronize Time with Internet Server

To synchronize the system time using a timeserver, select one or more NTP servers. Click Apply after you have finished the configuration.

NTP Servers: The NTP Server Pool is selected by default. This network definition is linked to the big virtual cluster of public timeservers of the pool.ntp.org project. In case your Internet service provider operates NTP servers for customers and you have access to these servers, it is recommended to remove the NTP Server Pool and use your provider's servers instead. When choosing your own or your provider's servers, using more than one server is useful to improve precision and reliability. The usage of three independent servers is almost always sufficient. Adding more than three servers rarely results in additional improvements, while increasing the total server load. Using both NTP Server Pool and your own or your provider's servers is not recommended because it will usually neither improve precision nor reliability.

Tip – If you want client computers to be able to connect to these NTP servers, add them to the allowed networks on the Network Services > NTP page.

Test Configured Servers: Click this button if you want to test whether a connection to the selected NTP server(s) can be established from your device and whether it returns usable time data. This will measure the time offset between your system and the servers. Offsets should generally be well below one second if your system is configured correctly and has been operating in a stable state for some time.

Right after enabling NTP or adding other servers, it is normal to see larger offsets. To avoid large time jumps, NTP will then slowly skew the system time, such that eventually, it will become correct without any jumping. In that situation, please be patient. In particular, in this case, do not restart the system. Rather, return to check about an hour later. If the offsets decrease, all is working as it should.

Related Topics Link IconRelated Topics