Time and Date

On your Sophos UTM, date and time should always be set correctly. This is needed both for getting correct information from the logging and reporting systems and to assure interoperability with other computers on the Internet.

Usually, you do not need to set the time and date manually. By default, automatic synchronization with public Internet time servers is enabled (see section Synchronize Time with Internet Server below).

In the rare case that you need to disable synchronization with time servers, you can change the time and date manually. However, when doing so, pay attention to the following caveats:

• Never change the system time from standard time to daylight saving time or vice versa. This change is always automatically covered by your time zone settings even if automatic synchronization with time servers is disabled.
• Never change date or time manually while synchronization with time servers is enabled, because automatic synchronization would typically undo your change right away. In case you must set the date or time manually, remember to first remove all servers from the NTP Servers box in the Synchronize Time with Internet Server section below and click Apply.
• After manually changing the system time, wait until you see the green confirmation message, stating that the change was successful. Then reboot the system (Management > Shutdown/Restart). This is highly recommended as many services rely on the fact that time is changing continuously, not abruptly. Jumps in time therefore might lead to malfunction of various services. This advice holds universally true for all kind of computer systems.
• In rare cases, changing the system time might terminate your WebAdmin session. In case this happens, log in again, check whether the time is now correctly set and restart the system afterwards.

If you operate multiple interconnected Sophos UTM units that span several time zones, select the same time zone for all devices, for example UTC (Coordinated Universal Time)—this will make log messages much easier to compare.

Note that when you manually change the system time, you will encounter several side-effects, even when having properly restarted the system:

• Turning the clock forward

  • Time-based reports will contain no data for the skipped hour. In most graphs, this time span will appear as a straight line in the amount of the latest recorded value.
  • Accounting reports will contain values of 0 for all variables during this time.

• Turning the clock backward

  • There is already log data for the corresponding time span in time-based reports.
  • Most diagrams will display the values recorded during this period as compressed.
  • The elapsed time since the last pattern check (as displayed on the Dashboard) shows the value "never", even though the last check was in fact only a few minutes ago.
  • Automatically created certificates on Sophos UTM may become invalid because the beginning of their validity periods would be in the future.
  • Accounting reports will retain the values recorded from the future time. Once the time of the reset is reached again, the accounting data will be written again as normal.

Because of these drawbacks the system time should only be set once when setting up the system with only small adjustments being made thereafter. This especially holds true if accounting and reporting data needs to be processed further and accuracy of the data is important.

Set Date and Time

To configure the system time manually, select date and time from the respective drop-down lists. Click Apply to save your settings.

Set Time Zone

To change the system's time zone, select an area or a time zone from the drop-down list. Click Apply to save your settings.

Changing the time zone does not change the system time, but only how the time is represented in output, for example in logging and reporting data. Even if it does not disrupt services, we highly recommend to reboot afterwards to make sure that all services use the new time setting.

Synchronize Time with Internet Server

To synchronize the system time using a timeserver, select one or more NTPNetwork Time Protocol servers. Click Apply after you have finished the configuration.

NTP Servers: The NTP Server Pool is selected by default. This network definition is linked to the big virtual cluster of public timeservers of the pool.ntp.org project. In case your Internet service provider operates NTP servers for customers and you have access to these servers, it is recommended to remove the NTP Server Pool and use your provider's servers instead. When choosing your own or your provider's servers, using more than one server is useful to improve precision and reliability. The usage of three independent servers is almost always sufficient. Adding more than three servers rarely results in additional improvements, while increasing the total server load. Using both NTP Server Pool and your own or your provider's servers is not recommended because it will usually neither improve precision nor reliability.

Tip – If you want client computers to be able to connect to these NTP servers, add them to the allowed networks on the Network Services > NTP page.

Test Configured Servers: Click this button if you want to test whether a connection to the selected NTP server(s) can be established from your device and whether it returns usable time data. This will measure the time offset between your system and the servers. Offsets should generally be well below one second if your system is configured correctly and has been operating in a stable state for some time.

Right after enabling NTP or adding other servers, it is normal to see larger offsets. To avoid large time jumps, NTP will then slowly skew the system time, such that eventually, it will become correct without any jumping. In that situation, please be patient. In particular, in this case, do not restart the system. Rather, return to check about an hour later. If the offsets decrease, all is working as it should.