A recent enhancement to FortiOS, used in the FortiGate firewall, did not handle NTP DNS changes correctly. When DNS mapping changed FortiGate firewalls sent 10 second duration NTP bursts at rates that could exceed 20,000 requests/second NTP Pool servers were impacted due to the use of DNS load balancing. Our team monitored three NTP pool servers and detected over 150 FortiGate devices sending NTP bursts.
FortiGate support identified the problem: Bug ID 607015 https://docs.fortinet.com/document/fortigate/6.2.3/fortios-release-notes/236526/known-issues FortiGate support informed us that FortiOS 6.2.4, released on May 12, 2020, fixed the problem. Operators of the FortiGate firewall must install that software, it is not an automatic upgrade. We don't know when the updates will be complete. Questions should be directed to FortiGate support. We recommended that FortiGate apply for a Vendor Zone https://www.pool.ntp.org/vendors.html. Miroslav Lichvar Hal Murray Steve Sommars _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
