KB44457 - Frequent VIP flap is observed on Virtual Machines running on VMWare/ESXi in A/P cluster.
KB44558 - Network Time Protocol (NTP) issues after upgrading Pulse Connect Secure / Pulse Policy Secure to 9.1R8 Virtual Machines
KB25932 - Known false positive CVE list
SA44516 - 2020-07: Security Bulletin: Multiple Vulnerabilities Resolved in Pulse Connect Secure / Pulse Policy Secure 9.1R8
KB43622 - Pulse One (PSA7000) Setup Guide
SA44328 - 2019-12: Out-of-Cycle Advisory: Vulnerability could allow attackers to sniff or hijack VPN Connections (CVE-2019-14899)
SA40241 - Pulse client privilege escalation issue (CVE-2016-2408)
KB17423 - Caveats when using LDAP based Password Management functionality through PCS.
KB23445 - What is the functionality of the HTTP Connection Timeout option
KB29805 - Pulse Connect Secure: Security configuration best practices
What would you like to know?
< Back to search results
KB44607 - NTP Functionality Changes in 9.1R8+
Last Modified Date
10/14/2020 5:41 PM
NTP Functionality Changes in 9.1R8+
Prior to 9.1R8
9.1R8 and up
standard [min poll(64sec) and max poll(1024sec)].
Number of Configurable NTP Servers
2 NTP servers configurable (Primary NTP server and a Secondary NTP server)
Up to 4 NTP servers are configurable
The PCS sync'd time with the primary NTP server based on the configured interval
The PCS uses ntpd daemon to sync and maintain the system date and time of day using its own logic by poling the NTP pool at the standard designated intervals.
Problem or Goal
Prior to the NTP functionality changes, the PCS used to sync time with the Primary NTP server. If the Primary NTP server was not reachable, then it would sync with the Secondary NTP server.
The PCS would sync an incorrect time if the Primary NTP server drifted.
Ensure that a minimum of 3 NTP servers are configured after upgrading to 9.1R8.x
4 NTP are recommended for best results
DNS resolution is done via internal port regardless of whether NTP is configured for the external port:
To change the DNS behavior, this will need to be done under
> Overview > Port for DNS Traffic
The impact of this change will send not just NTP traffic but all DNS traffic out the external port as well.
If running a Virtual Appliance, ensure that "sync host time" is disabled.
Was this article helpful?
Please tell us how we can make this article more useful.