Need help securing your Ubiquiti routers? Configuring IPSEC links between locations? The extended guides for Ubiquiti EdgeRouter Hardening and IPSEC Site-to-Site VPNs are now available on the Solutions page.
Keeping good time on your infrastructure devices like switches, routers, and firewalls is absolutely essential. It ensures that log timestamps are accurate for use in troubleshooting and forensics, and it ensures that devices relying on timestamped certificates will expire them at the same time. This is particularly true with IPSEC and other VPN technologies. Just like in the Mikrotik NTP tutorial, it's fairly straightforward to set the NTP client up on an EdgeOS-based device. First, log into the device via SSH and enter the Configure mode with the following command.
configure
For this tutorial we will be utilizing pool.ntp.org timeservers. This is a fantastic organization, and if you can contribute to the project by volunteering an NTP server of your own the whole community benefits. The NTP servers that are made publicly available for use are load-balanced, so pointing your NTP client to a generic FQDN like those shown below ensures that you'll always reach a viable time server. The following commands will set the NTP servers on EdgeOS-based Ubiquiti products.
set system ntp server 0.pool.ntp.org set system ntp server 1.pool.ntp.org set system ntp server 2.pool.ntp.org set system ntp server 3.pool.ntp.org
Verify that your device's timezone is set correctly. Many organizations choose to set all their devices to UTC time. This is described as a best practice by mainstream vendors, and is especially important when an organization has devices located in different timezones, or across states or regions that observe Daylight Savings Time differently. Having all devices set to UTC time takes the guesswork out of adjusting for local time or DST. It also helps enormously when correlating timestamped events between devices because all device clocks are in sync, so no adjustment is necessary when looking at events between devices side-by-side. The following command sets the timezone to UTC.
set system time-zone UTC
As always, don't forget to commit and save your new configuration.
commit save
This will stop and then start the NTP daemon (ntpd) and resync the device's clock. Verify that the time is up-to-date by running the "date" command, and comparing to a known-good clock. That's it!