| Home Prev |  cOS Stream 4.00.03 Administration Guide
|
Next |
|---|
Correctly setting the date and time is important for cOS Stream to operate properly. For example, certificates used in certificate based VPN tunnels depend on the system clock being accurately set.
In addition, log messages are tagged with time-stamps in order to indicate when a specific event occurred. Not only does this assume a working clock, but also that the clock is correctly synchronized with other equipment in the network.
The administrator can set the date and time manually and this is recommended when a new system installation is started for the first time.
For access to the current date and time, cOS Stream makes use of the local hardware real-time hardware clock. Depending on the platform, this clock can be equipped with a battery backup so that a loss of power will not affect the clock.The system time is set with the following CLI command:
System:/> time -set YYYY-mm-DD HH:MM:SSWhere YYYY-mm-DD HH:MM:SS is the new date and time. Note that the date order is year, then month and then day.
Example 2.5. Setting the Current Date and Time
To adjust the current date and time to 9:25 in the morning on April 27th, 2025 :
Command-Line Interface
System:/> time -set 2025-04-27 09:25:00
![[Note]](images/note.png) |
Note: A reconfigure is not required |
|---|---|
|
A new date and time will be applied by cOS Stream as soon as it is set. There is no requirement to reconfigure or restart the system. |
Time Zones
The world is divided up into a number of time zones with Coordinated Universal Time (abbreviated as UTC and interchangeable with GMT) as the base time zone. All other time zones going east and west are taken as being UTC plus or minus a number of hours (either whole or fractional). All locations counted as being inside a given time zone will then have the same local time and this will be one of the integer offsets from UTC.The DateTime object property TimeZone must be set to a value which reflects the time zone where the Clavister NetShield Firewall is physically located.
Example 2.6. Setting the Time Zone
To modify the time zone to be UTC plus 1 hour (Central European Time), the CLI would be the following:
Command-Line Interface
System:/> set DateTime Timezone=UTC+01:00Note that CLI tab completion can present a list of all time zone value options.
Daylight Saving Time
Many regions follow Daylight Saving Time (DST) (or "Summer-time" as it is called in some countries) and this means clocks are advanced for the summer period. Unfortunately, the principles regulating DST vary from country to country, and in some cases there can be variations within the same country.There is no specific setting for enabling DST in cOS Stream. Instead, DST is implicitly enabled by selecting the appropriate value for the Timezone property. For example, UTC+01:00 is the value for UTC plus one hour. However, UTC+01:00-EU is the value for UTC plus one hour which includes daylight saving. Tab completion can be used to identify all available values in the CLI.
Example 2.7. Enabling the Time Zone with DST
To modify the system time zone to be UTC plus 1 hour and to include the daylight saving applicable for the European union, the CLI would be the following:
Command-Line Interface
System:/> set DateTime Timezone=UTC+01:00-EU |
Note: Switching off DST |
|---|---|
|
Even though DST is implicitly enabled through the time zone value specified, it is still possible to turn it off by disabling the DSTAutoAdjust property of the Timezone object. The same property can be used to then re-enable it. This might be done, for example, for testing purposes. |
The system clock which cOS Stream uses can sometimes become fast or slow after a period of operation. This is normal behavior in most network and computer equipment and is solved by utilizing Time Servers.
cOS Stream is able to adjust the clock automatically based on information received from one or more time servers which provide a highly accurate time, usually using atomic clocks. Using time servers is highly recommended as it ensures the system will have its date and time aligned with other network devices.
For hardware platforms without battery backup of the system clock, using time servers is a useful way to automatically set the correct time after initial startup.
The SNTP Protocol
Time Synchronization Protocols are standardized methods for retrieving time information from external time servers. The Clavister NetShield Firewall supports the Simple Network Time Protocol (SNTP) as defined by RFC 5905 (SNTPv4).Configuring Time Servers
More than one time servers can be configured to query for time information. By using more than a single server, situations where an unreachable server causes the time synchronization process to fail can be prevented. cOS Stream always queries all configured servers and then computes an average time based on all responses. The configure servers, the steps are:Set the TimeSyncEnable option on the DateTime object to be Yes.
Add each configured server as a new TimeServer object to the DateTime object.
Example 2.8. Enabling Time Synchronization using SNTP
In this example, time synchronization will be enabled and two time servers will be configured with IPv4 addresses 10.5.4.36 and 10.5.4.76. The created TimeServer objects will be given the names my_tsrv1 and my_tsrv2.
Command-Line Interface
First, change the context to be DateTime:
System:/> cc DateTimeNext, add a TimeServer object with the name my_tsrv1:
System:/DateTime> add TimeServer IP=10.5.4.36 Name=my_tsrv1Now add the second server:
System:/DateTime> add TimeServer IP=10.5.4.76 Name=my_tsrv2Then return to the default, root context:
System:/DateTime> ccFinally, activate and commit the configuration changes.
Manually Triggering Time Synchronization
If there is a need to manually force the system clock to be updated then this can be done with the time -sync CLI command.Example 2.9. Manually Triggering Time Synchronization
Time synchronization can be triggered from the CLI.
Command-Line Interface
System:/>time -sync Time synchronization requestedSystem:/>
Maximum Time Adjustment
To avoid situations where a faulty Time Server causes the clock to be updated with a extremely inaccurate time, a Maximum Adjustment value (in seconds) can be set. If the difference between the current system time and the time received from a Time Server is greater than this Maximum Adjustment value, then the Time Server response will be discarded.For example, assume that the maximum adjustment value is set to 60 seconds and the current system time is 16:42:35. If a Time Server responds with a time of 16:43:38 then the difference is 63 seconds. This is greater than the maximum adjustment value so no update occurs for this response. The default value for the maximum adjustment is 600 seconds (ten minutes).
Example 2.10. Modifying the Maximum Adjustment Value
Command-Line Interface
System:/> set DateTime TimeSyncMaxAdjust=4000Forcing Synchronization
Sometimes it might be necessary to override the maximum adjustment. For example, if time synchronization has just been enabled and the initial time difference is greater than the maximum adjust value. It is then possible to manually force a synchronization and disregard the maximum adjustment parameter.Example 2.11. Forcing Time Synchronization
This example demonstrates how to force time synchronization, overriding the maximum adjustment setting.
Command-Line Interface
System:/> time -sync -forceThe Time Synchronization Interval
The interval between each synchronization attempt can be adjusted if needed. By default, this value is 86,400 seconds (1 day), meaning that the time synchronization process is executed once in a 24 hour period.