I am having an issue with the 'show ntp associations' command not working. (I have a firewall filter applied to the loopback to restrict management access)
I get the below output:
user@srx> show ntp associations
localhost: timed out, nothing received
***Request timed out
I have seen the following article and followed it's advice:
https://forums.juniper.net/t5/Day-One-Tips/TIP-not-able-to-check-NTP-status/m-p/64545#M140
I have set my ntp source address to a specific address:
set system ntp source-address 10.99.99.1
Below is my loopback config:
user@srx# show interfaces lo0
unit 0 {
family inet {
filter {
input MGMT_TRAFFIC;
}
}
}
Here is the last section of my firewall filter allowing that IP:
term NTP-SERVERS {
from {
address {
10.99.99.1/32;
}
protocol udp;
destination-port ntp;
}
then accept;
}
term DENY_OTHER_TRAFFIC {
then {
log;
discard;
}
}
When I run a 'monitor traffic interface lo0' I can see the ntp requests coming from the correct source address.
18:13:16.183247 In IP 10.99.99.1.51295 > 10.99.99.1.ntp: NTPv2, Reserved, length 12
18:13:16.185393 In IP 10.99.99.1.ntp > 10.99.99.1.51295: NTPv2, Reserved, length 20
The command still fails though.. When I remove the firewall filter, it works. I even tried changing the filter to just allow udp but it still failed.
Any help appreciated.
Thanks