ajshaikh

I use Chameleon Clock which is supposed to sync with atomin clock server but the IP Office Firewall does not allow the connection.

Chameleon Clock suggests the following config changes on a firewall:

[i]Not all firewalls are configured to allow SNTP protocol messages by default.
This prevents Chameleon Clock from contacting Internet time servers.
If so, you will need to get your firewall administrator to allow IP/UDP outbound packets to port 123,
and inbound IP/UDP packets from port 123. The following firewall incoming packet filter rule will allow
Chameleon Clock operate using the SNTP protocol while maintaining the security of your site.

Source Protocol = UDP
Destination Protocol = UDP
Source IP Address = Any
Destination IP Address = Any
Source Port = 123
Destination Port = >1023
Source Action = Permit
Destination Action = Permit

Please let me know what I need to change on the IP Office Firewall for this to work.

Thanks.

DaveA

You could try the following for UDP port 1023:

Notes : Clock (or whatever)
IP protocol = 17
Match Offset = 20
Match Length=4
Match Data = 000003FF
Match Mask = 0000FFFF

Leave the rest blank
For UDP Port 123 change Match data to 0000007B
Not sure if you need to set for port 123 or 1023, try both!
I think you have to re-boot after changing a firewall profile.

have fun!

__________________
------------------------------------------------------------------------------------
Click -->UK IP Office Forum. A new UK based IP Office User Group.

PBXtech.info

 

DaveA

having re-read your post, I think 1023 may have been a typo,
so use 7B in the match data.
For direction you will need either Out or Bothway.
Out should do it, dont know why the time server would want to contact your server
without a request.

Cheers

__________________
------------------------------------------------------------------------------------
Click -->UK IP Office Forum. A new UK based IP Office User Group.