ScreenOS Cookbook by Stefan Brunner, Vik Davar, David Delcourt, Ken Draper, Joe Kelly, Sunil Wadhwa

Network services are a critical component of any infrastructure. Like most network devices, firewalls running ScreenOS use services such as Domain Name System (DNS)and Network Time Protocol (NTP) for their own internal processes, and are also capable of providing services to end hosts. NTP, DNS, and Dynamic Host Configuration Protocol (DHCP) clients are available within ScreenOS to simplify network integration. Additionally, the firewall can act as a DNS or DHCP server to provide services to clients via either proxy or internal processes.

ScreenOS uses the Simple Network Time Protocol (SNTP) as described in RFC 2030 to provide clock synchronization on firewalls. Use of NTP is particularly important on firewall devices to ensure time synchronization across the network. Because firewalls tend to generate a large number of logs, maintaining time synchronization is a critically important requirement. Public Key Infrastructure (PKI) functionality also depends on accurate timing to operate correctly. One of the most common problems with certificate-based services, such as Internet Key Exchange (IKE), is inaccurate time information. Although you can configure time on the firewalls on a device-by-device basis, NTP provides an easy method of ensuring a common view of time across your firewall infrastructure. You can find more information on SNTP and NTP at http://www.ntp.org.

You can use DNS in ScreenOS in a number of ways. On ...