This article applies to Domain Time II.

Last updated: 5/23/2002

Problem

Domain Time may be blocked by a firewall

Details

If you are using Domain Time to obtain the time from an Internet-based source, you may experience problems if you have a firewall in place that does not allow the time protocol(s) you are using to pass through the firewall.

Solution

Open the following holes in your firewall for Domain Time to use:
1. Port 9909 UDP -- for use by Domain Time II protocol
2. Port 123 UDP -- for use by the NTP/SNTP protocol
3. Port 37 TCP -- for use by the ITP protocol
4. Port 37 UDP -- for use by the ITP protocol
5. Port 80 TCP -- for use with the Domain Time over HTTP protocol (you may also use this protocol through a normal web proxy server without adjusting your firewall)

You may also need to specify access permissions based on username. See KB1001.034 for details.

If you are restricting access by machine IP number as well, then only Domain Time's designated Time Server (by default the domain's PDC) needs access to these ports. Other machines in the domain will retrieve the time from the Time Server directly, and do not need Internet access.

There are no known security risks associated with opening these ports. The protocols are fairly simple, and cannot be used to gain control of or access to your protected machines.

See also

Domain Time Firewall Issues
KB1001.034
KB2002.405