Can not find where to check the time

Giannis Danatzis 0 Reputation points
2024-03-08T09:17:27.8566667+00:00

Hello team,

I have an issue where I can not seam to find an answer.
I configured SAML authentication with my checkpoint firewalls.
After encountering an issue and opening a case to Checkpoint they told me that the issue most probably is with the not synced Azure and Gateway clocks.
I have tried to find out where the portal clock is set or shown in order to be able to agree or disagree with the support's indication with no luck.
Does someone have an idea on how I can check this?

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,773 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Luis Arias 4,711 Reputation points
    2024-03-11T10:59:18.04+00:00

    Hi Giannis Danatzis,

    As you already now you need to compare the time of components involve in your SAML configuration If it's Azure VMs and Checkpoint Firewall:

    • Azure hosts are synchronized to internal Microsoft time servers(time.windows.com). However VM can be modify to have another NTP server or time configured. (https://learn.microsoft.com/en-us/azure/virtual-machines/windows/time-sync)
      • Date on Linux by shell: date
      • Date on Windows by Powershell: Get-Date
    • After get the time of your service on azure verify the time on checkpoint firewall you can use: ntpdate -q <IP Checkpoint FW>

    Besides one clarification the time at Azure portal level is not typically relevant for SAML authentication. The important thing is that the clocks on the systems involved in the SAML authentication (in this case, your Azure service and your Checkpoint firewall) are synchronized. This is because the timestamps in the SAML assertions generated by the identity provider (Azure) need to match up with the time on the service provider (Checkpoint firewall).

    If the information helped address your question, please Accept the answer.

    Luis