The time on nodes that have Kaspersky Industrial CyberSecurity for Networks components installed must be synchronized with a common source of time used by industrial network devices. For synchronization purposes, you can use the standard protocols known as Network Time Protocol (NTP) and Precision Time Protocol (PTP).
In Kaspersky Industrial CyberSecurity for Networks version 3.0, time synchronization needs to be configured on nodes with installed sensors only if automatic time synchronization between the Server and sensors is not enabled on the Server. If automatic synchronization is enabled, synchronization with a common time source needs to be configured only on the computer that performs Server functions.
The steps required for configuring time synchronization may differ depending on the version of the operating system and the specific protocol.
-f <configuration file> – default name and full path of the configuration file.
-i <interface name> – name of the network interface that is used for time synchronization.
-S – enables use of software-based timestamps. You can skip this switch if you want to use hardware-based timestamps. However, first make sure that the equipment supports this capability.
-s – enables subordinate time synchronization.
Example OPTIONS string:
OPTIONS="-f /etc/ptp4l.conf -i eth0 -S -s"
Save and close the general settings file.
Allow use of ports 319 and 320 in the firewall. To do so, enter the following commands: