The time on nodes that have Kaspersky Industrial CyberSecurity for Networks components installed must be synchronized with a common source of time used by industrial network devices. For synchronization purposes, you can use the standard protocols known as Network Time Protocol (NTP) and Precision Time Protocol (PTP).
On the Server node, you must configure time synchronization regardless of how this component was installed (after centralized installation as well as after local installation).
On nodes hosting installed sensors, you must configure time synchronization in the following cases:
Automatic time synchronization between the Server and sensors was not enabled during centralized installation of Kaspersky Industrial CyberSecurity for Networks.
The sensor was installed locally using the kics4net-install.sh script.
The steps required for configuring time synchronization may differ depending on the version of the operating system and the specific protocol.
-f <configuration file> – default name and full path of the configuration file.
-i <interface name> – name of the network interface that is used for time synchronization.
-S – enables use of software-based timestamps. You can skip this parameter if you want to use hardware-based timestamps. However, first make sure that the equipment supports this capability.
-s – enables subordinate time synchronization.
Example OPTIONS string:
OPTIONS="-f /etc/ptp4l.conf -i eth0 -S -s"
Save and close the general settings file.
Allow use of ports 319 and 320 in the firewall for the UDP protocol. To do so, enter the following commands: