Hi,
I've been struggling with this for a bit now and haven't found a nice way to do this, where I have some IP cameras on my network which do not have any option to change the NTP server used for automatically requesting time updates. The cameras use a time server based in Japan which no longer seems to respond to them, and they are VERY persistent when requesting updates.
I currently have a policy in place attached to the "Wingate NAT: Client Connect" event which does some group checking and for these devices ONLY allows activity for port 123 (yes, I've always had a "tin-foil" hat, but was glad I did back when all those "IoT exploits" started).
There seem to be some types of policies which allow the result to be redirected, but for this "Wingate NAT: Client Connect" the only options seem to be "Allow" or disconnect. What I would like to be able to do is redirect these requests to a different NTP server, but so far the only way I have been successful in doing this was to redirect ALL UDP port 123 access using the Extended Networking "Port Security" redirect, which redirects ALL traffic.
Is there a way to do this redirect based on additional criteria, in this case the group?
I have also tried setting up a "UDP Mapping Service" for NTP, but it looks like these devices do requests using alternate ports which bypass the service??
Thanks,
Chad.