Firewalls - clock

clock

Set the firewall clock for use with the firewall Syslog Server and the Public Key Infrastructure (PKI) protocol. (Configuration mode.)

clock
clock set hh:mm:ss month day year
clock set hh:mm:ss day month year
show clock

Syntax

hh:mm:ss The current hour:minutes:seconds expressed in 24-hour time; for example, 20:54:00 for 8:54 pm. Zeros can be entered as a single digit; for example, 21:0:0.

month The current month expressed as the first three characters of the month; for example, apr for April.

day The current day of the month; for example, 1.

year The current year expressed as four digits; for example, 2000.

Usage Guidelines

The clock command lets you specify the current time, month, day, and year for use with time stamped syslog messages, which you can enable with the logging timestamp command. You can view the current time with the clock or the show clock command.
The lifetime of a certificate and the certificate revocation list (CRL) is checked in GMT. If you are using IPSec with certificates, set the firewall clock to GMT timezone to ensure that CRL checking works correctly.
You can interchange the settings for the day and the month; for example, clock set 21:0:0 1 apr 2000.
A time prior to January 1, 1998 or after December 31, 2097 will not be accepted (the maximum date that the clock command can work to).
While the firewall clock is year 2000 compliant, it does not adjust itself for daylight savings time changes; however, it does know about leap years.
The firewall clock setting is retained in memory when the power is off by a battery on the firewall unit's motherboard.
Public Key Infrastructure (PKI) protocol uses the clock to make sure that a Certificate Revocation List (CRL) is not expired. Otherwise, the CA may reject or allow certificates based on an incorrect timestamp.
Examples
To enable PFSS time-stamp logging for the first time, use the following commands:

clock set 21:0:0 apr 1 2000
show clock
21:00:05 Apr 01 2000
logging host 209.165.201.3
logging timestamp
logging trap 5

In this example, the clock command sets the clock to 9 pm on April 1, 2000. The logging host command specifies that a syslog server is at IP address 209.165.201.3. The firewall automatically determines that the server is a PFSS and sends syslog messages to it via TCP and UDP. The logging timestamp command enables sending time stamped syslog messages. The logging trap 5 command in this example specifies that messages at syslog level 0 through 5 be sent to the syslog server. The value 5 is used to capture severe and normal messages, but also those of the aaa authentication enable command.

hh:mm:ss	The current hour:minutes:seconds expressed in 24-hour time; for example, 20:54:00 for 8:54 pm. Zeros can be entered as a single digit; for example, 21:0:0.
month	The current month expressed as the first three characters of the month; for example, apr for April.
day	The current day of the month; for example, 1.
year	The current year expressed as four digits; for example, 2000.