When the customer does not have a private or public NTP server configured, the customer may notice that the edge timers are not working properly and displaying incorrect time.
This KB addresses the reason and how to resolve this.
-If the customer has no public or private NTP configured, the edge should normally communicate with default NTP servers.
-We can check from the CLI if the communication is going through correctly by issuing debug.py --ntpq.
-As per the above it's stuck in INIT which means it's not synchronizing properly.
-If we also issue ntpq -c rv it will give us the status of the NTP , in issue state it will show leap_alarm which means no synchronization is happening.
Issue is related to a bug under reference 143666.
Fixed Issue 143666: An Edge running 5.2.3.x software may fail to connect to the default NTP servers if there are no private NTP servers configured.
The Segment NAT entry is not being added to the routing table and this causes the Edge to not connect to the NTP servers.
On a 5.2.3.x Edge without a fix for this issue, configuring a private NTP server adds the Segment NAT entry so that the Edge can connect to even the default NTP server.
Fix is available in 5.2.4.x, 5.2.3.4 and 5.4.1.0
https://docs.vmware.com/en/VMware-SASE/5.2.3/rn/vmware-sase-523-release-notes/index.html