hello after upgrading our zerto zvm 2 sites to 8.5 patch 1, we’re seeing NTP port 123 quries from VRA’s and seems to be scanning for various outside ntp sites. like to Ziply 50.39.170.40, 78.46.162.102 in germany, and ips in austrilia. its currently blocked at firewall. we traced it back to all/any of the VRA’s. and we can see it started right after we upgraded to 8.5 patch1 which included an upgrade of the VRA’s after the site ZVM servers. since its a debian based distro, I can turn off the ntp service on vra but I’m guessing it would impact replication and change tracking. support ticket submitted.
Ralph H.
