This article demonstrates an example of how to block ICMP timestamps and replies for internal traffic that originates from behind the FortiGate.

The following topology is used:
               

The goal is to block ICMP timestamp and replies that originated from machine behind port 1 going to ANY internal interface.

1. Create a firewall service for ICMP type 13 (timestamp request) and type 14 (timestamp replies):
   
   

    edit "TIMESTAMP"
        set protocol ICMP
        set icmptype 13
        unset icmpcode
    next
end

    edit "TIMESTAMP_Replies"
        set protocol ICMP
        set icmptype 14
        unset icmpcode
    next
end

2. Create a firewall policy to block timestamp requests on the internal interface as follows:

Note: 

'edit 1' is an example of a new policy. The ID sequence should be followed to avoid overwriting an existing firewall policy with ID 1.

config firewall policy
    edit 1                                            
        set name "Block_ICMP_Type13&14"
        set srcintf "port1"
        set dstintf "any"
        set srcaddr "Local_Subnet"
        set dstaddr "all"
        set schedule "always"
        set service "TIMESTAMP" "TIMESTAMP_Replies"     <---------- Services created above.
        set logtraffic all
    next
end

Results:

Before the traffic is initiated: No traffic hitting the policy.

After the traffic is initiated: 

Logs:

ICMP timestamp traffic is being denied.

Note:

By default, normal ping through Windows does not send ICMP timestamp requests in it.

To test the ICMP timestamp traffic, a tool such as hping3 or Nmap can be used to generate traffic.

https://linux.die.net/man/8/hping3

The following shows how traffic can be initiated through NMAP: target IP has to be mentioned in the target field.