Description | This article describes how to block ICMP timestamps and replies for internal traffic that originates from behind the FortiGate. |
Scope | FortiGate. |
Solution |
This article demonstrates an example of how to block ICMP timestamps and replies for internal traffic that originates from behind the FortiGate.
Our goal is to block ICMP timestamp and replies that originated from machine behind port 1 going to ANY internal interface.
edit "TIMESTAMP" edit "TIMESTAMP_Replies"
Results:
After the traffic is initiated:
Note: By default, normal ping through Windows does not send ICMP timestamp requests in it.
In order to test the ICMP timestamp traffic, use a tool such as hping3, or Nmap to generate traffic. https://linux.die.net/man/8/hping3 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.