Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
duenlim
Staff
Staff

Created on ‎11-12-2024 10:57 PM Edited on ‎09-23-2025 10:32 PM By Community Manager

Article Id 356077

Technical Tip: How to verify the block ICMP timestamp on FortiGate interface

Description This article describes how to usethe  built-in sniffer packet tool to make sure the block ICMP timestamp is effective on the FortiGate Interface.
Scope FortiGate.
Solution

By default, FortiGate will respond to the ICMP Timestamp reply if the ICMP Timestamp is received. The images below demonstrate the Nmap ICMP Timestamp sent to FortiGate's Interface and found 1 host up. 

 

NMAP.JPG

 

The FortiGate built-in sniffer packet results show the ICMP Timestamp request packet comes in, and FortiGate returns the ICMP Timestamp reply.

 

This information could have potential risks. Refer to this KB article: Technical Tip: Block ICMP timestamp on FortiGate interface while keeping ping enabled

 

NMAP2.JPG

 

Once the Block ICMP Timestamps. The built-in sniffer packet result shows FortiGate will stop responding to ICMP Timestamp reply.

 

NMAP3.JPG

 

Related articles:

Technical Tip: Blocking ICMP Unreachable Messages by using interface-policy

Technical Tip: Block ICMP request originated from the firewall
3395
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.