- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block ICMP Timestamp
Hi. I want to check if I allow all PING type in FortiGate interface administrative access but deny ICMP Timestamp in firewall policy, will ICMP Timestamp traffic still be allow?
- Labels:
-
FortiGate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
You can refer below article regarding ICMP Timestamp:-
Fortinet Certified Expert (FCX) | #NSE8-003459
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @sjoshi ,
But can I know if I deny ICMP Timestamp in firewall policy, will it take precedence over the interface administrative access? This is because I have a lot of interfaces configured, if I were to block ICMP Timestamp on every interfaces, it will require a lot of effort to do it. If I can just add firewall policy to block ICMP Timestamp, it will save a lot of time. Thanks
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Setting up firewall policy will not help you as the traffic coming to the FGT interface wont be checked by firewall policy.
You can either setup local in policy as per below article and select the src interface as those interface where you want to disable it.
Fortinet Certified Expert (FCX) | #NSE8-003459
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @sjoshi,
If i use the method describe in the below article, will it block ICMP Timestamp reply and request on FortiGate interface even when I allow PING on interface administrative access?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You need to follow below article and block it using local in policy
The article you mention if for pass through traffic but in you case FGT is th destination which is to the box traffic.
Yes it will block icmp timestamp even though ping is allowed on interface
Fortinet Certified Expert (FCX) | #NSE8-003459
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Denying ICMP Timestamp in firewall policy will block that traffic.
