Hi. I want to check if I allow all PING type in FortiGate interface administrative access but deny ICMP Timestamp in firewall policy, will ICMP Timestamp traffic still be allow?
Hi,
You can refer below article regarding ICMP Timestamp:-
Hi @sjoshi ,
But can I know if I deny ICMP Timestamp in firewall policy, will it take precedence over the interface administrative access? This is because I have a lot of interfaces configured, if I were to block ICMP Timestamp on every interfaces, it will require a lot of effort to do it. If I can just add firewall policy to block ICMP Timestamp, it will save a lot of time. Thanks
Hi,
Setting up firewall policy will not help you as the traffic coming to the FGT interface wont be checked by firewall policy.
You can either setup local in policy as per below article and select the src interface as those interface where you want to disable it.
Hi @sjoshi,
If i use the method describe in the below article, will it block ICMP Timestamp reply and request on FortiGate interface even when I allow PING on interface administrative access?
You need to follow below article and block it using local in policy
The article you mention if for pass through traffic but in you case FGT is th destination which is to the box traffic.
Yes it will block icmp timestamp even though ping is allowed on interface
User | Count |
---|---|
2538 | |
1351 | |
795 | |
642 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.