ICMP timestamp Type 13 request and Type 14 response are incorrectly seen when:
vCenter Server 7.x
vCenter Server 8.x
A custom firewall rule is configured with an Allow policy using the Edit the Firewall Settings to set up firewall rules to Accept traffic between vCenter Server and specific servers, hosts, or virtual machines. You cannot Allow or Block specific ports, you Allow or Block all the traffic.
ICMP timestamp Type 13 request and Type 14 response are normally dropped by the default iptables rules. That behavior is overridden by Firewall Settings using the Action (i) policy to "Accept: Allow packet with corresponding address."
The following command will list the default ICMP Type 13 and14 drop rules.
root@vcenter [ ~ ]# iptables -L INPUT -v | grep icmp
0 0 DROP icmp -- any any anywhere anywhere icmp timestamp-request
0 0 DROP icmp -- any any anywhere anywhere icmp timestamp-reply
Edit the Firewall Settings and set the Firewall rules with Accept to Action (i) policy to "Return: Apply default or port-specific rules to packet with corresponding address."
Note, do not manually enable the iptables service or it will result in Unable to access vCenter after updating firewall rules from VAMI page when the iptables service is mistakenly enabled from the command line. vCenter services will be up and running but vCenter UI will not be accessible.
ICMP information (CVE-1999-0524 Detail) such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
Monitor drops with:
Monitor packet flows with:
Default icmp rules if they need to be re-added: