When performing scans against AppGate, reports will sometimes indicate that the host implements RFC1323 and that timestamps are sent out. This is usually only rated as a low risk.
The identified risks are twofold; an attacker can calculate uptime and therefore may be able to identify machines which have not been maintained or patched for long periods of time; it might be possible to identify alternative IP addresses relating to the same machine which are less well protected.
The upside of using timestamps relates to network performance whereby TCP packets can be quickly identified as being old.
Since an AppGate server is designed to maintain a high security posture over long periods by default, neither of the risks are very relevant and since there may be network performance benefits, timestamps are intentionally enabled. Any such reports in a scan assessment should only be acted upon if there are other extenuating circumstances.