Using Group Policy, enable ICMP (PING) over the Windows Firewall with Advanced Security
On Windows 7, Windows 8, Windows Server 2008, Windows, or Server 2012, you’ll need the Group Policy Management Tools. These are part of the Remote Server Administration Tools (RSAT), which may be downloaded from Microsoft’s website.
Please follow these instructions to activate ICMP on devices using Windows Firewall with Advanced Security (Windows Vista, Windows 7, Windows 8, Windows Server 2008, Windows Server 2012).
- Using the Group Policy Management Tool, you can edit an existing Group Policy object or create a new one.
- Expand the node pc Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Inbound Rules in the pc Configuration/Policies/Windows Settings/Security Settings/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/Windows Firewall with Advanced Security/
- Click Next after selecting the Custom radio button.
- Select the radio box for All Programs and then click Next.
- Select ICMPv4 from the Protocol Type: sink list and click Customize…
- Check the radio selection for All ICMP types and then click OK.
- Note: If you want to limit ICMP to specific types, you need allow at least Echo Request.
- You can either limit which IP addresses ICMP can and cannot communicate with, or tick the Any IP address radio buttons to allow all, then click Next.
- Click Next after checking the Allow Connection radio option.
- Select which profiles will be affected by the rule. At the very least, tick the Domain profile checkbox and then click Next.
- Remove the Name: field from the rule and give it a relevant name. If desired, create an outline and then click Finish to depart and save the new law.
- Using the Group Policy Management Tool, verify that the Group Policy Object is applied to the appropriate computers.
Allow pings over the Windows firewall.
Ping requests are prohibited by default if you have the Windows Firewall Allow Ping option activated. The University Information Security Office’s (ISO) vulnerability scanners are unable to work as a result of this. Follow the procedures below to configure your firewall to allow pings.
To complete these tasks, you may be asked for administrator access.
Firewall in Windows
- Open Windows Firewall by searching for it and clicking on it.
- On the left, select Advanced Settings.
- Click Inbound Rules in the left pane of the resultant window.
- File and Printer Sharing (Echo Request – ICMPv4-In) is one of the fundamentals.
- Enable each rule by right-clicking it and selecting Enable Rule.
Firewalls from third parties
See Vulnerability Scanners if you use a third-party firewall application or appliance.
It’s difficult to hide all conceivable ways of enabling ping on all possible firewalls because each third-party firewall is set differently.
However, to fill out the form to configure your firewall, you’ll need the following information:
- Many firewalls allow you to whitelist specific IP addresses or ranges. Vulnerability Scanners has the IP ranges for UISO scanners.
- Some firewalls allow specified protocols or services to pass through. You should enable ping in certain instances. The setting is known as “ping” or “incoming ping” on some firewalls. Others inquire about it using the technical term “ICMP Echo Reply.” Allow this protocol in either case.
- Many firewalls also include options for allowing specific ports to communicate (do not confuse networking TCP ports with the physical serial, parallel, USB, or Ethernet ports). Don’t worry about those settings for the UISO scanner; only “ping” (ICMP Echo Reply), which doesn’t require ports, has to be enabled. With other reasons, you’ll want to allow or disallow specific ports, but it’s pointless to try to do so for the UISO scanner.