In Windows, how do I configure the firewall to allow pings?

If you have the Windows Firewall enabled, ping requests are blocked by default. This prevents the University Information Security Office (UISO) external system scanner from functioning. To configure the Windows Firewall to allow pings, follow the appropriate instructions below.

Note: You will need administrative privileges to configure your Windows firewall software.

Note: At Indiana University, the University Information Security Office (UISO) recommends that you normally refrain from running your Windows computer as an administrator. For more, see What is the principle of least privilege?

Windows 7

1. From the Start menu, search for Windows Firewall with Advanced Security. Click it to bring up the application.
   
   
2. From the left pane, click Inbound Rules.
   
   
3. In the right pane, find the rules titled File and Printer Sharing (Echo Request - ICMPv4-In).
   
   
4. Right-click each rule and choose Enable Rule.

Windows Vista

1. From the Start menu, search for Windows Firewall with Advanced Security. Click it to bring up the application.
   
   
2. From the left pane, click Inbound Rules.
   
   
3. In the right pane, find the rule titled Networking - Echo Request (ICMPv4-In).
   
   
4. Right-click the rule and choose Enable Rule.

Windows XP SP2 or greater

1. From the Start menu, select either Control Panel, or Settings and then Control Panel. Click or double-click Network Connections to open the Network Connections window.
   
   
2. In the Network Connections window, right-click the icon for your primary Internet connection and select Properties. For example, if you connect using an Ethernet cable, right-click Local Area Connection; if you connect using VPN or dial-up, right-click Virtual Private Network or Dial-up Connection.
   
   
3. On the Advanced tab, under "Windows Firewall", click Settings... .
   
   
4. The Windows Firewall panel will open. On the Advanced tab, under "ICMP", click Settings... .
   
   
5. The ICMP Settings window will open. Check Allow incoming echo request.
   
   
6. Click OK three times.

Windows XP SP1

1. From the Start menu, select either Control Panel, or Settings and then Control Panel. Click or double-click Network Connections to open the Network Connections window.
   
   
2. In the Network Connections window, right-click the icon for your primary Internet connection and select Properties. For example, if you connect using an Ethernet cable, right-click Local Area Connection; if you connect using VPN or dial-up, right-click Virtual Private Network or Dial-up Connection.
   
   
3. On the Advanced tab, click Settings... .
   
   
4. On the ICMP tab, check Allow incoming echo request.
   
   
5. Click OK twice.

Third-party firewalls

If you use a third-party firewall program or appliance, refer to the UISO scanner FAQ.

Because each third-party firewall is uniquely configured, it is impossible to cover all possible ways of enabling ping on all possible firewalls. However, you can use the following information to determine how to configure your firewall:

• Many firewalls can exempt certain IP addresses or ranges from being blocked. Find the IP ranges for UISO scanners in the scanner FAQ linked above.
  
  
• Some firewalls exempt certain protocols or services. In those cases, you must enable ping. Some firewalls call the setting "ping", or "Incoming ping". Others refer to it by its technical name, "ICMP Echo Reply". Either way, allow this protocol.
  
  
• Many firewalls also offer options to allow certain ports to communicate (do not confuse networking TCP ports with the physical serial, parallel, USB, or Ethernet ports). Don't bother configuring those settings for the UISO scanner; only "ping" (ICMP_Echo_Reply) must be enabled, and that doesn't use ports. You may want to allow or deny certain ports for other reasons, but there's little need to do so for the UISO scanner.

Comments/Questions/Corrections