Curtis Johnstone Curtis Johnstone's Personal Blog

August 12, 2012

Allowing Ping Request in Windows 2008 R2

The basic staple of diagnosing a networking problem in windows-land is good old “ping”.  Many times, newer Windows operating systems (such as Windows 7, Windows 2008, Windows 2008 R2) block ping requests as a security measure, and is achieved through a default Windows Firewall setting (rule to block inbound ICMP requests).

In an attempted to re-enable ping requests, you might be tempted to shutdown the Windows Firewall service.  As a security measure, doing this will block any future Remote Desktop sessions – and worse – it will kill any existing Remote Desktop sessions.  It is also not a good security practice to disable the whole Windows Firewall.

Instead, you can simply enable (or re-enable) a built in Windows Firewall rule on Windows 2008 to allow the machine to respond to ping requests.  Ping uses the ICMP protocol, which is also used for File and Printer Sharing so the rule is called the “File and Printer Sharing (Echo Request).  There are separate rules for IPv4 and IPv6.  There is a good chance you are using IPv4.

Enable this rule as show below and ping responses should start working:


Note: to get here, go Control Panel | Administrative Tools | Windows Firewall with Advanced Security.

It is a similar procedure in Windows 7 – just make sure you select “Advanced Settings” in the Control Panel settings for Windows Firewall to get the screen above.

If you do need to temporarily disable the Windows Firewall, you can use the following commands (from the command line):

Enable and disable Windows Firewall: It’s typically a best practice to leave Windows Firewall enabled, but sometimes when you’re performing testing or setting up new applications, you need to turn Windows Firewall off for a period. The following commands illustrate how to turn Windows Firewall off and then back on:
netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state o
  • netsh advfirewall set allprofiles state off
  • netsh advfirewall set allprofiles state on

Powered by WordPress