Встроенный брандмауэр Windows в целях безопасности по умолчанию блокирует входящий ICMP трафик как в десктопных Windows 10/11, так и в Windows Server. Это означает, что вы не сможете удаленно проверить доступность компьютера с помощью стандартной команды
ping
, т.к. она будет отвечать о превышении интервала ожидания запроса (
Request timed out
) для ICMP Echo-Reply. Если вы хотите сделать возможной проверку доступности хостов Windows по протоколу ICMP из системы мониторинга или вручную из командной строки, можно разрешить ответы на ICMP эхо-запросы.
Чтобы разрешить отправку ответов на запросы по протоколу ICMP, нужно включить предустановленные правила в брандмауэре Windows.
- Откройте оснастку управления Windows Defender Firewall with Advanced Security, выполнив команду
wf.msc - Перейдите в раздел Inbound Rules
- Найдите правило Core Network Diagnostics – ICMP Echo Request (ICMPv4-In) и включите его.
- В моем случае есть два правила с этим именем. Одно для частного и общедоступного сетевого профиля Windows, и второе для доменного. Я включил их оба. Можно также включить правило, разрешающее ICMP ответы для IPv6 протокола (если используется).
Есть также другое правило File and Printer Sharing (Echo Request – ICMPv4-In), которое также разрешает компьютеру отвечать на эхо-запросы
ping
.
Попробуйте пропиговать ваш компьютер и убедитесь, что теперь он отвечает на ICMP запросы.
Можно включить правила Windows Firewall, разрешающие ответы на эхо-запросы ICMP с помощью такой команды PowerShell:
Set-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In -enabled True
Если нужно ограничить список IP подсетей или хостов, которым разрешено отправлять ответы на ICMP запросы, выполните команду:
Set-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In -enabled True -RemoteAddress 192.168.12.0,192.168.31.94
Откройте свойства правила в Windows Firewall и проверьте, что теперь правило разрешающие ICMP ответы будет работать только для указанных IP/подсетей.
Если в файрволе отсутствует (удалено) правило для входящих ICMP запросов, можно создать его из командной строки:
netsh advfirewall firewall add rule name="Allow_ICMPv4_Echo" protocol=icmpv4:8,any dir=in action=allow
Другой пример PowerShell команды, которое создаст правило файервола, разрешающего ping для всех хостов в локальной сети:
New-NetFirewallRule -DisplayName "Allow_ICMPv4_Echo" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress localsubnet -Action Allow
Если нужно заблокировать ответы на ICMP эхо-запрос независимо от того, какие правила включены, создайте запрещающее правило, которое будет иметь более высокий приоритет:
New-NetFirewallRule -DisplayName "Block_ICMPv4_Echo" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress localsubnet -Action Block
Чтобы разрешить ответы на ICMP ping на всех компьютерах в сети, можно включить правило Windows Firewall с помощью доменной групповой политики .
- Откройте редактор доменных GPO (
gpmc.msc
), создайте или отредактируйте имеющуюся GPO и назначьте ее на целевую OU или корень домена. - Перейдите в раздел Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Inbound rules
- Создайте новое правило, выберите Predefined rule типа Core Networking Diagnostics
- Укажите какие правила ICMP Echo request нужно включить.
- На следующем шаге вы берите Allow the connection.
Hello! This time I’m going to talk to you about security in Windows 10. It is well known that the system offers multiple layers of security to keep the privacy of our information safe. Certainly, this entails control over network connections. These are really useful for exchanging information and sending data. However, sometimes these connections can fail and so it is imperative to get the error. One of the resources used for this task is PING. It is a basic Internet program that allows a user to verify that a particular IP address exists and can accept requests. This app verifies whether the IP address of a host is currently operational, and how long it takes to respond. Ping works by sending an Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waiting for a reply.
Additionally, it can be used for troubleshooting to test connectivity and determine response time. However, most administrator users consider the ICMP protocol to be potentially unsafe and prefer to block these calls. For this reason, the Windows 10 firewall by default has a security policy of blocking such requests. This is easy to check, trying to ping our computer from a remote machine, we’ll see the following message:
However, it is not advisable to completely block these calls. Therefore, here I show you how to enable and disable ping in Windows 10.
Enable ping in windows 10. Command line mode.
The first thing we need to do is to open a Command Prompt as administrators. Once there, we have to create a rule for IPv4 addressing and another for IPv6. All right, to create the first rule you just have to type the following command in the console:
netsh advFirewall Firewall add rule name="OSRadar Rule PING IPv4" protocol=icmpv4:8,any dir=in action=allow
If everything was done correctly, the CMD should look like this:
Next, we will create the rule for IPv6 addressing:
netsh advFirewall Firewall add rule name="OSRadar Rule PING IPv6" protocol=icmpv6:8,any dir=in action=allow
We have correctly applied the rules for the ping command. We can check that it works, pinging from a remote computer:
To disable the exception for IPv4 addresses, just type the following commanding in the CMD:
netsh advFirewall Firewall add rule name="OSRadar Rule PING IPv4" protocol=icmpv4:8,any dir=in action=block
In the case of IPv6 addressing, the command to write will be the following:
netsh advFirewall Firewall add rule name="OSRadar Rule IPv6" protocol=icmpv6:8,any dir=in action=block
Please note that you can choose the name you want for the rules. If you want to see every rule in the system in detail, just write the following in the terminal:
netsh advFirewall Firewall show rule name=all
Enable ping in windows 10. Graphic mode.
It is also possible to create specific rules to enable and disable ping by entering the Windows 10 Firewall Advanced Security Configuration. With this intention, just type Firewall on the search bar:
Immediately the Firewall options will be displayed. As we did before, we have to create a rule for IPv4 and another for IPv6.
So first, select the Inbound Rules option in the left column and right-click the mouse to create a New Rule:
A rule creation wizard will start. Please select Custom in the rule type and press Next to continue.
On the next screen select All programs and press Next to continue.
In the protocol type, select ICMPv4 and then click on customize.
In the pop-up screen activate the Specific ICMP types box and navigate until you activate the Echo Request option. Press accept to apply the changes.
Next, we can define which specific IP addresses this rule will apply, on the contrary, we will allow the requests of all the addresses. Once the selection is made, press next to continue.
Now select Allow the connection and press Next to continue
In the following screen, we have to select when the new rule will be applied. Please check the 3 available options and press next to continue.
Finally, we only have to assign a name to the rule and press Finish to close the wizard.
Finally, we can see the rule created correctly. To create the exception for IPv6 addressing, we have to repeat the same process but in the protocol and ports window, we have to select ICMPv6.
To disable any of the created rules, just right-click on it and choose Disable Rule.
Conclusion
Finally, we have seen how to enable and disable ping in Windows 10. This will allow us to manage and administer our connections using this command. Finally, we have seen how to enable and disable ping in Windows 10. This will allow us to manage and administer our connections using this command. Consequently, we will be able to monitor the levels of security and data protection on our computers. This is all for now, before saying goodbye I invite you to review our tutorial on bash in Windows 10
— Advertisement —
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
Subscribe
«The best Linux newsletter on the web»
Enabling ICMP (Internet Control Message Protocol) on Windows 10 allows other devices to ping your computer, which can be useful for troubleshooting network issues. You can enable ICMP by modifying the Windows Firewall settings. Here’s a quick guide on how to enable it.
Enabling ICMP on Windows 10
In this section, we’re going to walk through the steps to enable ICMP on your Windows 10 machine. This will involve accessing the Windows Firewall and creating a new inbound rule to allow ICMP requests.
Step 1: Open the Control Panel
To begin, you’ll need to access the Control Panel.
You can do this by pressing the Windows key and typing «Control Panel» into the search bar. Click on the Control Panel app that appears in the search results.
Step 2: Go to System and Security
Once you’re in the Control Panel, navigate to System and Security.
This section contains various settings related to your system’s security, including the firewall settings we need to change.
Step 3: Open Windows Defender Firewall
Within System and Security, click on Windows Defender Firewall.
This will take you to a new screen where you can manage your firewall settings and rules.
Step 4: Access Advanced Settings
In the left-hand sidebar, click on the link that says «Advanced settings.»
These advanced settings give you more control over the specific rules and behaviors of the Windows Firewall.
Step 5: Create a New Inbound Rule
Now, click on «Inbound Rules» in the left-hand menu, and then click on «New Rule…» in the right-hand sidebar.
Creating a new inbound rule will let you specify that ICMP requests should be allowed through the firewall.
Step 6: Choose Custom Rule
When prompted to choose a rule type, select «Custom» and click «Next.»
Custom rules offer the most flexibility, allowing us to specify exactly what kind of traffic we want to allow.
Step 7: Select All Programs
On the Program screen, select «All programs» and click «Next.»
This ensures that the rule applies to any and all applications that might send or receive ICMP requests.
Step 8: Specify Protocol and Ports
When you reach the Protocol and Ports screen, select ICMPv4 from the dropdown menu and click «Next.»
ICMPv4 is the standard protocol used for ping requests in most networks.
Step 9: Allow the Connection
On the next screen, choose «Allow the connection» and click «Next.»
This setting will ensure that ICMP requests are allowed through the firewall.
Step 10: Apply Rule to All Profiles
When asked which profiles the rule should apply to, select «Domain,» «Private,» and «Public,» then click «Next.»
Applying the rule to all profiles ensures that ICMP requests are allowed regardless of the network type you’re connected to.
Step 11: Name Your Rule
Finally, give your rule a name (like «Allow ICMP») and click «Finish» to create the rule.
Naming your rule helps you easily identify it in the list of firewall rules if you need to make changes later.
After completing these steps, your Windows 10 machine will allow ICMP requests, making it possible for other devices to ping your computer.
Tips for Enabling ICMP on Windows 10
- Make sure to disable the rule when not needed to maintain security.
- Regularly check your firewall rules to ensure they’re up to date.
- Understand that enabling ICMP can make your system slightly more vulnerable.
- Use other network troubleshooting tools in conjunction with ICMP.
- Keep your system and firewall software updated for the best protection.
Frequently Asked Questions
Why should I enable ICMP on Windows 10?
Enabling ICMP allows other devices to ping your computer, which can help diagnose network connectivity issues.
Is enabling ICMP safe?
Enabling ICMP can slightly increase your system’s exposure to network threats, but it is generally safe if managed properly.
Can I enable ICMP for specific IP addresses?
Yes, you can create custom firewall rules to allow ICMP requests from specific IP addresses.
What should I do if I don’t see the Control Panel?
You can also access Windows Firewall settings via the Settings app under «Update & Security.»
How do I disable the ICMP rule?
You can disable the rule by going back into the Windows Defender Firewall advanced settings and turning off or deleting the specific rule.
Summary
- Open the Control Panel.
- Go to System and Security.
- Open Windows Defender Firewall.
- Access Advanced Settings.
- Create a New Inbound Rule.
- Choose Custom Rule.
- Select All Programs.
- Specify Protocol and Ports.
- Allow the Connection.
- Apply Rule to All Profiles.
- Name Your Rule.
Conclusion
Enabling ICMP on Windows 10 can be a lifesaver when you’re troubleshooting network problems. By following the steps outlined above, you can quickly and easily configure your firewall to allow ICMP requests. This will make it possible for you to use ping tests to diagnose and resolve connectivity issues, ensuring that your network runs smoothly.
Always remember to monitor and review your firewall rules regularly, and disable the ICMP rule when it’s no longer needed to maintain the best security practices.
For further reading, consider diving into more advanced network troubleshooting techniques or explore the various other features that Windows Defender Firewall offers. Taking the time to understand these tools and settings can greatly enhance your ability to manage and secure your network.
Matt Jacobs has been working as an IT consultant for small businesses since receiving his Master’s degree in 2003. While he still does some consulting work, his primary focus now is on creating technology support content for SupportYourTech.com.
His work can be found on many websites and focuses on topics such as Microsoft Office, Apple devices, Android devices, Photoshop, and more.
Enabling ICMP (Internet Control Message Protocol) on Windows 10 allows your computer to send and receive network diagnostic messages. This is particularly useful for troubleshooting network connectivity issues. To enable ICMP, you’ll need to adjust your Windows Firewall settings. The task can be completed in a few simple steps using the Windows Control Panel and Command Prompt.
By following these steps, you’ll be able to enable ICMP on your Windows 10 computer. ICMP is essential for network diagnostics, like the popular ping command. Enabling it involves tweaking settings in the Windows Firewall, ensuring that your computer can send and receive these important messages.
Step 1: Open Control Panel
First, open the Control Panel from the Start menu.
Open the Start menu by clicking the Windows icon in the bottom-left corner of your screen. Type «Control Panel» in the search bar and hit Enter. Click on the Control Panel app to open it.
Step 2: Navigate to Windows Defender Firewall
Next, go to Windows Defender Firewall within the Control Panel.
Once in the Control Panel, set the view to either «Large icons» or «Small icons» at the top right for easier navigation. Find and click on «Windows Defender Firewall.»
Step 3: Advanced Settings
Then, open Advanced Settings to adjust firewall rules.
In the Windows Defender Firewall window, look at the left-hand side menu. Click on «Advanced settings.» This will open the Windows Defender Firewall with Advanced Security window.
Step 4: Inbound Rules
Next, select Inbound Rules to create a new rule for ICMP.
In the Advanced Security window, look at the left-hand side again and click on «Inbound Rules.» Here, you can manage rules that control incoming connections.
Step 5: New Rule
Create a new rule to allow ICMP traffic.
On the right-hand side of the Inbound Rules window, click on «New Rule.» A New Inbound Rule Wizard will pop up. Select «Custom» and click «Next.»
Step 6: Protocol and Ports
Specify the ICMP protocol and relevant ports.
In the Protocol and Ports step, select «ICMPv4» from the Protocol type dropdown menu. Click «Next» to proceed.
Step 7: Allow the Connection
Choose to allow the connection to permit ICMP traffic.
Select «Allow the connection» in the Action step. Click «Next» to continue.
Step 8: Profile
Define when this rule applies by checking the necessary profiles.
Check all three boxes: Domain, Private, and Public. Click «Next» to move on.
Step 9: Name the Rule
Name your new rule for easy identification.
In the Name step, type a descriptive name, such as «Allow ICMP.» Optionally, add a description. Click «Finish» to create the rule.
After completing these steps, your computer will allow ICMP traffic, enabling network diagnostics and troubleshooting.
Tips for Enabling ICMP on Windows 10
- Make sure to run the Command Prompt as Administrator for additional control.
- Be aware that enabling ICMP can expose your computer to certain types of network attacks.
- Regularly update your firewall rules to ensure continued security.
- Use descriptive names for your rules to easily identify them later.
- Test your ICMP settings using the ping command to verify everything is working.
Frequently Asked Questions
What is ICMP used for?
ICMP is mainly used for error reporting and network diagnostics. It helps identify issues in your network by sending error messages and operational information.
Is enabling ICMP safe?
While ICMP is useful for diagnostics, enabling it can make your system more susceptible to certain types of attacks. Always ensure other security measures are in place.
How do I test if ICMP is enabled?
You can use the ping command in the Command Prompt. Type «ping [destination]» to test connectivity.
Can I disable ICMP later?
Yes, you can disable ICMP by deleting or modifying the rule you created in the Windows Defender Firewall.
Does enabling ICMP affect performance?
Enabling ICMP itself does not significantly impact system performance. However, the diagnostics it facilitates can help improve network performance by identifying issues.
Summary
- Open Control Panel.
- Navigate to Windows Defender Firewall.
- Open Advanced Settings.
- Select Inbound Rules.
- Click New Rule.
- Select ICMP as the protocol.
- Allow the connection.
- Define the rule’s profile.
- Name the rule.
Conclusion
Enabling ICMP on Windows 10 is a straightforward process that can greatly enhance your network troubleshooting capabilities. By following the steps outlined in this guide, you can easily configure your system to allow ICMP traffic, making it easier to diagnose and resolve network issues.
Remember, while ICMP is a powerful tool, it should be enabled with caution. Always ensure your security measures are up to date to protect your system from potential threats. If you’re interested in learning more about network diagnostics and Windows Firewall settings, consider exploring additional resources or seeking expert advice.
Matthew Burleigh is the head writer at solveyourtech.com, where he covers topics like the iPhone, Microsoft Office, and Google apps. He has a Bachelor’s and Master’s degree in Computer Science and has over 15 years of IT experience.
He has been writing online since 2008 and has published thousands of articles that have been read millions of times.
You can read his full bio here.
Recent Windows Operating systems do not reply to ping requests by default. The firewall policy was set to refuse ICMP Echo Requests by default. That means you will be getting ‘Request Timed Out’ from a Windows 10 or Windows 11 PC even though it is connected and set up properly on the network. This same basic network security rule was applied on earlier Operating Systems such as Windows 8.1 and 7 too. This guide shows how to enable ping reply and make your Windows 11/10 desktop or laptop computer respond to ICMP (ping) requests from other network devices.
If the Windows 11/10 computer is in a domain network, then the global domain policy that is related to ICMP echo requests will be applied automatically by your system administrator. In this example, we consider workgroup setup where the domain setup is not available; for example, a small office or your simple home network.
Also, this guide shows how to enable incoming FTP traffic in the Windows 11/10 firewall if you are planning to make your Windows PC an FTP server by using Microsoft IIS or other FTP server programs like FileZilla FTP server.
There is a pre-built firewall rule in Windows 11/10 to enable or disable ICMP echo requests. By default it was disabled. We can enable the rule to allow ping requests in Windows OS which can reply back to other network devices in the local or external network.
To open the rule, go to the control panel by right-clicking on the start button and selecting Control Panel.
In another way, you can search for ‘control’ in Windows 11 search bar.
Make sure to change the view to the ‘Large Icon’ in the control panel to access Windows Firewall (or Windows Defender Firewall in Windows 11) settings quickly and easily.
Click on Advanced Settings to get the ICMP rule (incoming and outbound connections) option.
Since we are going to allow incoming ping requests, we need to open the Inbound Rules area and look for the File and Printer Sharing Echo Request –ICMPv4 rule as shown below.
Once you enabled the Echo Request for ICMPv4 which is for IP v4, then your Windows 10 or Windows 11 computer will respond to ping requests.
You will see ‘Private’, ‘Public’ and ‘Domain’ network profiles in the advanced Firewall security settings while enabling or creating rules. Windows OS have each rule for every network profile. You have to enable the only profile which is related to your current connection.
For example, if you are at home or office local network, then the connection mostly will be in ‘Private’ or ‘Domain’ network profile. Therefore enable the Echo Request rule for these profiles only.
If you connect the same laptop to any public Internet network (like a coffee shop or airport Wi-Fi), Windows 11 will treat it as the public network profile. In this case, your computer will not respond to ping requests which come from the Internet to your computer, because the Echo Request rule is not enabled for the ‘Public’ network profile. Hence, it is essential to not enable unwanted firewall rules for public network profile.
Allow Ping Requests in Windows 11 by Command Prompt
You can also allow the Ping (ICMP Echo requests) by using the command prompt. It will modify the firewall rules. Using the command prompt will be handier to do the task quicker than the GUI. Also, it will be useful to execute these commands remotely when you are connected through a command prompt or on the Windows server core versions.
To enable ping requests for IPV4, execute the following command as administrator. Make sure to open the command prompt (CMD) as run as administrator.
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allowDisable Ping Reply in Windows 10/11:
Visit the same control panel settings and disable the rule (for private or domain network profile). Now the Windows computer will not respond to ping requests from the connected network devices.
Here is the command to disable the ping in the command prompt.
netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=blockEnable Incoming FTP Traffic in Windows 11/10/8.1 Firewall
Once you set up an FTP server on a Windows computer, then you must enable inbound FTP traffic in the firewall settings. You can follow the same methods below in Windows 11, even though screenshots are taken on Windows 10.
1) Open the control panel and Windows Firewall.
2) Click on ‘Allow an App or feature through Windows Firewall’. It may have a different option in Windows 8.1 or older versions, but you will find a similar option.
Assuming that you already installed IIS and enabled the FTP server, the firewall settings will automatically detect the FTP server application and list it out in the field.
Click on ‘Change Settings’ and choose ‘FTP Server’. Select the network profile currently the computer is connected, press OK to complete the steps.
3) Another Method: Manually Create The Policy and Allow
If you could not succeed with the above method or are not able to see the FTP server app in the programs list of firewall settings, you can manually create an inbound rule and allow particular FTP ports (20 and 21).
4) In the Control panel Firewall settings, click on Advanced settings.
5) We need to create a new inbound rule to allow FTP traffic. This can be done by allowing particular port numbers in incoming traffic. If you do not have any third party personal firewall programs, this step will ensure that incoming FTP traffic is enabled on the computer even though the Windows firewall is on.
To create a new inbound rule in Windows 10/11 computer, click on Inbound Rules and ‘New Rule’.
6) Select ‘Port’ as the rule type on the next screen.
7) You can leave ‘TCP’ selected and in ports number enter 20 and 21 (20,21). FTP (File Transfer Protocol) uses port numbers 20 and 21 for data transfer and command control, click here to view more information.
Select ‘Allow the connection’ which will accept the incoming traffic/packets on these port numbers.
9) Depending on the network connection you are connected to, select the connection type where the particular rule should be applied. You can select all three (Domain, Private and Public) if you are not sure which one to select.
10) Provide a name for the rule, for example, ‘FTP’. This rule name will show under incoming rules in firewall advanced settings. We can easily modify or disable it later by this name.
If you want to block incoming FTP traffic later, you can simply right-click on it and disable the rule.
Also, you can enable the FTP inbound traffic in Windows 10/11 firewall by command prompt with simple commands which are explained at the Microsoft site here.
With the steps outlined in this guide, you will be able to enable ping reply and FTP packets on your Windows 11/10 computer without completely disabling the Firewall.