• ARTICLES
SEARCH

How-To Geek

Allow Pings (ICMP Echo Request) Through Your Windows Vista Firewall

Have you ever noticed that with the Windows Vista Firewall enabled, you can’t use ping from another computer to see if your Vista computer is alive? Sure, you could take the drastic step of disabling the firewall for testing purposes, but the simple solution is to just allow ICMP requests through the firewall.

Note: Opening extra ports opens up security risks…  allowing ping isn’t a big deal, but it’s usually best to block anything you don’t need.

Allow ICMP Echo Request (ping) From the Command Line

Open up an administrator mode command prompt by right-clicking and choosing Run as Administrator, or type cmd into the start menu search box and then use Ctrl+Shift+Esc.

netsh firewall set icmpsetting 8 enable

image

To disable it again, simply enter this command:

netsh firewall set icmpsetting 8 disable

The change should be immediate… no need to restart anything.

image

Allow ICMP Echo Request (ping) With the GUI

Type in firewall into the start menu search box, and you want to choose “Windows Firewall with Advanced Security”.

image

Then click on Inbound Rules on the left-hand pane:

image

And find the following rule in the list:

Networking – Echo Request (ICMPv4-In)

Right-click on the rule, and choose “Enable Rule” from the menu, which should immediately enable ping.

image

If you want more control over the rule, you can choose Properties from the menu, and choose which interfaces or profiles this rule applies to.

image 

You could specify that the rule only applies to your wired network interface, and not to the wireless, for example.

image 

Note that I’m not advocating allowing this rule, I’m just illustrating how you can do it if you need it. If you don’t need it, then don’t enable it.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 06/12/08

Comments (16)

  1. Firewired

    Cntrl+Shift+Escape=Windows Task manager, on my VISTA Home Ultimate. Can’t get any further. Suggestions??

  2. Per

    The Geek meant the following key combination: Ctrl + Shift + Enter

  3. Dave Miller

    For Windows 7 Microsoft made changing this a tad more obscure (at least in the release candidate). Use the same approach to changing the settings through the GUI as described above but you’ll find that the “Networking – Echo Request (ICMPv4-In)” setting is no longer present. Use the appropriate “File and Printer Sharing – Discovery” settings instead. There are a total of six with three each for IPv4 and IPv6 with each one providing a different scope as to who can ping.

    Also note that the CLI approach as described for Vista doesn’t work for W7 either. I tried fumbling around with the changed syntax for a little while before going back to the GUI and trying the File and Printer Sharing rules. That worked which was sufficient for me. Someone else gets to decipher the new CLI syntax.

    Cheers,
    Dave

  4. Phillip Trent

    Thank you Dave. I was scratching my head trying to figure out why ICMP Echo was not in the Core Networking rules.

  5. Matt Stephenson

    Thanks Dave, that’s what I need on Windows 7. It’s still the same after RTM

  6. Will Irwin

    I found that even on Vista (x64, SP2) you have to use the “File and Printer Sharing – Discovery” setting. That must have been renamed on Vista through some service pack or patch.

  7. Rich

    On my version of Windows 7 (Enterprise) the setting is File and Printer Sharing (Echo Request – ICMPv4-In). I set it to both public and private networks.

  8. Evert Mouw

    Windows 7 has indeed moved the ICMP echo firewall rule for IPv4 to File and Printer Sharing group. I found it a bit confusing. I you always want to enable ICMP echo, on all ports / networks, even if File sharing is disabled, you can use this CLI (command line interface) command for Windows 7:

    netsh advfirewall firewall add rule protocol=icmpv4:8,any dir=in action=allow name=”Core Networking – Answer an echo request [ping] (ICMPv4-In)” description=”Allows this computer to answer IPv4 ICMP echo requests (ping). This rule was added by the sysadmin.” profile=any interfacetype=any

  9. NG

    Here’s the command line syntax to enable the two File and Printer Sharing (Echo Request – ICMPv4-In) rules.

    netsh advfirewall firewall set rule name=”File and Printer Sharing (Echo Request – ICMPv4-In)” new enable=Yes

  10. GeekSlayer

    I’ve been having problems for months on my wireless laptop with the DHCP Client and Firewall turning
    off and I haven’t been able to turn them on. Thus, after much frustration, reinstalling the OS. I’m bald now from pulling my hair out for a solution. Clean installs, and nothing I’ve read helped. THen I had a Eureka moment…maybe the firewall or an antivirus is blocking ICMP requests…
    and I found this above conversation.

    It sounds like a fix to me. I’m running Vista Business. On an elevated prompt I put “netsh firewall set icmpsetting 8 enable” and we’ll see if this situation happens again. Now I’m wondering if there is something I should do with the wireless Netgear router as well.

    Anyhow, hope it works. :) I’ll let you know.

  11. Impressed

    Great article.

    Geekslayer – you’re an idiot.

  12. James

    I am trying to do the ping test but can get pass the first step
    once I type in netsh firewall set icmpsetting 8 enable in my command prompt
    I get this message “The requested operation requires elevation”
    Am I not doing a step before I type that
    Plz Advise

  13. Mark

    Thank you, fantastic.
    Did the netsh it from the command line as administrator on Vista and ping from remote devices just started working.

    And I didn’t realise there was an advanced firewall interface, so I got into that as the article showed (and thanks to the comments above found echo on my Vista also under file and print sharing) and then discovered under the scope setting I could also change the properties there to specify an allowed incoming address range as well, so set that to the internal 192.168.1.0/24 which is all I wanted to allow ping from anyway.

    This was a great help.

  14. Ryan

    Win7 yields:

    c:\>netsh firewall set icmpsetting 8 enable

    IMPORTANT: Command executed successfully.
    However, “netsh firewall” is deprecated;
    use “netsh advfirewall firewall” instead.
    For more information on using “netsh advfirewall firewall” commands
    instead of “netsh firewall”, see KB article 947709
    at http://go.microsoft.com/fwlink/?linkid=121488 .

    Ok.

    It might be good to add a note.

  15. bhaskar

    i cannot find networking-echorequest option in windows server 2008 R2 in firewall inbound rules..where is that option ?

  16. Sorb

    Thanks to commenter NG for the command! There is just one problem, you cannot copy/paste the commands from this webpage because the quotes have the wrong format. You get this error message: “Group cannot be specified with other identification conditions.”

Enter Your Email Here to Get Access for Free:

Go check your email!