Windows OS Hub
  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux
  • Home
  • About

Windows OS Hub

  • Windows
    • Windows 11
    • Windows Server 2022
    • Windows 10
    • Windows Server 2019
    • Windows Server 2016
  • Microsoft
    • Active Directory (AD DS)
    • Group Policies (GPOs)
    • Exchange Server
    • Azure and Microsoft 365
    • Microsoft Office
  • Virtualization
    • VMware
    • Hyper-V
  • PowerShell
  • Linux

 Windows OS Hub / Windows 11 / Allowing Ping (ICMP Echo) Responses in Windows Firewall

April 15, 2025

Allowing Ping (ICMP Echo) Responses in Windows Firewall

By default, the built-in Windows Firewall blocks incoming ICMP Echo Request packets for security reasons on Windows 10/11 desktops and Windows Server hosts. This means you won’t be able to remotely check the Windows computer availability using the standard ping command, as it will respond with Request timed out due to blocked ICMP Echo Replies. Suppose you need to check the availability of Windows hosts via ICMP (either from a monitoring system or manually from the command line). In that case, you can allow responses to ICMP echo requests in Windows Defender Firewall.

Windows computer blocks ICMP ping requests

To allow responses to ICMP requests, enable the predefined rules for ICMP Echo in Windows Firewall.

  1. Open the Windows Defender Firewall with Advanced Security Management snap-in by running the wf.msc command
  2. Go to the Inbound Rules section
  3. Find and enable the ‘Core Network Diagnostics – ICMP Echo Request (ICMPv4-In)‘ rule.
  4. There are two rules with that name in my case. One is for the private and public Windows network profile, and the other is for the domain profile. I’ve enabled both ICMP Echo Request rules. You can also enable the corresponding rule to allow ICMP echo replies over the IPv6 protocol if it is in use. Enable ICMP Echo Request (ICMPv4-In) in Windows Firewall
Another rule, ‘File and Printer Sharing (Echo Request – ICMPv4-In)’, also enables Windows to respond to ping.

Try pinging this computer to see if it now responds to ICMP echo requests.

windows: allow icmp echo requests

Or use the following PowerShell command to enable the Windows Firewall rules that allow responses to ICMP echo requests

Set-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In -enabled True

If you want to restrict which IP subnets or hosts are allowed to receive ICMP echo replies, use the following command to modify the firewall rule

Set-NetFirewallRule -Name CoreNet-Diag-ICMP4-EchoRequest-In -enabled True -RemoteAddress 192.168.31.0,192.168.13.2

Open the rule properties in Windows Firewall and verify that the ICMP Echo Reply rule is now configured to apply only to the specified IP addresses or subnets.

Windows firewall: allow ping packets from specific IPs or networks

Here’s another PowerShell command example that creates a firewall rule to allow ping requests from all devices on the local network.

New-NetFirewallRule -DisplayName "Allow_ICMPv4_Echo_Response" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress localsubnet -Action Allow

If you want to block ICMP echo reply responses regardless of existing rules, create a deny rule with a higher priority:

New-NetFirewallRule -DisplayName "Block_ICMPv4_Echo_Response" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress localsubnet -Action Block

If the firewall rule for incoming ICMP echo requests is missing or has been removed, you can recreate it from the elevated command prompt:

netsh advfirewall firewall add rule name="llow_ICMPv4_Echo_Response" protocol=icmpv4:8,any dir=in action=allow

To allow ICMP ping responses on all computers on the network, you can enable this Windows Firewall rule through a domain Group Policy.

  1. Open the domain GPO editor (gpmc.msc), create or edit an existing GPO, and link it to the target OU or domain root.
  2. Go to Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Inbound rules
  3. Create a new rule, select a Predefined rule named Core Networking Diagnostics

GPO: Enable predefined rule in firewall

  1. Choose which ICMP Echo Request rules you want to enable. Enable ICMP Echo Request through a domain Group Policy
  2. Select Allow the connection in the next step.
  3. After updating the group policy settings on the client computers, the ICMPv4 Echo Request rule will be enabled on them. Users, including those with administrative privileges, cannot disable or delete a firewall rule deployed through Group Policy.
0 comment
0
Facebook Twitter Google + Pinterest
PowerShellQuestions and AnswersWindows 10Windows 11Windows Server 2022
previous post
How to Pause (Delay) Update Installation on Windows 11 and 10
next post
Uninstalling Windows Updates via CMD/PowerShell

Related Reading

How to Assign (Passthrough) a Physical GPU to...

June 11, 2024

Configuring RemoteApps Hosted on Windows 10/11 (without Windows...

January 25, 2025

Disable BitLocker Automatic Drive Encryption in Windows 11

October 16, 2024

Enable Hyper-V on Windows 10/11 Pro and Home...

August 12, 2024

Disable and Completely Remove Widgets from Taskbar in...

September 26, 2024

Get Started with Docker on Windows (WSL2) without...

September 4, 2024

Adding Multiple Alternate DNS Names for a Windows...

September 3, 2024

Automatic Outlook User Profile Configuration with ZeroConfigExchange

May 21, 2024

Leave a Comment Cancel Reply

join us telegram channel https://t.me/woshub
Join WindowsHub Telegram channel to get the latest updates!

Recent Posts

  • Map a Network Drive over SSH (SSHFS) in Windows

    May 13, 2025
  • Configure NTP Time Source for Active Directory Domain

    May 6, 2025
  • Cannot Install Network Adapter Drivers on Windows Server

    April 29, 2025
  • Change BIOS from Legacy to UEFI without Reinstalling Windows

    April 21, 2025
  • How to Prefer IPv4 over IPv6 in Windows Networks

    April 9, 2025
  • Load Drivers from WinPE or Recovery CMD

    March 26, 2025
  • How to Block Common (Weak) Passwords in Active Directory

    March 25, 2025
  • Fix: The referenced assembly could not be found error (0x80073701) on Windows

    March 17, 2025
  • Exclude a Specific User or Computer from Group Policy

    March 12, 2025
  • AD Domain Join: Computer Account Re-use Blocked

    March 11, 2025

Follow us

  • Facebook
  • Twitter
  • Telegram
Popular Posts
  • How to Assign (Passthrough) a Physical GPU to a Hyper-V Virtual Machine
  • Run PowerShell Scripts on a Schedule with Task Scheduler
  • Check Windows 11 Hardware Readiness with PowerShell Script
  • Extend an Expired User Password in Active Directory
  • How to Add or Remove Pinned Folders to Quick Access with PowerShell and GPO
  • How to Enable and Configure Wake-on-LAN (WoL) in Windows
  • How to Find Windows Version and Build Number Installed
Footer Logo

@2014 - 2024 - Windows OS Hub. All about operating systems for sysadmins


Back To Top