How to Allow Ping From Firewall in Windows Server (2022, 2019, 2016)

ICMP or Ping is disabled by default on Windows Server and Windows 11 / Windows 10. Keeping Ping…

How ping works

ICMP or Ping is disabled by default on Windows Server and Windows 11 / Windows 10. Keeping Ping disabled makes the system safer, but troubleshooting becomes more difficult.

As ping indicates that the remote computer is connected to the network and capable of communicating, it is a useful command, especially for sysadmins.

As a sysadmin myself, I have to install Windows Server and client frequently. Since our network is secured by hardware firewalls, it’s safe to allow ping on Windows Server and Windows client computers.

How ping works
How ping works

I prefer to enable Ping manually and not use Group Policy. In this article, we will go through the step-by-step process of enabling Ping through Windows Firewall.

If ping is not enabled on your computer, you will get a request timed out message when you ping the computer.

ping server
ping server

How to enable Ping in Windows Firewall

To enable ping on Firewall, follow the steps below:

  1. Open Firewall by going to Run –> firewall.cpl

  2. Click on Advanced Settings from the right-hand pane

    Firewall advanced settings
    Firewall advanced settings
  3. Right-click on Inbound Rules on the left-hand pane and select New Rule

    New inbound rule in Firewall
    New inbound rule in Firewall
  4. Select File and Printer Sharing under Predefined. Click on Next.

  5. Select the following two rules:

    • File and Printer Sharing (Echo Request – ICMPv6-In)
    • File and Printer Sharing (Echo Request – ICMPv4-In)
    Enable ICMP rules from Group Policy
    Enable ICMP rules from Group Policy

    Click on Next.

  6. Make sure “Allow the connection” is selected. Click on Finish.

    Allow the connection rule for ping
    Allow the connection rule for ping

How to enable Ping using Command Line

To enable Ping using Command Line, open Command Prompt or PowerShell and run the following commands:

Allow IPv4 ping using cmd:

netsh advfirewall firewall add rule name="ICMP Allow Ping V4" protocol="icmpv4:8,any" dir=in action=allow

Allow IPv4 ping using PowerShell:

New-NetFirewallRule -DisplayName "ICMP Allow Ping V4" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress <localsubnet> -Action Allow

Allow IPv6 ping using cmd:

netsh advfirewall firewall add rule name="ICMP Allow Ping V6" protocol="icmpv6:8,any" dir=in action=allow

Allow IPv6 ping using PowerShell:

New-NetFirewallRule -DisplayName "ICMP Allow Ping V6" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress <localsubnet> -Action Allow

To disable Ping using Command Line, open Command Prompt or PowerShell and run the following commands:

Block IPv4 ping using cmd:

netsh advfirewall firewall add rule name="ICMP Allow Ping V4" protocol=icmpv4:8,any dir=in action=block

Block IPv4 ping using PowerShell:

New-NetFirewallRule -DisplayName "ICMP Allow Ping V6" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress <localsubnet> -Action Block

Block IPv6 ping using cmd:

netsh advfirewall firewall add rule name="ICMP Allow Ping V6" protocol="icmpv6:8,any" dir=in action=block

Block IPv6 ping using PowerShell:

New-NetFirewallRule -DisplayName "ICMP Allow Ping V6" -Direction Inbound -Protocol ICMPv4 -IcmpType 8 -RemoteAddress <localsubnet> -Action Block

How to enable Ping through Firewall using Group Policy

Sometimes it becomes cumbersome to go through each computer in the network and enable ping. A rather easier way would be to disable Windows Firewall by default. This could be a security rick. Alternatively, we can enable ping for all computers (or a set of computers) in the network using the Group Policy.

Here’s how to enable ping using Group Policy:

  1. Open the Group Policy Management Console on your Domain Controller from Server Manager –> Tools –> Group Policy Management.

  2. You can either create a new Group Policy Object and apply it to relevant computers or edit the already existing universal GPO.

    Edit Default Domain Policy
    Edit Default Domain Policy
  3. Navigate to the following:

    Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Defender Firewall with Advanced Security -> Windows Defender Firewall with Advanced Security -> Inbound Rules
  4. Right-click Inbound Rules and create a New Rule.

    New inbound rule
    New inbound rule
  5. Select File and Printer Sharing under Predefined. Click on Next.

  6. Select the following two rules:

    • File and Printer Sharing (Echo Request – ICMPv6-In)
    • File and Printer Sharing (Echo Request – ICMPv4-In)
    Enable ICMP rules from Group Policy
    Enable ICMP rules from Group Policy

    Click on Next.

  7. Make sure “Allow the connection” is selected. Click on Finish.

    Allow the connection rule for ping
    Allow the connection rule for ping

That’s it. Now ping is enabled across the internal network. If any computer still does not allow ping traffic, please run the following command on that computer:

gpupdate /force
Ping enabled on the server
Ping enabled on the server

Also see:

Subscribe to our Newsletter

Get the latest tech news, advice and downloads in your inbox

Leave a Reply

You have to agree to the comment policy.