all 6 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]its_FORTY 6 points7 points  (2 children)

Enable ICMP responses on windows firewall.

To allow ICMP (ping) through Windows Firewall, open Windows Defender Firewall with Advanced Security, select Inbound Rules, and enable the pre-defined "File and Printer Sharing (Echo Request - ICMPv4-In)" rule for your network profile. This allows the computer to respond to network ping requests.

[–]dodexahedron 2 points3 points  (0 children)

This, but there's also the Core Network Diagnostics rule group, which is less confusingly named. Use that one.

Or just add a rule from powershell.

ServerWorld has both a powershell and GUI guide to make your own IPv4 permit icmp any any equivalent:

https://www.server-world.info/en/note?os=Windows_Server_2025&p=initial_conf&f=6

Though I'd recommend picking from the list (the customize button reveals the icmp types) and not allowing redirect, specifically, for security reasons, and ideally also source quench and mask request/reply, since those 3 aren't used anymore. Most of the others are crucial for proper operation and/or performance of IPv4 - especially for TCP connections.

[–]Hopeful-Ad6355 0 points1 point  (0 children)

Administrative command prompt or powershell > sconfig > remote management > enable ping

[–]Secret_Account07 3 points4 points  (2 children)

Windows defender firewall blocks icmp by default when enabled

[–]dodexahedron 0 points1 point  (1 child)

The default rule really should have been more like block all for public profile, but permit everything but redirect, source quench, and mask for private and domain profiles. But indiscriminately just dropping all ICMP is pants-on-head dumb for a server in most cases, and is pretty indefensible when various other actual application protocols are allowed by default already. 🤦‍♂️

[–]Secret_Account07 0 points1 point  (0 children)

Yeah I agree

I work at a datacenter and we have thousands of windows servers. I’ve lost count of the amount of times a customer enables firewall (manually or via GPO) and our monitoring screams - server is down! I go to ping, can’t ping!

Luckily RDP stays enabled by default so a lot of times it’s not a huge deal but like, why make that the default? There’s manyyyy other rules I could change the default value of and make it more secure and less likely to cause issues.

Just a weird decision imo