By default in Windows Server 2016 the Windows Firewall is configured to drop all inbound ICMP traffic. This includes echo requests which are common from ping, which can make network troubleshooting difficult.
Here we cover how to allow ping through Windows Firewall.
A common response is usually to simply disable the whole Windows Firewall, however this is not recommended as the Windows Firewall does a good job at providing a basic level of system protection. We will only be allowing the specific rules required to allow ping to succeed.
Allow ping through Windows Firewall
- First we need to open Windows Firewall, this can be done a few ways. My favourite method is to simply hit the Windows key to open start, then start typing firewall. As shown below Windows Firewall with Advanced Security should show, click this.
Alternatively you can simply type ‘firewall’ and press enter in PowerShell to open the same interface.
- From the Windows Firewall with Advanced Security window that opens up, select Inbound Rules from the menu on the left.
- From the rules listed under Inbound Rules, select “File and printer Sharing (Echo Request – ICMPv4-In)” and enable the rule.
Note that this will only allow IPv4 requests in, if you need IPv6 then you will want to enable the “File and Printer Sharing (Echo Request – ICMPv6-In)” rule.
- Once enabled the server should now respond to ping requests. From my desktop I begun to ping my Windows Server 2016 virtual machine at 192.168.1.13 before enabling the rule. You can see the first request timed out. I then enabled the rule while the ping was running and the following requests succeeded, confirming that this is working as expected.
By Default Windows Firewall prevents ICMP echo requests, this results in the server not responding to ping. By enabling this firewall rule we have enabled ping, which can help us with network troubleshooting.