How to Enable ICMP (Ping) on Windows Public Firewall
Stephen NdegwaThis guide explains how to allow ICMP (Ping) traffic on a Windows machine using the Public firewall profile. This is useful for network troubleshooting, monitoring, and connectivity testing.
⚠️ Important: This only makes the Windows host pingable. It does not affect routers, public IPs on firewalls (e.g. MikroTik), or tunnel brokers like Hurricane Electric if the IP is not terminating on Windows.
What is ICMP?
ICMP (Internet Control Message Protocol) is a network-layer protocol used for diagnostics and error reporting. Common tools like ping rely on ICMP Echo Request and Echo Reply messages.
- ICMP is not TCP
- ICMP is not UDP
- ICMP runs directly over IP
Prerequisites
- Windows 10 / 11 or Windows Server
- Administrator privileges
- Windows Defender Firewall enabled
Method 1: Enable ICMP via Windows Firewall (GUI)
- Press Win + R, type
wf.msc, and press Enter - Click Inbound Rules
- In the right pane, click New Rule…
- Select Custom → Next
- Program: Select All programs → Next
- Protocol and Ports:
- Protocol type: ICMPv4
- Click Customize…
- Select Specific ICMP types
- Check Echo Request
- Click OK → Next
- Scope:
- Local IP addresses: Any
- Remote IP addresses: Any (or restrict if needed)
- Action: Select Allow the connection
- Profile: Check Public (optionally uncheck Private/Domain)
- Name the rule:
Allow ICMPv4 Ping (Public) - Click Finish
Method 2: Enable ICMP via Command Prompt (Recommended)
Run Command Prompt as Administrator, then execute:
netsh advfirewall firewall add rule name="Allow ICMPv4 Public" protocol=icmpv4:8,any dir=in action=allow profile=public
(Optional) Enable IPv6 Ping
netsh advfirewall firewall add rule name="Allow ICMPv6 Public" protocol=icmpv6:128,any dir=in action=allow profile=public
Verify the Rule
To confirm the rule exists:
netsh advfirewall firewall show rule name="Allow ICMPv4 Public"
From another machine, test:
ping <windows-ip-address>
Common Mistakes
- ❌ Using PowerShell backticks (`) in Command Prompt
- ❌ Expecting this to make a router or public IP pingable
- ❌ Confusing ICMP with TCP/UDP rules
Security Considerations
Allowing ICMP is generally safe but can:
- Expose host reachability
- Be abused for network scanning
Best practice:
- Restrict remote IPs if possible
- Enable only when needed
Summary
- ICMP is required for
ping - Windows blocks ICMP by default on Public profile
- You can enable it safely via GUI or
netsh - This affects Windows only, not routers or tunnels
Related Topics
- Enabling ICMP on MikroTik
- IPv6 and ICMPv6 differences
- Hurricane Electric IPv6 tunnel requirements
Author: Stephen Ndegwa
Related Tutorials
How to Fix “‘adb’ is not recognized as an internal or external command”
If you’re seeing this error when trying to use Android Debug Bridge (ADB), it means your system can’t find the ADB executable. This comprehensive guide will walk you through understanding the problem and multiple solutions to fix it. Understanding the Problem ADB (Android Debug Bridge) is a command-line tool that’s part of the Android SDK […]
How to Use Claude Code with AWS Bedrock
This guide shows how to run Claude Code using Anthropic models hosted on Amazon Bedrock, instead of Anthropic’s direct API. Overview Claude Code supports Amazon Bedrock as a backend. When enabled, it: Prerequisites 1. AWS Account with Bedrock Enabled 👉 AWS Bedrock Consolehttps://console.aws.amazon.com/bedrock/ Important: The first time you use Anthropic models, AWS requires you to […]
How to Run Claude Code with Gemini, OpenAI, or Anthropic Models
How to Run Claude Code with Gemini, OpenAI, or Anthropic Models via claude-code-proxy (Windows, macOS, Linux) The AI ecosystem is evolving fast, and many developers want to leverage Claude Code, Anthropic’s client, with different backends like Google Gemini, OpenAI, or Anthropic itself. claude-code-proxy is a lightweight proxy server that allows you to connect Claude Code […]