Win7 firewall, where is ICMPv4 Echo Reply ?
Why does the ICMPv4 rules list not include "Echo Reply" this being "type=0, code=any" when setting up a rule, it has been around for a long time now but not listed in Win7 ? I am only able to get ICMPv4 ping working by disabling the "public firewall" completely. I am trying to understand what on Win7 is blocking basic pings, I do not consider having working ICMP layer a security risk of any sort, so for all profiles on all interface in all circumstances that IPv4 is working I want a fully working ICMPv4 on top of it. When looking through to creating a manual rule to allow this and trying to diagnose the problem, even if I create an "Outgoing" rule for ICMPv4, type=0, code=any, I am still unable to observe a ping response from my Win7 host. Even if I create a ICMPv4 ANY rules it still doesn't work as expected. The Win7 Ultimate host is standalone (not part of any domain) disabling the "public firewall" cures the problem. To clarify my problem, I am trying to ping from another host my Win7 box, via an interface listed as being "public". If I disable windows firewall on the public profile, ping works. This means from the other host I issue a "ping w.x.y.z" and I get a 4 replies back from the Win7 host via IPv4. I am not using any IPv6 anywhere. The Win7 box is the IP w.x.y.z, the ping requests are coming from a Win2003R2 system. What is all the ____ in Win7 added about authentication of stuff to open network ports ? Is there a button to press and just say "No Thank You". I am not a domain or enterprise user so why would I want this extra stuff in my face ? (aka "Connection Security Rules"). I have no other firewall software installed on the system. Edition is Win7 Ultimate 64bit, am upgrading from WinXP Pro whos "firewall just worked(tm)". As in the buttons to enabled ICMP did what you expect.
June 30th, 2010 7:06pm

Sorry to reply to my own post. The firewall rule I was presuming was allowing Echo Request in was "File and Printer Sharing (Echo Request - ICMPv4-In)" however this has a Scope restriction on it by default, the remote IP has to be a local subnet. So I have now created a new rule to override the Incoming, ICMPv4 ALL on all interfaces and all profiles. The only thing that is confusing now, is the use of the term "Work Network" in the "Network and Sharing Center" in relation to the firewall system. i.e. if I click on a network name I can "Select Location". It is not clear how this label relates to the firewall system. I.e. I would like the option to either: Setup a unique firewall profile per interface, i.e. if I set one up that interface could be taken out of all the default profiles, [domain, public, private] and put into this new profile. or Have the windows firewall use the SAME terminology as the grouping as the "Select Location" aspect of "Networking and Sharing Center", so by default I'd have, Home, Work and Public.
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2010 7:30pm

Ok I know how to take out an interface from a firewall profile. But I do not know how to create a new bespoke profile and add in arbitrary interfaces. To remove an interface, open "Windows Firewall", select "Advanced Settings", then right click on the top node "Windows Firewall with Advanced Security on Local Computer". In the appropiate tab [Domain, Private, Public] check out the "Protected Network Connections". What I'd like to do is create my own new tab, i.e. a new bespoke profile. In relation to the network type when I opened the thread. Yes I have a "Local Area Connection" which is in the "Home Network", this is working just fine without issue. The interfaced I was having ping issues with was inside a VPN tunnel (which was connected and working, so long as the Win7 end initiated things). So its the VPN connection I'd like to attach a custom profile to, the VPN connection is setup as a "Work Network". I am still unsure what different the "Select Location" makes to the firewalling.
July 1st, 2010 1:53am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics