Windows/Powershell: Allow ICMP through the default Windows Advanced Firewall to allow for pinging

Created: 1/3/20

Updated: 11/15/20

We all do it, when we setup a new server and we are getting to the tail end of provisioning the server we get to pinging the named and it fails. So what do we do? – we disable the Windows firewall cause the latter being we have to manually enter in the ICMP Groper  settings to allow ping is well, in that moment, annoying. So we disable the Windows firewall and move on.

But as we all do Defense-in-depth and we embrace the idea of many layers of the IT security onion, we find that need to have the Windows firewall enabled.

So there has to be a better way!

Well, there is; there is the legacy netsh way and the new school way with Powershell. Below are steps on how to do this:

Netsh

#Display netsh-based firewall rules
netsh advfirewall firewall show rule name=all

#IPv4 netsh allow ping
netsh advfirewall firewall add rule name=”ICMP Allow incoming V4 echo request” protocol=icmpv4:8,any dir=in action=allow

#IPv6 allow ping
netsh advfirewall firewall add rule name=”ICMP Allow incoming V6 echo request” protocol=icmpv6:8,any dir=in action=allow

Powershell

# Enable ICMP Ping via PowerShell
Import-Module NetSecurity
If (Get-NetFirewallRule |Where{$_.Enabled -eq ‘False’ -and $_.DisplayName -like ‘File and Printer Sharing (Echo Request – ICMPv4-In)’})
{
Write-Warning “Firewall ICMP Rule is Disabled, Proceeding to Enable…”
}
else
{
Get-NetFirewallRule |Where{$_.Enabled -eq ‘False’ -and $_.DisplayName -like ‘File and Printer Sharing (Echo Request – ICMPv4-In)’} | Enable-NetFirewallRule
}
if (Get-NetFirewallRule |Where{$_.Enabled -eq ‘True’ -and $_.DisplayName -like ‘File and Printer Sharing (Echo Request – ICMPv4-In)’})
{
Write-Warning “Firewall ICMP Rule is Enabled…”
}
[ValidateSet(‘Yes’,’No’)]$FirewallRulesAfterChange = Read-Host “Do you want to see the Enabled ICMP Firewall Rules? – Please Enter Yes/No”
if ($FirewallRulesAfterChange -eq “Yes”) {Get-NetFirewallRule |Where{$_.DisplayName -like ‘File and Printer Sharing (Echo Request – ICMPv4-In)’} | Format-Table -Property Name,DisplayName,Direction,Action,Enabled -AutoSize}

Hopefully this helps someone along the way. I’m finding myself adding these commands to the increasingly complex powershell automation scripts; cause lets face it. I just want to automated a server install to the point that it’s all in a script and I do pretty much nothing. Come to think about it, the script will make me obsolete pretty soon. 😉

-Trevor