How do I configure the Windows XP Firewall to allow ICMP traffic?

Windows XP Firewall Configuration

SP2 Firewall Notes
Configuring Windows XP SP2 Firewall
SP1 Firewall Notes and Configuration

SP2 Firewall Notes:

The new Service Pack offers significant security enhancements to Windows XP, but there needs to be some configuration done to allow specific ICMP traffic through the firewall. This ICMP traffic allows OIS to provide system and network troubleshooting. By default, the firewall in SP2 blocks all ICMP traffic.

The list below outlines the traffic that needs to be allowed.

Purpose of ICMP Packet
  • Allow incoming echo request
  • Allow incoming timestamp request
  • Allow incoming mask request
  • Allow incoming router request
  • Allow outgoing destination unreachable
  • Allow outgoing source quench
  • Allow outgoing parameter problem
  • Allow outgoing time exceeded
  • Allow redirect
  • Allow outgoing packet too big


Configuring Windows XP SP2 Firewall:

We have created a file that opens these ports on the Windows XP SP2 firewall. Just download this file and double click on it to run. Right click on icf.exe link below and choose Save Image As (if your using Mozilla or Netscape) or Save Target As (if your using Internet Explorer) from the menu.


To verify that the ports have been opened, go to Control Panel->Windows Firewall.


Next, click on the advanced tab and select the ICMP settings button to view the list of ICMP packet types that are allowed.


Every item in the list should be checked.


Back to Top

SP 1 Firewall Notes:

Windows XP Service Pack 1 also needs it's ICMP settings configured. To get to these settings go to Control Panel, open the Network Connections applet and then open the Local Area Network Connections property page. Choose the Advanced tab and make sure the check box is checked. Then click on the settings button to get to the firewall configuration.



Select the ICMP tab and make sure all the check boxes are checked.


Back to Top