Configuring ICMP Settings in Windows Firewall
5/10/2007
Internet Control Message Protocol (ICMP) allows computers on a network to share error and status information.
In Windows Firewall, the ICMP settings are off by default. This means that no incoming or outgoing ICMP communications are allowed. This protects the device against attacks such as cascading ping floods. ICMP also can be used for network discovery and mapping.
Because of these risks, it is recommended that you keep these settings off, unless you need them enabled so that you can perform troubleshooting.
To configure ICMP settings
In Target Designer, open your .slx file.
In Configuration editor, click the Windows Firewall and Internet Connection Sharing component, and then click Settings.
Choose On (recommended) if it is not already selected.
Click the show link that is adjacent to ICMP Settings.
The following table shows the settings you can enable, if they are needed.
ICMO setting | Description |
---|---|
Allow incoming echo request |
Messages sent to this computer will be repeated back to the sender. This is commonly used for troubleshooting, for example, to ping a machine. |
Allow incoming timestamp request |
Data sent to this computer can be acknowledged with a confirmation message indicating the time that the data was received. |
Allow incoming mask request |
This computer will listen for and respond to requests for more information about the public network to which it is attached. |
Allow incoming router request |
This computer will respond to requests for information about the routes it recognizes. |
Allow outgoing destination unreachable |
Data sent over the Internet that fails to reach this computer due to an error will be discarded and acknowledged with a "destination unreachable" message explaining the failure. |
Allow outgoing source quench |
When this computer's ability to process incoming data cannot keep up with the rate of a transmission, data will be dropped and the sender will be asked to slow down. |
Allow outgoing parameter problem |
When this computer discards data it has received due to a problematic header, it will reply to the sender with a "bad header" error message. |
Allow outgoing time exceeded |
When this computer discards an incomplete data transmission because the entire transmission required more time than allowed, it will reply to the sender with a "time expired" message. |
Allow redirect |
Data sent from this computer will be rerouted if the default path changes. |
In Target Designer, open your .slx file.
In Configuration editor, click the Windows Firewall and Internet Connection Sharing component, and then click Settings.
Choose On (recommended) if it is not already selected.
Click the show link that is adjacent to ICMP Settings.
The following table shows the settings you can enable, if they are needed.
ICMO setting | Description |
---|---|
Allow incoming echo request |
Messages sent to this computer will be repeated back to the sender. This is commonly used for troubleshooting, for example, to ping a machine. |
Allow incoming timestamp request |
Data sent to this computer can be acknowledged with a confirmation message indicating the time that the data was received. |
Allow incoming mask request |
This computer will listen for and respond to requests for more information about the public network to which it is attached. |
Allow incoming router request |
This computer will respond to requests for information about the routes it recognizes. |
Allow outgoing destination unreachable |
Data sent over the Internet that fails to reach this computer due to an error will be discarded and acknowledged with a "destination unreachable" message explaining the failure. |
Allow outgoing source quench |
When this computer's ability to process incoming data cannot keep up with the rate of a transmission, data will be dropped and the sender will be asked to slow down. |
Allow outgoing parameter problem |
When this computer discards data it has received due to a problematic header, it will reply to the sender with a "bad header" error message. |
Allow outgoing time exceeded |
When this computer discards an incomplete data transmission because the entire transmission required more time than allowed, it will reply to the sender with a "time expired" message. |
Allow redirect |
Data sent from this computer will be rerouted if the default path changes. |
See Also
Tasks
Configuring Authorized Applications in Windows Firewall
Configuring Ports to Allow Services Through Windows Firewall