Windows Firewall: Allow ICMP exceptions

Defines the set of Internet Control Message Protocol (ICMP) message types that Windows Firewall allows. Utilities can use ICMP messages to determine the status of other computers. For example, Ping uses the echo request message. If you do not enable the "Allow inbound echo request" message type, Windows Firewall blocks echo request messages sent by Ping running on other computers, but it does not block outbound echo request messages sent by Ping running on this computer.

If you enable this policy setting, you must specify which ICMP message types Windows Firewall allows this computer to send or receive.

If you disable this policy setting, Windows Firewall blocks all the listed incoming and outgoing ICMP message types. As a result, utilities that use the blocked ICMP messages will not be able to send those messages to or from this computer. If you enable this policy setting and allow certain message types, then later disable this policy setting, Windows Firewall deletes the list of message types that you had enabled.

If you do not configure this policy setting, Windows Firewall behaves as if you had disabled it.

Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound echo requests, even if the "Windows Firewall: Allow ICMP exceptions" policy setting would block them. Policy settings that can open TCP port 445 include "Windows Firewall: Allow file and printer sharing exception," "Windows Firewall: Allow remote administration exception," and "Windows Firewall: Define inbound port exceptions."

Note: Other Windows Firewall policy settings affect only incoming messages, but several of the options of the "Windows Firewall: Allow ICMP exceptions" policy setting affect outgoing communication.

Supported on: At least Windows XP Professional with SP2
Allow outbound destination unreachable
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowOutboundDestinationUnreachable
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow outbound source quench
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowOutboundSourceQuench
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow redirect
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowRedirect
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow inbound echo request
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowInboundEchoRequest
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow inbound router request
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowInboundRouterRequest
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow outbound time exceeded
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowOutboundTimeExceeded
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow outbound parameter problem
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowOutboundParameterProblem
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow inbound timestamp request
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowInboundTimestampRequest
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow inbound mask request
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowInboundMaskRequest
Value TypeREG_DWORD
Default Value0
True Value1
False Value0
Allow outbound packet too big
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings
Value NameAllowOutboundPacketTooBig
Value TypeREG_DWORD
Default Value0
True Value1
False Value0

windowsfirewall.admx

Administrative Templates (Computers)

Administrative Templates (Users)