Configuring ICMP Settings in Windows Firewall

Internet Control Message Protocol (ICMP) allows computers on a network to share error and status information.

In Windows Firewall, the ICMP settings are off by default. This means that no incoming or outgoing ICMP communications are allowed. This protects the device against attacks such as cascading ping floods. ICMP also can be used for network discovery and mapping.

Because of these risks, it is recommended that you keep these settings off, unless you need them enabled so that you can perform troubleshooting.

To configure ICMP settings

  1. In Target Designer, open your .slx file.
  2. In Configuration editor, click the Windows Firewall and Internet Connection Sharing component, and then click Settings.
  3. Choose On (recommended) if it is not already selected.
  4. Click the show link that is adjacent to ICMP Settings.
  5. The following table shows the settings you can enable, if they are needed.
    ICMP settingDescription
    Allow incoming echo requestMessages sent to this computer will be repeated back to the sender. This is commonly used for troubleshooting, for example, to ping a machine.
    Allow incoming timestamp requestData sent to this computer can be acknowledged with a confirmation message indicating the time that the data was received.
    Allow incoming mask requestThis computer will listen for and respond to requests for more information about the public network to which it is attached.
    Allow incoming router requestThis computer will respond to requests for information about the routes it recognizes.
    Allow outgoing destination unreachableData sent over the Internet that fails to reach this computer due to an error will be discarded and acknowledged with a "destination unreachable" message explaining the failure.
    Allow outgoing source quenchWhen this computer's ability to process incoming data cannot keep up with the rate of a transmission, data will be dropped and the sender will be asked to slow down.
    Allow outgoing parameter problemWhen this computer discards data it has received due to a problematic header, it will reply to the sender with a "bad header" error message.
    Allow outgoing time exceededWhen this computer discards an incomplete data transmission because the entire transmission required more time than allowed, it will reply to the sender with a "time expired" message.
    Allow redirectData sent from this computer will be rerouted if the default path changes.

See Also

How to Configure Windows Firewall On a Run-Time Image | Configuring Authorized Applications in Windows Firewall | Configuring Ports to Allow Services Through Windows Firewall

© 2006 Microsoft Corporation. All rights reserved.