All LAN Echo requests blocked

Hi

I have a network of 1 Windows 7 x64 PC with CIS 4, various VMware PC systems hosted on the Windows 7 PC, all with CIS 3 and 1 ‘real’ Windows XP x32 PC with CIS 3.

With the CIS 4 Firewall Disabled, I can ping between any of the machines.

With the CIS 4 Firewall in Safe Mode

  • I can ping between any of the CIS 3 equipped PCs, real and virtual.

  • I can ping from the CIS 4 PC to any CIS 3 PC.

  • I cannot ping from any CIS 3 PC to the CIS 4 PC.

All three networks, real and virtual are in My Network Zones and the Global Rules include ‘Allow All Incoming Requests If The Sender Is In [Local Area Network #n]’

Have I missed another setting somewhere?

Thanks for any help.

Richard

Hi Richard,

Can you check the v4.0.x host and verify if the Firewall’s application rules still has a rule for “All Applications” ? allow all outgoing, block all other?
If so this rule is probably blocking stuff, did you verify the firewall’s log to see if it drops ICMP possibly to Windows Operating System?

And an other question, are you running bridged or nat mode on the VMs?

Thanks for getting back Ronny

Yes, and not sure…
“All Applications
Allow All Outgoing Requests
Block and Log All Unmatching Requests”

“Firewall Events
Application: Windows Operating System
Action: Blocked
Protocol: ICMP
Source IP: 192.168.1.6
Source Port: Type(eight)
Destination IP: 192.168.1.3
Destination Port: Code(0)
Date: 3/17/2010 11:07:37 PM”

Bridged

Thanks again Ronny

Richard

Thought so, you can fix this in two ways

Add ICMP rule between the previous rules

“All Applications
Allow All Outgoing Requests
Allow ICMP IN ANY ANY Echo-Request
Block and Log All Unmatching Requests”

This will fix the issue.

You can also add “Windows Operating System” to your rules an add the ICMP rule below it, that should also fix the problem.
Windows Operating System can be selected from the running process list.

Thanks Ronny - exactly what was needed. I ended up specifying the rule for each of the three Network Zones in preference to allowing echo requests from outside. It not only enables pinging, but also (as I had hoped) has re-activated access to resources on the local network that had been blocked.

Cheers

Richard

Hello to everyone! I have a Linksys WRT160NL router,and I cant acces the network map in order to see the router and other PCs connected.I’ve added the rule to allow ICMP In Any Any Echo Request,but the Windows 7 says that the responses from the devices are delayed or there is an incompatible router. I use the router in NAT mode. Someone want to help me? Thanks and have a great day! I forgot to mention that the router appears in Network at Network Infrastructure.

That may be a Win 7 issue. When I disable CIS it still won’t show the map.

Thank you for the answer. I think you’re right. I can’t acces it with CIS disabled.

Hello,me again. I discovered that the network map is working when i disable Comodo Internet security firewall driver from the LAN adapter,when I turn it back on,doesn’t work. Is there a solution? Than you.

You can file a bug report in Bug Report - CIS. Please follow these guidelines on how to submit a bug report. It is important to follow them because it helps the devs with reproducing, testing and fixing it.

Thanks for your cooperation.

Thank you for helping me. I’ve reported it. Have a wonderful day!