[Comodo 5.0] How to allow Ping request??


By default, Comodo blocks any ping request.
Is there a way to allow ping because I have some tests to do and I have to make some ping from my PC…


Sure :slight_smile: But this is no bug.

  1. You need to allow the ping on the machine you want to ping, not the machine you want to ping from
  2. Go to Firewall → Network Security Policy → Global Rules

Now you have two options:
Either add an allow rule for the machine you want to ping from (or your entire home network) ON TOP:
Action: Allow
Protocol: ICMP
Direction: In
Source: Your machine you want to ping from, or your home network
Destination: The machine you want to ping

2nd option: Turn the existing block action for “ECHO REQUEST” into an allow action.
This allows all machines to request an answer to a ping.

Note, that this will allow only the request if all is fine. It’s probably better to allow all ICMP messages (in/out) between your machine and the machine you want to ping.

Well… thank you for your reply.
But It’s what I’ve done. And Ping from my PC to outdoor are blocked.

Is the Windows firewall also active on the target system?
CIS doesn’t disable it at installation, you have to deactivate it manually.
The Windows firewall blocks ICMP echo requests also by default.

I’m in a similar situation on a wireless internetwork where I’m getting intermittent ping time-outs to the default geteway on a normally low-latency connection.

My wireless ISP wants me to enable icmp echo so he can ping my pc from his device".

I understand options 1 & 2 above.

What about a 3rd option:

  • Create an Application rule to allow ICMP; direction - in

If this is an Ok option, my question is for which application?
ie. File Group - Executables, All Applications, Windows System Applications or… ?

OR - is this over complicating things, so better just stick with the global options 1 & 2?

AND - if ‘Log as a firewall event is enabled’, will the log show both incoming echo request and reply events?

  • I’m still using CFP v3!


If you need the ping for network diagnostics, I’d recommend to allow all ICMP traffic and not only the ICMP ECHO requests. Blocking answers like “PROTOCOL UNREACHABLE” may also lead to problems while investigating the problem.

You can’t do this with an application rule, since there is no specific application, listening for an ECHO REQUEST and sending the ECHO REPLY. You need to stick with global rules. Also in first place global rules are enforced. So if something gets blocked here, you won’t get the chance to allow it per application. It’s simply not possible.

The log will show only events you selected to log. So if you enable the log for incoming echo requests, only these will be logged. If you create a rule allowing all in/out ICMP traffic and select to log it, all ICMP traffic will be logged.

BigMike - Good answer :slight_smile: thanks.

Hy guys,

I have the same problem. I am unable to ping google or any pc in my Network.
I added some pictures including my comodo configurations.
If I disable the firewall completely, the ping work.

Has it anything to do with my “Network-zones”?

I also added the event log. I do not understand what the meaning of all these “Windows Operation System” are. is the ip of my router, .81 is my pc. It seems some Router packages are getting permanently blocked by the firewall.

I have Version 5.0.1, and currently I have no single Application Rule defined.

Would be great if someone have an advice for me.


  1. You should be able to ping google if you allow ping.exe to send an ICMP request

  2. Your definition of your home zone is probably wrong - you probably meant the range - and not the subnet
    But more probably your home network consists of the address range -, which would be
    Correcting this would suffice to be able to ping your computer inside your network.

  3. You need to place the Allow ICMP in/out rule on top of the block rules, not below to have it work correctly. Rules are applied top to bottom. If there’s a block rule first, the allow rule has no effect. This will allow pinging your machine from outside your network.

Thank you very much BigMike!

Adding the ping.exe to my rules and moving the correct global rule to the top did it for me :slight_smile:
I also changed the points regarding my “home” zone.

I really appreciate your support!

The only thing left are strange “Windows operation system” events logged in the “Firewall Events”.
It is not a big deal, I just wonder what packages are being blocked here.
Do u have any idea?

Thank you!

Sure :slight_smile: That’s the parental control feature of your FritzBox trying to connect to your machine.

To disable these requests, you must disable this feature in your FritzBox - search for a manual, since this is model dependent.

But they won’t appear in your log anymore, because after reconfiguring your homezone, all traffic between your FritzBox and your machine is allowed.

The “Windows Operating System” name appears everytime, CIS can’t determine the associated application. In this case, because no application is listening on your machine on port 14013. There’s an application for the parental control feature, that needs to be installed and will probably listen on port 14013. But I never used it…

Everything works like a charm now, u were correct about the parental control function :-TU

Thank you very much