ShieldsUP - Test Firewall failed


Today I tested my Internet connection using the tests available on the site (ShieldsUp).
I was surprised that the test “common port” failed for the following reason :“Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet.”

On the other side, I noticed also that my Firewall Event logs is empty …

CIS is configure with “Proactive security”

Can somebody give me an explanation about that … Do I have to change my configuration ?



Hey Pieteke :slight_smile:

Have you made sure that your ports are stealth otherwise go to CIS → Firewall → Stealth Wizard

Make also sure that your router isn’t the cause of the fail.

Valentin N

Hey Valentin,

All my ports are stealth.
How can I known that my router is (not) the cause of the fail ?
I’m using a wireless modem Eurodocsis 3.0.


do you know the ip address of your router? if you do type it in your browser

if you can’t find your way then I will give you a hand.

Valentin N

The LAN IP address is (is it the router address ?)

If I type it in my browser, I receive a message saying “Internet explorer can not display this webpage” (free translation because my browser is not in english).
The ping is working.
I can configure my modem using an internet url of my provider.


Find the router address on the vendor’s website or bing (I hate google) it.
Routers usually produce similar results to the results you described. I really wish they would make dropping ping requests a default, as far as I know, you would never have the need to have someone ping your IP. should be it but if that doesn’t work you will need to use the url provided by the product.

I am sorry for the late response; I was eating.

Valentin N

I used the url provide by the provider but everything seems ok …

have you redone the test?

Valentin N

Oups, today I did the test again and the results are worst :'(:

Solicited TCP Packets: RECEIVED (FAILED)
Unsolicited Packets: PASSED

I checked again that my ports are stealth via CIS → Firewall → Stealth Wizard → Blocking all incoming connections and make my ports stealth for everyone.

I did again the test. The result was the same …

I don’t understand anymore. yesterday all my ports were stealth in the tests, only the ping test failed.
Today, some of my ports are not stealth. ???


I think I will need to see your firewall rules and I would also like to know if your router’s ports are stealth.

Valentin N

Hi Valentin,
What do you want to have as info ?

Unless you have a DMZ set up on your router, the GRC test is always going to be probing your router, not your software firewall.

To set up a DMZ you’ll need to refer to your routers documentation. Although I don’t really see the point of setting up a DMZ just for a ports probing test…

!ot! what is DMZ?

DMZ (computing) - Wikipedia, the free encyclopedia

You are basically exposing your computer directly to the internet instead of having your router (And possibly NAT) acting as a buffer.

I had the same thing happen here. I verified that my router had all ports stealthed but still had several ports listed as visible but closed. I tried setting the router to the DMZ mode and 4 less ports showed up as closed even though Comodo was already set in stealth mode. I changed my router back to NAT mode and reset it and the all ports then showed up as stealthed.

outside the router , i can pass the test only with the rules block all incoming connection (global rules wizard)

weird the other 2 options , doesn’t let my to pass the shieldsup tests

go to stealth wizard guide and choose the last option with block all incoming connect …

tell me if this helps?

Valentin N

but i want to use utorrent i should open a door :frowning:

then you need to add the wanted port to global rules.

I will show how to add port in firewall with example so don’t add that port!


To open the port TCP 1723 for example

First step is to determine the MAC or Physical address of you network connector. Go to Start → Run → cmd → enter → a black box will show up and enter the following → ipconfig /all (notice the space before /all) → enter → now look up the Physical address and write it down.

Notice that Physical address = MAC address

Firewall → Network Security policy → Global Rules → Add → fill in the following:
Action: Allow
Protocol: TCP
Direction: In
Description: Incoming Port

Source address: Any
Destination Address: Choose MAC address and fill in the found MAC/Physical address
Source Port: Any
Destination Port: 1723

Then push Apply → Now make sure that the new rule is somewhere above the basic block rule(s) as the bottom (the block rules have red icons); you can drag and drop the rules → Ok