ARCHIVED: In Windows XP, how do I configure the firewall to allow UISO vulnerability scanning?

Built-in firewalls

If you have enabled the Windows XP Internet Connection Firewall (ICF) or the Windows Firewall (installed and enabled with Windows XP Service Pack 2), you will experience difficulties when you try to use the University Information Security Office (UISO) external system scanner. This is because the scanner depends on the ability to ping the workstation it's trying to scan, and the ICF and the Windows Firewall block ping.

To enable ping and allow UISO system scans, follow the instructions in In Windows, how do I configure the firewall to allow pings?

Third-party firewalls

If you use a third-party firewall program or appliance, refer to the UISO scanner FAQ.

Because each third-party firewall is uniquely configured, it is impossible to cover all possible ways of enabling ping on all possible firewalls. However, you can use the following information to determine how to configure your firewall:

• Many firewalls can exempt certain IP addresses or ranges from being blocked. Find the IP ranges for UISO scanners in the scanner FAQ linked above.
  
  
• Some firewalls exempt certain protocols or services. In those cases, you must enable ping. Some firewalls call the setting "ping", or "Incoming ping". Others refer to it by its technical name, "ICMP Echo Reply". Either way, allow this protocol.
  
  
• Many firewalls also offer options to allow certain ports to communicate (do not confuse networking TCP ports with the physical serial, parallel, USB, or Ethernet ports). Don't bother configuring those settings for the UISO scanner; only "ping" (ICMP_Echo_Reply) must be enabled, and that doesn't use ports. You may want to allow or deny certain ports for other reasons, but there's little need to do so for the UISO scanner.

Comments/Questions/Corrections