Long live Ping!
For many years we have relied on Ping as a quick and easy measure of a server being ‘alive’ or not.
I have been stating in the TechNet forums since the release of Server 2008 that we have to get off the Ping train. It is no longer a real measure. We cannot expect it to be open and on.
Just today, I am installing a new test environment with Server 2008 R2 (all Enterprise edition, all built from scratch, all domain joined).
I began installing my applications, all fine, until I try to connect to my SQL database server (it is a VM of course). What is the problem? I had added a Firewall rule.
Without even thinking, I pull out Ping. hmm.. no response. <All machines are domain joined, I expect the domain firewall rule to let me ping…>
hmm.. again, no response. I check the domain controller, I check DNS, I run out of ideas. So I go into the firewall rules. One by one I disable to firewall while I have Ping running (just to make sure that my traffic is being detected as Domain traffic).
I began with Public, then Private, then Domain. Well, yep, the traffic is being correctly detected as Domain traffic and Ping is blocked by default!
Just goes to show you that as an operating system gets secured tighter and tighter, that some quick and easy tools fade into the background. If you want Ping then set a GP firewall exclusion for Ping, or simply move on to using something different…and focus on the fact that Windows Firewall actually works really well.
1 comment:
I was challenged by the local IT guy in my office to come up with a good alternative.
Frankly, I can't think of one beyond going to the console of the server.
To allow any other mechanism involves making firewall holes. And as soon as you make holes, you make routes for badness.
Also, I have mentioned Server Core in the past - it does not respond to Ping even if the Firewall is off. Now, that is tight.
Post a Comment