[CyberArk] [PAS] Cannot ping CPM/PVWA servers after applying CyberArk's GPO hardening

Modified on Mon, 6 Aug, 2018 at 1:23 PM

Symptom:

After applying the CyberArk In-Domain GPO for CPM and/or PVWA servers, these servers no longer respond to ping (ICMP)


Cause:

CyberArk's new GPO hardening disables ICMP to these servers out-of-the-box


Solution:
In order to allow ping to these servers, the following GPO policy needs to be update:

Computer Configuration > Administrative Templates > Network > Network Connection > Windows Firewall > Domain Profile > Windows Defender Firewall:Allow ICMP Exceptions

This policy would be disabled in the standard GPO. You need to enable it and mark only the setting of 'Allow Inbound Echo Request'


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article