@mcjyrnn, we have found that the destination side doesn't really matter (as far as being allowed back, it is a solicited response at that point) as it is all based on the source User, Zone, IP. Something you are filtering on does not match what the rule is configured for. You can pull the rule from the CLI as well (I had to pull from Panorama as I push my rules). Panorama> set cli config-output-format set Panorama> configure Panorama# show device-group MY_FIREWALL pre-rulebase security rules Global_ICMP set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP profile-setting group MY_Strict_NO_URL set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP target negate no set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP to any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP from [ MY_ZONES ] set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP source any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP destination any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP source-user any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP category any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP application [ icmp ipv6-icmp ping traceroute ] set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP service application-default set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP hip-profiles any set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP action allow set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP rule-type universal set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP description "ICMP, Ping, Traceroute" set device-group MY_FIREWALL pre-rulebase security rules Global_ICMP log-setting MY_TRAFFIC_LOGS A test you could do is set both source and destination Users, Zones, IPs to ANY. Obviously this is not a long term fix but as a test it would let you know if ICMP in general is being caught by your rule. Brian
... View more