After Allowing ICMP, Ping is Still Denied
After creating a rule to allow ICMP, attempting to ping hosts is still denied.
ICMP type 8 messages (ping) are a unique and commonly-used "application" which uses ICMP, so it is defined as a separate application.
To allow ping using a security rule, select "ping" as the application type. Allowing ICMP only will not allow ping. The ping application is not dependent on ICMP being allowed to work correctly.
Note: Since traceroute uses ping, allowing the ping application will also allow traceroute as well.