I think the key piece of information we need here is the direction of the ping request. Where are you trying to ping from and what is it you are trying to ping?
Is it outbound (internal -> external or internal -> DMZ) or is it inbound (DMZ -> Internal)?
In the 10+ years I have been working with this Firewall I have encounted very few situtaitons where the ping proxy hasn't done exactly as intended. In fact I don't think thay I've ever had to resort to using either of the other two methods.
If you are trying to ping from an external (untrusted or internet) source on a public IP address and the destination is a host sitting inside the Firewall's external boundary and is using a private address (requiring a redirect address to be used in the rule) then I doubt that will ever work at all. It certainly never has for me. You cant ping inbound from an external (or possibly) DMZ source to an internal host unless the addresses on each side are routeable.
The colours in the log files do give you a hint as to what is going on. While there are many different audit record types (and I'd suggest that the Admin Guide is the best place to look for a more detailed description) I generally look out for any one of the following:-
- ACL Allow
- ACL Deny
- Protocol Violation
You'll generally find the ACL Allow and Nettraffic records will appear in green or blue and these indicate positive actions on the Firewall (ACL Allow - a packet has triggered a rule with an "allow" action. Nettraffic - normally what you'll see as a result of an ACL Allow).
ACL Deny & Protocol Violation will generally present themselves in orange/amber and/or red and are normally fairly easy to spot (if most of your traffic is being allowed, of course!) in between the green and blue entries.
ACL Deny's, hopefully, speak for themselves. This is where a rule has been triggered with an explicit "Deny" action or where a connection has fallen all the way through the rule set and has hit "Deny All". Protocol Violations generally appear when a connection has been initially permitted, but the Firewall has inspected the packets and discovered that the connection does not conform to the protocol standard. This is generally associated with the protocols for which you will find explicit Application Defense categories (HTTP, FTP, STMP, etc...). Create a rule to allow the "http" service and then try to pass another protocol through on TCP port 80 - this will generate a protocol violation.
If you see ACL Deny or Protocol Violation entries in the audit viewer window you can double click on them to get a detailed view of the audit record in question. This will contain details such as source, destination and protocol. But, it should also contain the name of the ACL (rule) which is behind the decision and also a more verbose reason field trying to explain why this situation has occurred.
Hope this helps.
The ping proxy passes ping (icmp echo/reply).
The ICMP packet filter passes ping (echo), info, and timestamp ICMP types (depending on what you select).
The 'other protocol packet filter' 1-icmp passes all ICMP types.