From one of the PIX firewall's tech notes, it was mentioned that by default,
a ping initiated from a host on a PIX interface's network segment
destined for a far side (or other interface) of the PIX is not allowed. There's
also no way of enabling this. However, is it normal that the same host can ping
the failover IP address assigned for a far side interface?
For instance:
PIX-Active(Outside) = 192.168.1.1
PIX-Active(Inside) =10.1.1.1
PIX-Active(DMZ) = 172.16.1.1
failover ip address outside 192.168.1.2
failover ip address inside 10.1.1.2
failover ip address dmz 172.16.1.2
A host residing on the inside network can ping 192.168.1.2.
Any input is greatly appreciated. Thanks.