Enable ICMP Internally - Or I'll Find You...
When designing internal firewalls and filtering policies PLEASE stop
and think about ICMP Echo Request and ICMP Echo Reply (the ICMP types
ping). If you turn these off you’re not really
gaining any real security (especially on your internal network, and to
be honest you want to think long and hard about what turning it off on
the external facing machines gets you) and you’re making life much
harder than it needs to be in the long run.
Network diagnostics and host discovery are two simple, and quite common, tasks that become a hell of a lot harder to do, and consume more time and resources, if you turn ICMP off. And it annoys the hell out of new staff as they try and learn about your networks, it also irks people you ask to do you a “quick favour”.