Out of curiosity, what is the difference between ping-ing internal IP and external IP? At first, I thought the firewall rule (allow icmp on ingress) will allow us to ping both internal and external IPs but when I tried it out it didn’t work. Could you please shed some light on this? Thanks!
The following goes through ICMP pinging and troubleshooting: https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/tutorials/tutorial-troubleshooting-workflow
In my understanding if you would use service accounts as part of the rule – those will enable internal IPs to be in a state to allow icmp connection, but that won’t apply to external IPs and one will need to configure a rule that is not connected with service acc to enable external IP pinging eachother.