2 Answers
The following goes through ICMP pinging and troubleshooting: https://cloud.google.com/network-intelligence-center/docs/connectivity-tests/tutorials/tutorial-troubleshooting-workflow
In my understanding if you would use service accounts as part of the rule – those will enable internal IPs to be in a state to allow icmp connection, but that won’t apply to external IPs and one will need to configure a rule that is not connected with service acc to enable external IP pinging eachother.