Another unexpected Zone Protection Profile doing it’s thing – in this case sending a ping from an end-user device (such as Windows/macOS computer) to an IP interface (gateway) on a Palo Alto Networks Next Generation Firewall was coming back with a response, but requests from HPE ProCurve (Aruba) switches (2920/2530) appeared to disappear into oblivion with no response.
A little digging and disabling the ICMP Ping ID 0 check in ICMP Drop Packet Based Attack Protection sorted it.
