• Unable to browse the Applications.
• Firewall rule configured at the T1.
• Inbound reply packets were visible on the T0 but not observed on the T1, preventing the endpoint from receiving responses.
• By default, firewall rules are created with IN/OUT direction. However, the direction can be customized to allow traffic in only one direction

Example : -

VMware NSX

VMware vDefend Firewall

By default, NSX Gateway Firewall rules are created with IN/OUT direction.

If the firewall rule is configured with only the OUT direction for ICMP, the inbound ICMP reply packets will be dropped, which is the expected behavior.

• Review the Gateway Firewall rule configuration.
• Confirm that the rule ID handling ICMP or general outbound communication is set with Direction: IN/OUT.
• Update the rule direction if it is set to OUT only.
• Refer to Troubleshooting Gateway Firewall for additional details on rule behavior and packet flow.

Always verify both forward and reverse traffic when troubleshooting connectivity issues.