At some point a few months back it seems that a firmware upgrade added logic that required a successful ping (icmp echo request and reply) with the gateway itself as the destination in order to function. All the cameras at our offices failed until we allowed ping to the gateway. No other device or software had required this in the 15+ years that I’ve been involved with our firewall. It would have been better to (a) not add this odd requirement, and (b) notify users if for some reason it is truly essential. Note that I am not referring to LAN->WAN pings, but rather LAN->gateway pings.
Note that the firewall port chart you’ve posted (see link below) does not include this ping/icmp requirement. Also, it isn’t entirely clear from this chart as to what is required in different scenarios, such as what cases require “TCP:10002 LAN firmware upgrade”.