We have some windows xp machines in our dmz that run the zen 7 sp1
management agent (no novell client); they authenticate to our middle-tier
server located on our inside network. Each managed workstation appears to
be sending icmp packets to the middle-tier server at the rate of around
4,000/day. Since we deny icmp going from a lower security interface to a
higher security interface, these packets show up as denies in our logs.
My question are:

1) Can someone confirm that the ZFD management agent is in fact programmed
to ping the MT server?

2) If this is the case, then does pinging the MT server serve a critical
purpose? I.e., should we be allowing icmp from zen-managed workstation to
the MT server? The TID I read doesn't mention icmp (TID 10089388); then
again, this TID was for zen 6.5 and earlier.

Thanks in advance,