Symptom:

After applying the CyberArk In-Domain GPO for CPM and/or PVWA servers, these servers no longer respond to ping (ICMP)


Cause:

CyberArk's new GPO hardening disables ICMP to these servers out-of-the-box


Solution:
In order to allow ping to these servers, the following GPO policy needs to be update:

Computer Configuration > Administrative Templates > Network > Network Connection > Windows Firewall > Domain Profile > Windows Defender Firewall:Allow ICMP Exceptions

This policy would be disabled in the standard GPO. You need to enable it and mark only the setting of 'Allow Inbound Echo Request'