Is there anything else upstream, perhaps an ISP modem/router/gateway that might be blocking the ping? I can in general do an nslookup on the dynamic-m DNS names of my MX appliances and see the correct IP returned that matches the public IP address of the MX, and I can ping both that IP and the DNS name. Perhaps something else upstream is blocking the ICMP packets.
You can run an ICMP packet capture on the outside interface of the MX, go to Network Wide > Packet Capture to set that up, select the MX appliance, select the "Internet" interface, and in the filter expression box, type "icmp" and click start. See if the pings (from outside your network) are even coming into the MX's outside interface in the first place, and let's go from there. If they are not, something is blocking ping from coming into the MX from the ISP side, and if the pings are coming in, and you also see the MX responding, then something is blocking the responses.
Aside from pings, is the rest normal, do you have a site-to-site VPN up and operational? And if so, you can ping one MX LAN interface from the other MX LAN interface?
