The Versatile Routing Platform (VRP) generates routes to multiple virtual firewalls, each of which has a route between the interface IP address and the firewall. Because these routes are identified by virtual firewalls, you cannot query root routes on vrf1 or configure routes to the firewall itself (that is, the next hop of the route is 127.0.0.1).
When you ping 220.127.116.11 from 192.168.1.1, you can find the outbound interface and next-hop address based on the configured route. 192.168.1.1 can ping 18.104.22.168 because the device at IP address 22.214.171.124 exists. When the firewall ping 126.96.36.199 from 192.168.1.1, you can find vrf1 route that is identical with the previous one. Therefore, the firewall sends ARP packets based on the outbound interface and next-hop address; however, no other device at 188.8.131.52 is available. Therefore, 192.168.1.1 cannot ping through 184.108.40.206.
To ping the interface at 220.127.116.11 from 192.168.1.1, add one route (destination IP address 18.104.22.168 and next-hop address 127.0.0.1) to vfw1; however, the next-hop address of the route cannot be set to 127.0.0.1. Therefore, vfw1 cannot generate routes to the interface IP addresses of other virtual firewalls or root firewall.