The Versatile Routing Platform (VRP) generates routes to multiple virtual firewalls, each of which has a route between the interface IP address and the firewall. Because these routes are identified by virtual firewalls, you cannot query root routes on vrf1 or configure routes to the firewall itself (that is, the next hop of the route is 127.0.0.1).
When you ping 18.104.22.168 from 192.168.1.1, you can find the outbound interface and next-hop address based on the configured route. 192.168.1.1 can ping 22.214.171.124 because the device at IP address 126.96.36.199 exists. When the firewall ping 188.8.131.52 from 192.168.1.1, you can find vrf1 route that is identical with the previous one. Therefore, the firewall sends ARP packets based on the outbound interface and next-hop address; however, no other device at 184.108.40.206 is available. Therefore, 192.168.1.1 cannot ping through 220.127.116.11.
To ping the interface at 18.104.22.168 from 192.168.1.1, add one route (destination IP address 22.214.171.124 and next-hop address 127.0.0.1) to vfw1; however, the next-hop address of the route cannot be set to 127.0.0.1. Therefore, vfw1 cannot generate routes to the interface IP addresses of other virtual firewalls or root firewall.