Trouble with DNS host entries.

I've been whacking away at this for more time than I care to admit, but I just can't seem to get it to work.  My overall problem is with the device certificate and making it work across my various devices so I can turn on HTTPS scanning.

I have an XG firewall working on a small non-domain network.  The firewall is named "fw" and is addressed at 172.20.1.1.  Firewall DNS configuration is configured to look for resolution via CloudFlair DNS servers (1.1.1.1 & 1.0.0.1), and my local devices point the firewall (172.20.1.1) for their DNS resolution.  I also have a DNS host entry for fw which points to 172.20.1.1.  NSLookup of fw correctly returns IP for fw both from the diagnostic menu on the firewall and from a command prompt on one of the client workstations.  Public website host resolution works perfectly.

My issue is that no matter how I configure it, I cannot ping the host name of the firewall from another device.  IP yes, host name, no.  The zone is configured to allow PING and DNS.  What could I possibly be missing?