I assume you get those pings on the ISP-facing side of the firewall – right?
Private IPs are not routable, but any ISP has a LAN, where your external firewall interface is connected. Some hosts on this LAN could have private IPs, or have both private and public IPs raised on a single physical card, etc., etc.
I’ll not discuss the accordance of such practices to the standards, but this happens every now and then. So if these offending pings are blocked on the firewall and their quantity couldn’t be qualified as DoS attack I wouldn’t pay much attention to them