Step 1:
Create new addresses or addresses group. (In this example is Trusted PING)
Step 2:
Configure local-in-policy
Edit 1 is to allow ping only for specific IP in addresses group.
Edit 2 is to deny all IP addresses.
From CLI
# config firewall local-in-policy
# edit 1
# set intf "wan1"
# set srcaddr "Trusted PING"
# set dstaddr "all"
# set action "accept"
# set service "ALL_ICMP"
# set schedule "always"
# next
# edit 2
# set intf "wan1"
# set srcaddr "all"
# set dstaddr "all"
# set service "ALL_ICMP"
# set schedule "always"
# next
# end
SAMPLE:
