Thanks for your response. Just one question:
I'm actually trying to enable ping for the untrust interface so that the public side can be pinged on the internet. I'd preferably like to have an access list to only allow my monitoring application to receive ping replies from the firewall.
So for example public address x.x.x.x can be pinged from monitoring device y.y.y.y - but a random IP address on the internet, should receive no ping reply.
I hope I'm explaining it clearly, but let me know if you need any further clarification.
Thanks.