Hello,
I can’t block all traffic except ping…
qos enable
policy action ACCEPT disposition accept
policy action DENY disposition deny
policy condition C_ANY-ANY source ip any destination ip any
policy rule "DENY C_ANY-ANY" precedence 200 condition C_ANY-ANY action DENY
qos apply
→ all traffic is blocked : OK
policy condition C_PING icmptype 8
policy rule "ACCEPT C_PING" precedence 1000 condition C_PING action ACCEPT
qos apply
→ no response to ping while the icmp echo request is allowed with higher priority ! why ??? I don’t understand the logic… 
Thank you in advance for your help. 
Your rules seem correct…
Can you do a little test? if you delete the DENY C_ANY-ANY rule, are you able to ping then?
hi,
no policy rule "DENY C_ANY-ANY"
qos apply
yes the ping echo request respond 
I found the solution ! 
in fact it was obvious… the switch lets the ping echo request (icmptype 8) pass but not the responses (icmptype 0)!
It’s OK with :
policy condition C_PING-ECHOREQUEST icmptype 8
policy condition C_PING-ECHOREPLY icmptype 0
policy rule "ACCEPT C_PING-ECHOREQUEST" precedence 1000 condition C_PING-ECHOREQUEST action ACCEPT
policy rule "ACCEPT C_PING-ECHOREPLY" precedence 1000 condition C_PING-ECHOREPLY action ACCEPT
qos apply
or :
policy condition C_ICMP ip-protocol 1
policy rule "ACCEPT C_ICMP" precedence 2000 condition C_ICMP action ACCEPT
qos apply
.
.
on the other hand with my tests, I realize that it does not work with the switch! because it does not respond to ARP requests! 
how to do ?
solution : ethertype 0x806
example :
policy condition C_ARP ethertype 0x806
policy rule "ACCEPT_ARP" precedence 1000 condition C_ARP action ACCEPT
qos apply
then the ideal would be to add source criteria (network group or vlan id)… 
