ouch, posted in wrong forum.

I have tried using the platform settings ICMP options to let windows traceroute out to the internet, failed.

Another fp admin shared me these rules below. They work, but what else do I need to do to make them secure? These are the absolute bare minimum ports that allow windows to traceroute out to the internet.

rule01: inside to outside allowing only these ports:

icmp-eq-req
icmp-time exceeded
icmp-unreachable
udp-traceroute udp-33434-33464

rule02: outside to inside allowing only these ports:
icmp-eq-req
icmp-time exceeded
icmp-unreachable
udp-traceroute udp-33434-33464
any suggestions?