Can someone please let me know what rules I would need on my bm3.7sp2
firewall (fs-firewall) to allow my bm3.8sp1a ICP server to do http.

FS-FIREWALL is just running packet filtering and reverse proxy.
FS-ICP is just running proxy services.

FS-FIREWALL has 3 NIC's, one to public, one private and one to dmz.
FS-ICP is on the DMZ

Do i just have to put an http and https stateful filter on FS-FIREWALL for
the IP of FS-ICP, or is there something else I need to do ?

I tried this and it didn't work until I allowed all traffic from public to
IP of FS-ICP and the other way around which I don't like as it is too open.