Test a security policy rule:
test security-policy-match application twitter-posting source-user cordero\kcordero destination 98.2.144.22 destination-port 80 source 10.200.11.23 protocol 6
Test an Authentication policy rule:
test authentication-policy-match from trust to untrust source 192.168.10.10 destination 98.2.144.22
Test a Decryption policy rule:
test decryption-policy-match category financial-services from trust source 10.200.11.23 destination 98.2.144.22
Protocol Options:
When it comes to the protocol #, you have several options to choose from like:
TCP = 6
UDP = 17
ICMP = 1
ESP = 50
Below is a full list of options you can use.
| Decimal | Keyword | Protocol | IPv6 Extension Header | Reference |
| 0 | HOPOPT | IPv6 Hop-by-Hop Option | Y | [RFC8200] |
| 1 | ICMP | Internet Control Message | [RFC792] | |
| 2 | IGMP | Internet Group Management | [RFC1112] | |
| 3 | GGP | Gateway-to-Gateway | [RFC823] | |
| 4 | IPv4 | IPv4 encapsulation | [RFC2003] | |
| 5 | ST | Stream | [RFC1190][RFC1819] | |
| 6 | TCP | Transmission Control | [RFC793] | |
| 7 | CBT | CBT | [Tony_Ballardie] | |
| 8 | EGP | Exterior Gateway Protocol | [RFC888][David_Mills] | |
| 9 | IGP | any private interior gateway (used by Cisco for their IGRP) |
[Internet_Assigned_Numbers_Authority] | |
| 10 | BBN-RCC-MON | BBN RCC Monitoring | [Steve_Chipman] | |
| 11 | NVP-II | Network Voice Protocol | [RFC741][Steve_Casner] | |
| 12 | PUP | PUP | [Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, “PUP: An Internetwork Architecture”, XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][[XEROX]] |
|
| 13 | ARGUS (deprecated) | ARGUS | [Robert_W_Scheifler] | |
| 14 | EMCON | EMCON | [<mystery contact>] | |
| 15 | XNET | Cross Net Debugger | [Haverty, J., “XNET Formats for Internet Protocol Version 4”, IEN 158, October 1980.][Jack_Haverty] |
|
| 16 | CHAOS | Chaos | [J_Noel_Chiappa] | |
| 17 | UDP | User Datagram | [RFC768][Jon_Postel] | |
| 18 | MUX | Multiplexing | [Cohen, D. and J. Postel, “Multiplexing Protocol”, IEN 90, USC/Information Sciences Institute, May 1979.][Jon_Postel] |
|
| 19 | DCN-MEAS | DCN Measurement Subsystems | [David_Mills] | |
| 20 | HMP | Host Monitoring | [RFC869][Bob_Hinden] | |
| 21 | PRM | Packet Radio Measurement | [Zaw_Sing_Su] | |
| 22 | XNS-IDP | XEROX NS IDP | [“The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, AA-K759B-TK, Digital Equipment Corporation, Maynard, MA. Also as: “The Ethernet – A Local Area Network”, Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980. And: “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications”, Digital, Intel and Xerox, November 1982. And: XEROX, “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][[XEROX]] |
|
| 23 | TRUNK-1 | Trunk-1 | [Barry_Boehm] | |
| 24 | TRUNK-2 | Trunk-2 | [Barry_Boehm] | |
| 25 | LEAF-1 | Leaf-1 | [Barry_Boehm] | |
| 26 | LEAF-2 | Leaf-2 | [Barry_Boehm] | |
| 27 | RDP | Reliable Data Protocol | [RFC908][Bob_Hinden] | |
| 28 | IRTP | Internet Reliable Transaction | [RFC938][Trudy_Miller] | |
| 29 | ISO-TP4 | ISO Transport Protocol Class 4 | [RFC905][<mystery contact>] | |
| 30 | NETBLT | Bulk Data Transfer Protocol | [RFC969][David_Clark] | |
| 31 | MFE-NSP | MFE Network Services Protocol | [Shuttleworth, B., “A Documentary of MFENet, a National Computer Network”, UCRL-52317, Lawrence Livermore Labs, Livermore, California, June 1977.][Barry_Howard] |
|
| 32 | MERIT-INP | MERIT Internodal Protocol | [Hans_Werner_Braun] | |
| 33 | DCCP | Datagram Congestion Control Protocol | [RFC4340] | |
| 34 | 3PC | Third Party Connect Protocol | [Stuart_A_Friedberg] | |
| 35 | IDPR | Inter-Domain Policy Routing Protocol | [Martha_Steenstrup] | |
| 36 | XTP | XTP | [Greg_Chesson] | |
| 37 | DDP | Datagram Delivery Protocol | [Wesley_Craig] | |
| 38 | IDPR-CMTP | IDPR Control Message Transport Proto | [Martha_Steenstrup] | |
| 39 | TP++ | TP++ Transport Protocol | [Dirk_Fromhein] | |
| 40 | IL | IL Transport Protocol | [Dave_Presotto] | |
| 41 | IPv6 | IPv6 encapsulation | [RFC2473] | |
| 42 | SDRP | Source Demand Routing Protocol | [Deborah_Estrin] | |
| 43 | IPv6-Route | Routing Header for IPv6 | Y | [Steve_Deering] |
| 44 | IPv6-Frag | Fragment Header for IPv6 | Y | [Steve_Deering] |
| 45 | IDRP | Inter-Domain Routing Protocol | [Sue_Hares] | |
| 46 | RSVP | Reservation Protocol | [RFC2205][RFC3209][Bob_Braden] | |
| 47 | GRE | Generic Routing Encapsulation | [RFC2784][Tony_Li] | |
| 48 | DSR | Dynamic Source Routing Protocol | [RFC4728] | |
| 49 | BNA | BNA | [Gary Salamon] | |
| 50 | ESP | Encap Security Payload | Y | [RFC4303] |
| 51 | AH | Authentication Header | Y | [RFC4302] |
| 52 | I-NLSP | Integrated Net Layer Security TUBA | [K_Robert_Glenn] | |
| 53 | SWIPE (deprecated) | IP with Encryption | [John_Ioannidis] | |
| 54 | NARP | NBMA Address Resolution Protocol | [RFC1735] | |
| 55 | MOBILE | IP Mobility | [Charlie_Perkins] | |
| 56 | TLSP | Transport Layer Security Protocol using Kryptonet key management |
[Christer_Oberg] | |
| 57 | SKIP | SKIP | [Tom_Markson] | |
| 58 | IPv6-ICMP | ICMP for IPv6 | [RFC8200] | |
| 59 | IPv6-NoNxt | No Next Header for IPv6 | [RFC8200] | |
| 60 | IPv6-Opts | Destination Options for IPv6 | Y | [RFC8200] |
| 61 | any host internal protocol | [Internet_Assigned_Numbers_Authority] | ||
| 62 | CFTP | CFTP | [Forsdick, H., “CFTP”, Network Message, Bolt Beranek and Newman, January 1982.][Harry_Forsdick] |
|
| 63 | any local network | [Internet_Assigned_Numbers_Authority] | ||
| 64 | SAT-EXPAK | SATNET and Backroom EXPAK | [Steven_Blumenthal] | |
| 65 | KRYPTOLAN | Kryptolan | [Paul Liu] | |
| 66 | RVD | MIT Remote Virtual Disk Protocol | [Michael_Greenwald] | |
| 67 | IPPC | Internet Pluribus Packet Core | [Steven_Blumenthal] | |
| 68 | any distributed file system | [Internet_Assigned_Numbers_Authority] | ||
| 69 | SAT-MON | SATNET Monitoring | [Steven_Blumenthal] | |
| 70 | VISA | VISA Protocol | [Gene_Tsudik] | |
| 71 | IPCV | Internet Packet Core Utility | [Steven_Blumenthal] | |
| 72 | CPNX | Computer Protocol Network Executive | [David Mittnacht] | |
| 73 | CPHB | Computer Protocol Heart Beat | [David Mittnacht] | |
| 74 | WSN | Wang Span Network | [Victor Dafoulas] | |
| 75 | PVP | Packet Video Protocol | [Steve_Casner] | |
| 76 | BR-SAT-MON | Backroom SATNET Monitoring | [Steven_Blumenthal] | |
| 77 | SUN-ND | SUN ND PROTOCOL-Temporary | [William_Melohn] | |
| 78 | WB-MON | WIDEBAND Monitoring | [Steven_Blumenthal] | |
| 79 | WB-EXPAK | WIDEBAND EXPAK | [Steven_Blumenthal] | |
| 80 | ISO-IP | ISO Internet Protocol | [Marshall_T_Rose] | |
| 81 | VMTP | VMTP | [Dave_Cheriton] | |
| 82 | SECURE-VMTP | SECURE-VMTP | [Dave_Cheriton] | |
| 83 | VINES | VINES | [Brian Horn] | |
| 84 | TTP | Transaction Transport Protocol | [Jim_Stevens] | |
| 84 | IPTM | Internet Protocol Traffic Manager | [Jim_Stevens] | |
| 85 | NSFNET-IGP | NSFNET-IGP | [Hans_Werner_Braun] | |
| 86 | DGP | Dissimilar Gateway Protocol | [M/A-COM Government Systems, “Dissimilar Gateway Protocol Specification, Draft Version”, Contract no. CS901145, November 16, 1987.][Mike_Little] |
|
| 87 | TCF | TCF | [Guillermo_A_Loyola] | |
| 88 | EIGRP | EIGRP | [RFC7868] | |
| 89 | OSPFIGP | OSPFIGP | [RFC1583][RFC2328][RFC5340][John_Moy] | |
| 90 | Sprite-RPC | Sprite RPC Protocol | [Welch, B., “The Sprite Remote Procedure Call System”, Technical Report, UCB/Computer Science Dept., 86/302, University of California at Berkeley, June 1986.][Bruce Willins] |
|
| 91 | LARP | Locus Address Resolution Protocol | [Brian Horn] | |
| 92 | MTP | Multicast Transport Protocol | [Susie_Armstrong] | |
| 93 | AX.25 | AX.25 Frames | [Brian_Kantor] | |
| 94 | IPIP | IP-within-IP Encapsulation Protocol | [John_Ioannidis] | |
| 95 | MICP (deprecated) | Mobile Internetworking Control Pro. | [John_Ioannidis] | |
| 96 | SCC-SP | Semaphore Communications Sec. Pro. | [Howard_Hart] | |
| 97 | ETHERIP | Ethernet-within-IP Encapsulation | [RFC3378] | |
| 98 | ENCAP | Encapsulation Header | [RFC1241][Robert_Woodburn] | |
| 99 | any private encryption scheme | [Internet_Assigned_Numbers_Authority] | ||
| 100 | GMTP | GMTP | [[RXB5]] | |
| 101 | IFMP | Ipsilon Flow Management Protocol | [Bob_Hinden][November 1995, 1997.] | |
| 102 | PNNI | PNNI over IP | [Ross_Callon] | |
| 103 | PIM | Protocol Independent Multicast | [RFC7761][Dino_Farinacci] | |
| 104 | ARIS | ARIS | [Nancy_Feldman] | |
| 105 | SCPS | SCPS | [Robert_Durst] | |
| 106 | QNX | QNX | [Michael_Hunter] | |
| 107 | A/N | Active Networks | [Bob_Braden] | |
| 108 | IPComp | IP Payload Compression Protocol | [RFC2393] | |
| 109 | SNP | Sitara Networks Protocol | [Manickam_R_Sridhar] | |
| 110 | Compaq-Peer | Compaq Peer Protocol | [Victor_Volpe] | |
| 111 | IPX-in-IP | IPX in IP | [CJ_Lee] | |
| 112 | VRRP | Virtual Router Redundancy Protocol | [RFC5798] | |
| 113 | PGM | PGM Reliable Transport Protocol | [Tony_Speakman] | |
| 114 | any 0-hop protocol | [Internet_Assigned_Numbers_Authority] | ||
| 115 | L2TP | Layer Two Tunneling Protocol | [RFC3931][Bernard_Aboba] | |
| 116 | DDX | D-II Data Exchange (DDX) | [John_Worley] | |
| 117 | IATP | Interactive Agent Transfer Protocol | [John_Murphy] | |
| 118 | STP | Schedule Transfer Protocol | [Jean_Michel_Pittet] | |
| 119 | SRP | SpectraLink Radio Protocol | [Mark_Hamilton] | |
| 120 | UTI | UTI | [Peter_Lothberg] | |
| 121 | SMP | Simple Message Protocol | [Leif_Ekblad] | |
| 122 | SM (deprecated) | Simple Multicast Protocol | [Jon_Crowcroft][draft-perlman-simple-multicast] | |
| 123 | PTP | Performance Transparency Protocol | [Michael_Welzl] | |
| 124 | ISIS over IPv4 | [Tony_Przygienda] | ||
| 125 | FIRE | [Criag_Partridge] | ||
| 126 | CRTP | Combat Radio Transport Protocol | [Robert_Sautter] | |
| 127 | CRUDP | Combat Radio User Datagram | [Robert_Sautter] | |
| 128 | SSCOPMCE | [Kurt_Waber] | ||
| 129 | IPLT | [[Hollbach]] | ||
| 130 | SPS | Secure Packet Shield | [Bill_McIntosh] | |
| 131 | PIPE | Private IP Encapsulation within IP | [Bernhard_Petri] | |
| 132 | SCTP | Stream Control Transmission Protocol | [Randall_R_Stewart] | |
| 133 | FC | Fibre Channel | [Murali_Rajagopal][RFC6172] | |
| 134 | RSVP-E2E-IGNORE | [RFC3175] | ||
| 135 | Mobility Header | Y | [RFC6275] | |
| 136 | UDPLite | [RFC3828] | ||
| 137 | MPLS-in-IP | [RFC4023] | ||
| 138 | manet | MANET Protocols | [RFC5498] | |
| 139 | HIP | Host Identity Protocol | Y | [RFC7401] |
| 140 | Shim6 | Shim6 Protocol | Y | [RFC5533] |
| 141 | WESP | Wrapped Encapsulating Security Payload | [RFC5840] | |
| 142 | ROHC | Robust Header Compression | [RFC5858] | |
| 143 | Ethernet | Ethernet | [RFC8986] | |
| 144-252 | Unassigned | [Internet_Assigned_Numbers_Authority] | ||
| 253 | Use for experimentation and testing | Y | [RFC3692] | |
| 254 | Use for experimentation and testing | Y | [RFC3692] | |
| 255 | Reserved | [Internet_Assigned_Numbers_Authority] |