I have to often do validation on rules set created on a Palo Alto firewall, now if you’ve done this you’ll know there’s a specific requirement to define which protocol to test against. Generally you’ll use UDP or TCP, and ICMP if needing to validate ping rules.
However PAN uses numbers and the provided direct KB from them does not define them all (1-255). So googling I found a nice simplified post by Kerry Cordero on his site here. Where he got this info from I’m not certain, he did not reference any PAN KB’s or anything. For prosperity of the internet I have quotes his list as it was on his site.
Many Thanks to Kerry for this work on this.
“Protocol Options:
When it comes to the protocol #, you have several options to choose from like:
TCP = 6
UDP = 17
ICMP = 1
ESP = 50
Below is a full list of options you can use.
| Decimal | Keyword | Protocol | IPv6 Extension Header | Reference |
| 0 | HOPOPT | IPv6 Hop-by-Hop Option | Y | [RFC8200] |
| 1 | ICMP | Internet Control Message | [RFC792] | |
| 2 | IGMP | Internet Group Management | [RFC1112] | |
| 3 | GGP | Gateway-to-Gateway | [RFC823] | |
| 4 | IPv4 | IPv4 encapsulation | [RFC2003] | |
| 5 | ST | Stream | [RFC1190][RFC1819] | |
| 6 | TCP | Transmission Control | [RFC793] | |
| 7 | CBT | CBT | [Tony_Ballardie] | |
| 8 | EGP | Exterior Gateway Protocol | [RFC888][David_Mills] | |
| 9 | IGP | any private interior gateway (used by Cisco for their IGRP) |
[Internet_Assigned_Numbers_Authority] | |
| 10 | BBN-RCC-MON | BBN RCC Monitoring | [Steve_Chipman] | |
| 11 | NVP-II | Network Voice Protocol | [RFC741][Steve_Casner] | |
| 12 | PUP | PUP | [Boggs, D., J. Shoch, E. Taft, and R. Metcalfe, “PUP: An Internetwork Architecture”, XEROX Palo Alto Research Center, CSL-79-10, July 1979; also in IEEE Transactions on Communication, Volume COM-28, Number 4, April 1980.][[XEROX]] |
|
| 13 | ARGUS (deprecated) | ARGUS | [Robert_W_Scheifler] | |
| 14 | EMCON | EMCON | [<mystery contact>] | |
| 15 | XNET | Cross Net Debugger | [Haverty, J., “XNET Formats for Internet Protocol Version 4”, IEN 158, October 1980.][Jack_Haverty] |
|
| 16 | CHAOS | Chaos | [J_Noel_Chiappa] | |
| 17 | UDP | User Datagram | [RFC768][Jon_Postel] | |
| 18 | MUX | Multiplexing | [Cohen, D. and J. Postel, “Multiplexing Protocol”, IEN 90, USC/Information Sciences Institute, May 1979.][Jon_Postel] |
|
| 19 | DCN-MEAS | DCN Measurement Subsystems | [David_Mills] | |
| 20 | HMP | Host Monitoring | [RFC869][Bob_Hinden] | |
| 21 | PRM | Packet Radio Measurement | [Zaw_Sing_Su] | |
| 22 | XNS-IDP | XEROX NS IDP | [“The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, AA-K759B-TK, Digital Equipment Corporation, Maynard, MA. Also as: “The Ethernet – A Local Area Network”, Version 1.0, Digital Equipment Corporation, Intel Corporation, Xerox Corporation, September 1980. And: “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specifications”, Digital, Intel and Xerox, November 1982. And: XEROX, “The Ethernet, A Local Area Network: Data Link Layer and Physical Layer Specification”, X3T51/80-50, Xerox Corporation, Stamford, CT., October 1980.][[XEROX]] |
|
| 23 | TRUNK-1 | Trunk-1 | [Barry_Boehm] | |
| 24 | TRUNK-2 | Trunk-2 | [Barry_Boehm] | |
| 25 | LEAF-1 | Leaf-1 | [Barry_Boehm] | |
| 26 | LEAF-2 | Leaf-2 | [Barry_Boehm] | |
| 27 | RDP | Reliable Data Protocol | [RFC908][Bob_Hinden] | |
| 28 | IRTP | Internet Reliable Transaction | [RFC938][Trudy_Miller] | |
| 29 | ISO-TP4 | ISO Transport Protocol Class 4 | [RFC905][<mystery contact>] | |
| 30 | NETBLT | Bulk Data Transfer Protocol | [RFC969][David_Clark] | |
| 31 | MFE-NSP | MFE Network Services Protocol | [Shuttleworth, B., “A Documentary of MFENet, a National Computer Network”, UCRL-52317, Lawrence Livermore Labs, Livermore, California, June 1977.][Barry_Howard] |
|
| 32 | MERIT-INP | MERIT Internodal Protocol | [Hans_Werner_Braun] | |
| 33 | DCCP | Datagram Congestion Control Protocol | [RFC4340] | |
| 34 | 3PC | Third Party Connect Protocol | [Stuart_A_Friedberg] | |
| 35 | IDPR | Inter-Domain Policy Routing Protocol | [Martha_Steenstrup] | |
| 36 | XTP | XTP | [Greg_Chesson] | |
| 37 | DDP | Datagram Delivery Protocol | [Wesley_Craig] | |
| 38 | IDPR-CMTP | IDPR Control Message Transport Proto | [Martha_Steenstrup] | |
| 39 | TP++ | TP++ Transport Protocol | [Dirk_Fromhein] | |
| 40 | IL | IL Transport Protocol | [Dave_Presotto] | |
| 41 | IPv6 | IPv6 encapsulation | [RFC2473] | |
| 42 | SDRP | Source Demand Routing Protocol | [Deborah_Estrin] | |
| 43 | IPv6-Route | Routing Header for IPv6 | Y | [Steve_Deering] |
| 44 | IPv6-Frag | Fragment Header for IPv6 | Y | [Steve_Deering] |
| 45 | IDRP | Inter-Domain Routing Protocol | [Sue_Hares] | |
| 46 | RSVP | Reservation Protocol | [RFC2205][RFC3209][Bob_Braden] | |
| 47 | GRE | Generic Routing Encapsulation | [RFC2784][Tony_Li] | |
| 48 | DSR | Dynamic Source Routing Protocol | [RFC4728] | |
| 49 | BNA | BNA | [Gary Salamon] | |
| 50 | ESP | Encap Security Payload | Y | [RFC4303] |
| 51 | AH | Authentication Header | Y | [RFC4302] |
| 52 | I-NLSP | Integrated Net Layer Security TUBA | [K_Robert_Glenn] | |
| 53 | SWIPE (deprecated) | IP with Encryption | [John_Ioannidis] | |
| 54 | NARP | NBMA Address Resolution Protocol | [RFC1735] | |
| 55 | MOBILE | IP Mobility | [Charlie_Perkins] | |
| 56 | TLSP | Transport Layer Security Protocol using Kryptonet key management |
[Christer_Oberg] | |
| 57 | SKIP | SKIP | [Tom_Markson] | |
| 58 | IPv6-ICMP | ICMP for IPv6 | [RFC8200] | |
| 59 | IPv6-NoNxt | No Next Header for IPv6 | [RFC8200] | |
| 60 | IPv6-Opts | Destination Options for IPv6 | Y | [RFC8200] |
| 61 | any host internal protocol | [Internet_Assigned_Numbers_Authority] | ||
| 62 | CFTP | CFTP | [Forsdick, H., “CFTP”, Network Message, Bolt Beranek and Newman, January 1982.][Harry_Forsdick] |
|
| 63 | any local network | [Internet_Assigned_Numbers_Authority] | ||
| 64 | SAT-EXPAK | SATNET and Backroom EXPAK | [Steven_Blumenthal] | |
| 65 | KRYPTOLAN | Kryptolan | [Paul Liu] | |
| 66 | RVD | MIT Remote Virtual Disk Protocol | [Michael_Greenwald] | |
| 67 | IPPC | Internet Pluribus Packet Core | [Steven_Blumenthal] | |
| 68 | any distributed file system | [Internet_Assigned_Numbers_Authority] | ||
| 69 | SAT-MON | SATNET Monitoring | [Steven_Blumenthal] | |
| 70 | VISA | VISA Protocol | [Gene_Tsudik] | |
| 71 | IPCV | Internet Packet Core Utility | [Steven_Blumenthal] | |
| 72 | CPNX | Computer Protocol Network Executive | [David Mittnacht] | |
| 73 | CPHB | Computer Protocol Heart Beat | [David Mittnacht] | |
| 74 | WSN | Wang Span Network | [Victor Dafoulas] | |
| 75 | PVP | Packet Video Protocol | [Steve_Casner] | |
| 76 | BR-SAT-MON | Backroom SATNET Monitoring | [Steven_Blumenthal] | |
| 77 | SUN-ND | SUN ND PROTOCOL-Temporary | [William_Melohn] | |
| 78 | WB-MON | WIDEBAND Monitoring | [Steven_Blumenthal] | |
| 79 | WB-EXPAK | WIDEBAND EXPAK | [Steven_Blumenthal] | |
| 80 | ISO-IP | ISO Internet Protocol | [Marshall_T_Rose] | |
| 81 | VMTP | VMTP | [Dave_Cheriton] | |
| 82 | SECURE-VMTP | SECURE-VMTP | [Dave_Cheriton] | |
| 83 | VINES | VINES | [Brian Horn] | |
| 84 | TTP | Transaction Transport Protocol | [Jim_Stevens] | |
| 84 | IPTM | Internet Protocol Traffic Manager | [Jim_Stevens] | |
| 85 | NSFNET-IGP | NSFNET-IGP | [Hans_Werner_Braun] | |
| 86 | DGP | Dissimilar Gateway Protocol | [M/A-COM Government Systems, “Dissimilar Gateway Protocol Specification, Draft Version”, Contract no. CS901145, November 16, 1987.][Mike_Little] |
|
| 87 | TCF | TCF | [Guillermo_A_Loyola] | |
| 88 | EIGRP | EIGRP | [RFC7868] | |
| 89 | OSPFIGP | OSPFIGP | [RFC1583][RFC2328][RFC5340][John_Moy] | |
| 90 | Sprite-RPC | Sprite RPC Protocol | [Welch, B., “The Sprite Remote Procedure Call System”, Technical Report, UCB/Computer Science Dept., 86/302, University of California at Berkeley, June 1986.][Bruce Willins] |
|
| 91 | LARP | Locus Address Resolution Protocol | [Brian Horn] | |
| 92 | MTP | Multicast Transport Protocol | [Susie_Armstrong] | |
| 93 | AX.25 | AX.25 Frames | [Brian_Kantor] | |
| 94 | IPIP | IP-within-IP Encapsulation Protocol | [John_Ioannidis] | |
| 95 | MICP (deprecated) | Mobile Internetworking Control Pro. | [John_Ioannidis] | |
| 96 | SCC-SP | Semaphore Communications Sec. Pro. | [Howard_Hart] | |
| 97 | ETHERIP | Ethernet-within-IP Encapsulation | [RFC3378] | |
| 98 | ENCAP | Encapsulation Header | [RFC1241][Robert_Woodburn] | |
| 99 | any private encryption scheme | [Internet_Assigned_Numbers_Authority] | ||
| 100 | GMTP | GMTP | [[RXB5]] | |
| 101 | IFMP | Ipsilon Flow Management Protocol | [Bob_Hinden][November 1995, 1997.] | |
| 102 | PNNI | PNNI over IP | [Ross_Callon] | |
| 103 | PIM | Protocol Independent Multicast | [RFC7761][Dino_Farinacci] | |
| 104 | ARIS | ARIS | [Nancy_Feldman] | |
| 105 | SCPS | SCPS | [Robert_Durst] | |
| 106 | QNX | QNX | [Michael_Hunter] | |
| 107 | A/N | Active Networks | [Bob_Braden] | |
| 108 | IPComp | IP Payload Compression Protocol | [RFC2393] | |
| 109 | SNP | Sitara Networks Protocol | [Manickam_R_Sridhar] | |
| 110 | Compaq-Peer | Compaq Peer Protocol | [Victor_Volpe] | |
| 111 | IPX-in-IP | IPX in IP | [CJ_Lee] | |
| 112 | VRRP | Virtual Router Redundancy Protocol | [RFC5798] | |
| 113 | PGM | PGM Reliable Transport Protocol | [Tony_Speakman] | |
| 114 | any 0-hop protocol | [Internet_Assigned_Numbers_Authority] | ||
| 115 | L2TP | Layer Two Tunneling Protocol | [RFC3931][Bernard_Aboba] | |
| 116 | DDX | D-II Data Exchange (DDX) | [John_Worley] | |
| 117 | IATP | Interactive Agent Transfer Protocol | [John_Murphy] | |
| 118 | STP | Schedule Transfer Protocol | [Jean_Michel_Pittet] | |
| 119 | SRP | SpectraLink Radio Protocol | [Mark_Hamilton] | |
| 120 | UTI | UTI | [Peter_Lothberg] | |
| 121 | SMP | Simple Message Protocol | [Leif_Ekblad] | |
| 122 | SM (deprecated) | Simple Multicast Protocol | [Jon_Crowcroft][draft-perlman-simple-multicast] | |
| 123 | PTP | Performance Transparency Protocol | [Michael_Welzl] | |
| 124 | ISIS over IPv4 | [Tony_Przygienda] | ||
| 125 | FIRE | [Criag_Partridge] | ||
| 126 | CRTP | Combat Radio Transport Protocol | [Robert_Sautter] | |
| 127 | CRUDP | Combat Radio User Datagram | [Robert_Sautter] | |
| 128 | SSCOPMCE | [Kurt_Waber] | ||
| 129 | IPLT | [[Hollbach]] | ||
| 130 | SPS | Secure Packet Shield | [Bill_McIntosh] | |
| 131 | PIPE | Private IP Encapsulation within IP | [Bernhard_Petri] | |
| 132 | SCTP | Stream Control Transmission Protocol | [Randall_R_Stewart] | |
| 133 | FC | Fibre Channel | [Murali_Rajagopal][RFC6172] | |
| 134 | RSVP-E2E-IGNORE | [RFC3175] | ||
| 135 | Mobility Header | Y | [RFC6275] | |
| 136 | UDPLite | [RFC3828] | ||
| 137 | MPLS-in-IP | [RFC4023] | ||
| 138 | manet | MANET Protocols | [RFC5498] | |
| 139 | HIP | Host Identity Protocol | Y | [RFC7401] |
| 140 | Shim6 | Shim6 Protocol | Y | [RFC5533] |
| 141 | WESP | Wrapped Encapsulating Security Payload | [RFC5840] | |
| 142 | ROHC | Robust Header Compression | [RFC5858] | |
| 143 | Ethernet | Ethernet | [RFC8986] | |
| 144-252 | Unassigned | [Internet_Assigned_Numbers_Authority] | ||
| 253 | Use for experimentation and testing | Y | [RFC3692] | |
| 254 | Use for experimentation and testing | Y | [RFC3692] | |
| 255 | Reserved | [Internet_Assigned_Numbers_Authority] |
“