Adding Custom IP Protocol Services

Using only the default IP protocol types, if the security appliance encounters traffic of any other IP protocol type it drops it as unrecognized. However, there exists a large and expanding list of other registered IP protocols, as governed by IANA (Internet Assigned Numbers Authority), so while the rigid practice of dropping less-common (unrecognized) IP Type traffic is secure, it is functionally restrictive.

SonicOS allows you to construct service objects representing any IP type, allowing access rules or security policies to then be written to recognize and control IP traffic of any type.

The generic service Any does not handle custom IP type service objects. In other words, simply defining a custom IP type service object for IP Type 126 does not allow IP Type 126 traffic to pass through the default LAN > WAN Allow rule. You need to create an access rule or a security policy specifically containing the custom IP type service object to provide for its recognition and handling as described in Configuration Example.