protocols (Security Zones Host Inbound Traffic)

Protocol for which traffic is allowed. The following protocols are supported:

• all—Enable traffic from all possible protocols available. Use the except option to disallow specific protocols.

• bfd—Enable incoming Bidirectional Forwarding Detection (BFD) protocol traffic.

• bgp—Enable incoming BGP traffic.

• dvmrp—Enable incoming Distance Vector Multicast Routing Protocol (DVMRP) traffic.

• igmp—Enable incoming Internet Group Management Protocol (IGMP) traffic.

• ldp—Enable incoming Label Distribution Protocol (LDP) traffic (UDP and TCP port 646).

• msdp—Enable incoming Multicast Source Discovery Protocol (MSDP) traffic.

• nhrp—Enable incoming Next Hop Resolution Protocol (NHRP) traffic.

• ospf—Enable incoming OSPF traffic.

• ospf3—Enable incoming OSPF version 3 traffic.

• pgm—Enable incoming Pragmatic General Multicast (PGM) protocol traffic (IP protocol number 113).

• pim—Enable incoming Protocol Independent Multicast (PIM) traffic.

• rip—Enable incoming RIP traffic.

• ripng—Enable incoming RIP next generation traffic.

• router-discovery—Enable incoming router discovery traffic.

• rsvp—Enable incoming Resource Reservation Protocol (RSVP) traffic (IP protocol number 46).

• sap— Enable incoming Session Announcement Protocol (SAP) traffic. SAP always listens on 224.2.127.254:9875. New addresses and ports can be added dynamically. This information must be propagated to the Packet Forwarding Engine (PFE).

• vrrp—Enable incoming Virtual Router Redundancy Protocol (VRRP) traffic.

(Optional) Disable specific incoming protocol traffic, but only when the all option has been defined . For example, to enable all but BGP and VRRP protocol traffic: