Using Continue rules to set the Protocol in Access rules
The default Protocol can be set using the Continue action.
This way, the correct Protocol is also used for traffic that is allowed by rules that are set to match any Service. These rules have no particular Service element that would set the correct protocol). This setting can even be mandatory, for example, if you want to allow certain protocols that allocate ports dynamically. On Engines, the Protocol is needed to associate the traffic with the correct protocol for further inspection and to handle some types of traffic, such as FTP, correctly. The IPS Template and the Layer 2 Firewall Template include several Continue rules that associate all traffic with Protocols according to standard ports. The Firewall Template includes one Continue rule that defines that Protocols of the type Protocol Agent are used for the Service Group Default Services with Agents.
If you have TCP and UDP services set up in your network under non-standard ports, the traffic might not be associated to the correct protocol. The traffic could therefore inspected at a more general (TCP or UDP) level. In this case, you can create your own custom Service and add it in your policy to have the traffic inspected with the correct protocol information. Only some protocols and some of their parameters are supported in the services that are used in IPS policies.
You can also add your own rules for the opposite purpose: to have some traffic not inspected as a particular protocol, but more generally as TCP or UDP traffic. In this case, you add a rule in your policy that includes the general TCP or UDP Service element from the IP-proto branch of the Services tree.