15 match protocol – Fortinet 548B User Manual

- 370 -

<tosmask> is a two-digit hexadecimal number from 00 to ff.

The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against
the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set
and bit 1 clear, where bit 7 is most significant, use a <tosbits> value of a0 (hex) and a
<tosmask> of a2 (hex).

i

The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a
match criterion for the same Service Type field in the IP header, but with a slightly different
user notation.

In essence

, this the “free form” version of the IP DSCP/Precedence/TOS match

specification in that the user has complete control of specifying which bits of the IP Service
Type field are checked.

Default Setting

None

Command Mode

Class-Map Config

7.21.2.15 match protocol

This command adds to the specified class definition a match condition based on the value of the IP
Protocol field in a packet using a single keyword notation or a numeric value notation.

Syntax

match protocol {<protocol-name> | <0-255>}

<protocol-name> is one of the supported protocol name keywords. The currently supported values
are: icmp, igmp, ip, tcp, udp. Note that a value of ip is interpreted to match all protocol number
values. To specify the match condition using a numeric value notation, the protocol number is a
standard value assigned by IANA and is interpreted as an integer from 0 to 255.

i

This command does not validate the protocol number value against the current list defined
by IANA.

Default Setting

None

Command Mode

Class-Map Config / Ipv6-Class-Map Config