You're probably looking for something like this:
http://docs.splunk.com/Documentation/Splunk/6.0.3/Knowledge/Addfieldsfromexternaldatasources
You'll want to define a CSV with the protocol number as one column, and the protocol name as the other. You can then use that in a lookup something like (not exact as you didn't provide details on your logs):
sourcetype=my-firewall | lookup protocols protocol_number OUTPUT protocol_name
You can see more on using the lookup command here:
http://docs.splunk.com/Documentation/Splunk/6.1/SearchReference/Lookup
You're probably looking for something like this:
http://docs.splunk.com/Documentation/Splunk/6.0.3/Knowledge/Addfieldsfromexternaldatasources
You'll want to define a CSV with the protocol number as one column, and the protocol name as the other. You can then use that in a lookup something like (not exact as you didn't provide details on your logs):
sourcetype=my-firewall | lookup protocols protocol_number OUTPUT protocol_name
You can see more on using the lookup command here:
http://docs.splunk.com/Documentation/Splunk/6.1/SearchReference/Lookup
Lookups comes very handy for situations where additional static information to be added to result. Also, if the no of mapping is small and its to be used in only 1-2 places, you can use "eval-case" command to define those. [lookups are easily scalable though]