diff --git a/testing/btest/Baseline/scripts.policy.protocols.conn.ip-proto-name-logging/out b/testing/btest/Baseline/scripts.policy.protocols.conn.ip-proto-name-logging/out
new file mode 100644
index 0000000000..ee2dc87228
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.protocols.conn.ip-proto-name-logging/out
@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+unknown-ip-proto-500
diff --git a/testing/btest/core/cisco-fabric-path.zeek b/testing/btest/core/cisco-fabric-path.zeek
index 183c16f84d..98a2a2f5ed 100644
--- a/testing/btest/core/cisco-fabric-path.zeek
+++ b/testing/btest/core/cisco-fabric-path.zeek
@@ -1,2 +1,2 @@
-# @TEST-EXEC: zeek -C -r $TRACES/cisco-fabric-path.pcap
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap
 # @TEST-EXEC: btest-diff conn.log
diff --git a/testing/btest/scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek b/testing/btest/scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek
new file mode 100644
index 0000000000..7e3b93a7cb
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/conn/disable-unknown-ip-proto-support.zeek
@@ -0,0 +1,8 @@
+# @TEST-DOC: Test the policy for removing the unknown IP protocol field and connections from conn.log
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT
+# @TEST-EXEC: test $(head -1 conn.log | jq 'has("ip_proto")') = "false"
+# @TEST-EXEC-FAIL: cat conn.log | jq .proto | sort | uniq | grep unknown_transport
+
+@load policy/protocols/conn/disable-unknown-ip-proto-support
+
+redef LogAscii::use_json = T;
diff --git a/testing/btest/scripts/policy/protocols/conn/ip-proto-name-logging.zeek b/testing/btest/scripts/policy/protocols/conn/ip-proto-name-logging.zeek
new file mode 100644
index 0000000000..0d3ee7fd37
--- /dev/null
+++ b/testing/btest/scripts/policy/protocols/conn/ip-proto-name-logging.zeek
@@ -0,0 +1,15 @@
+# @TEST-DOC: Tests the ip-proto-name-logging policy file
+# @TEST-EXEC: zeek -r $TRACES/cisco-fabric-path.pcap %INPUT > out
+
+# @TEST-EXEC-FAIL: cat conn.log | jq 'has("ip_proto_name")' | grep "false"
+# @TEST-EXEC: cat conn.log | jq .ip_proto_name | sort | uniq | grep private-encryption
+# @TEST-EXEC: btest-diff out
+
+@load policy/protocols/conn/ip-proto-name-logging
+
+redef LogAscii::use_json = T;
+
+event zeek_init() {
+	# Test printing out an unknown value from the protocol_names table
+	print IP::protocol_names[500];
+}