diff --git a/ncloud/resource_ncloud_access_control_group_rule.go b/ncloud/resource_ncloud_access_control_group_rule.go
index ab0a64b1b..eb3da12e8 100644
--- a/ncloud/resource_ncloud_access_control_group_rule.go
+++ b/ncloud/resource_ncloud_access_control_group_rule.go
@@ -8,6 +8,8 @@ import (
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"log"
+	"regexp"
+	"strconv"
 	"time"
 )
 
@@ -34,9 +36,12 @@ func resourceNcloudAccessControlGroupRule() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"protocol": {
-							Type:             schema.TypeString,
-							Required:         true,
-							ValidateDiagFunc: ToDiagFunc(validation.StringInSlice([]string{"TCP", "UDP", "ICMP"}, false)),
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateDiagFunc: ToDiagFunc(validation.All(
+								validation.StringMatch(regexp.MustCompile(`TCP|UDP|ICMP|\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-2])\b`), "only TCP, UDP, ICMP and 1-252 are valid values."),
+								validation.StringNotInSlice([]string{"1", "6", "17"}, false),
+							)),
 						},
 						"port_range": {
 							Type:             schema.TypeString,
@@ -71,9 +76,12 @@ func resourceNcloudAccessControlGroupRule() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"protocol": {
-							Type:             schema.TypeString,
-							Required:         true,
-							ValidateDiagFunc: ToDiagFunc(validation.StringInSlice([]string{"TCP", "UDP", "ICMP"}, false)),
+							Type:     schema.TypeString,
+							Required: true,
+							ValidateDiagFunc: ToDiagFunc(validation.All(
+								validation.StringMatch(regexp.MustCompile(`TCP|UDP|ICMP|\b([1-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-2])\b`), "only TCP, UDP, ICMP and 1-252 are valid values."),
+								validation.StringNotInSlice([]string{"1", "6", "17"}, false),
+							)),
 						},
 						"port_range": {
 							Type:             schema.TypeString,
@@ -148,8 +156,15 @@ func resourceNcloudAccessControlGroupRuleRead(d *schema.ResourceData, meta inter
 	oSet := schema.NewSet(schema.HashResource(resourceNcloudAccessControlGroupRule().Schema["outbound"].Elem.(*schema.Resource)), []interface{}{})
 
 	for _, r := range rules {
+		var protocol string
+		if allowedProtocolCodes[*r.ProtocolType.Code] {
+			protocol = *r.ProtocolType.Code
+		} else {
+			protocol = strconv.Itoa(int(*r.ProtocolType.Number))
+		}
+
 		m := map[string]interface{}{
-			"protocol":                       *r.ProtocolType.Code,
+			"protocol":                       protocol,
 			"port_range":                     *r.PortRange,
 			"ip_block":                       *r.IpBlock,
 			"source_access_control_group_no": *r.AccessControlGroupSequence,
@@ -444,3 +459,9 @@ func expandRemoveAccessControlGroupRule(rules []interface{}) []*vserver.RemoveAc
 
 	return acgRuleList
 }
+
+var allowedProtocolCodes = map[string]bool{
+	"TCP":  true,
+	"UDP":  true,
+	"ICMP": true,
+}