Supported RFCs

FortiOS supports the following RFCs.

BGP

  • RFC 4724: Graceful Restart Mechanism for BGP
  • RFC 4456: BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)
  • RFC 4360: BGP Extended Communities Attribute
  • RFC 4271: A Border Gateway Protocol 4 (BGP-4)
  • RFC 2918: Route Refresh Capability for BGP-4
  • RFC 2545: Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
  • RFC 2439: BGP Route Flap Damping
  • RFC 1997: BGP Communities Attribute
  • RFC 1930: Guidelines for creation, selection, and registration of an Autonomous System (AS)
  • RFC 1772: Application of the Border Gateway Protocol in the Internet

Cryptography

  • RFC 8031: Curve25519 and Curve448 for the Internet Key Exchange Protocol Version 2 (IKEv2) Key Agreement
  • RFC 7634: ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
  • RFC 7627: Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension
  • RFC 7539: ChaCha20 and Poly1305 for IETF Protocols
  • RFC 7427: Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
  • RFC 7383: Internet Key Exchange Protocol Version 2 (IKEv2) Message Fragmentation
  • RFC 7296: Internet Key Exchange Protocol Version 2 (IKEv2)
  • RFC 7027: Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)
  • RFC 6989: Additional Diffie-Hellman Tests for the Internet Key Exchange Protocol Version 2 (IKEv2)
  • RFC 6954: Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for the Internet Key Exchange Protocol Version 2 (IKEv2)
  • RFC 6290: A Quick Crash Detection Method for the Internet Key Exchange Protocol (IKE)
  • RFC 6023: A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2) Security Association (SA)
  • RFC 5723: Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
  • RFC 5282: Using Authenticated Encryption Algorithms with the Encrypted Payload of the Internet Key Exchange version 2 (IKEv2) Protocol
  • RFC 5280: Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
  • RFC 4754: IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
  • RFC 4635: HMAC SHA TSIG Algorithm Identifiers
  • RFC 4492: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)
  • RFC 4478: Repeated Authentication in Internet Key Exchange (IKEv2) Protocol
  • RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
  • RFC 3947: Negotiation of NAT-Traversal in the IKE
  • RFC 3602: The AES-CBC Cipher Algorithm and Its Use with IPsec
  • RFC 3526: More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
  • RFC 2986: PKCS #10: Certification Request Syntax Specification Version 1.7
  • RFC 2845: Secret Key Transaction Authentication for DNS (TSIG)
  • RFC 2631: Diffie-Hellman Key Agreement Method
  • RFC 2451: The ESP CBC-Mode Cipher Algorithms
  • RFC 2410: The NULL Encryption Algorithm and Its Use With IPsec
  • RFC 2405: The ESP DES-CBC Cipher Algorithm With Explicit IV
  • RFC 2404: The Use of HMAC-SHA-1-96 within ESP and AH
  • RFC 2403: The Use of HMAC-MD5-96 within ESP and AH
  • RFC 2315: PKCS #7: Cryptographic Message Syntax Version 1.5
  • RFC 2104: HMAC: Keyed-Hashing for Message Authentication
  • RFC 2085: HMAC-MD5 IP Authentication with Replay Prevention
  • RFC 1422: Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management
  • RFC 1321: The MD5 Message-Digest Algorithm
  • PKCS #12: PKCS 12 v1: Personal Information Exchange Syntax

DHCP

  • RFC 4361: Node-specific Client Identifiers for Dynamic Host Configuration Protocol Version Four (DHCPv4)
  • RFC 3736: Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6
  • RFC 3633: IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP) version 6
  • RFC 3456: Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsec Tunnel Mode
  • RFC 3315: Dynamic Host Configuration Protocol for IPv6 (DHCPv6)
  • RFC 2132: DHCP Options and BOOTP Vendor Extensions
  • RFC 2131: Dynamic Host Configuration Protocol

Diffserv

  • RFC 3260: New Terminology and Clarifications for Diffserv
  • RFC 2597: Assured Forwarding PHB Group
  • RFC 2475: An Architecture for Differentiated Services
  • RFC 2474: Definition of the Differentiated Services Field (DS Field) in the IPv4 and IPv6 Headers

DNS

  • RFC 6895: Domain Name System (DNS) IANA Considerations
  • RFC 6604: xNAME RCODE and Status Bits Clarification
  • RFC 6147: DNS64: DNS Extensions for Network Address Translation from IPv6 Clients to IPv4 Servers
  • RFC 4592: The Role of Wildcards in the Domain Name System
  • RFC 4035: Protocol Modifications for the DNS Security Extensions
  • RFC 4034: Resource Records for the DNS Security Extensions
  • RFC 4033: DNS Security Introduction and Requirements
  • RFC 3597: Handling of Unknown DNS Resource Record (RR) Types
  • RFC 3226: DNSSEC and IPv6 A6 aware server/resolver message size requirements
  • RFC 3007: Secure Domain Name System (DNS) Dynamic Update
  • RFC 2308: Negative Caching of DNS Queries (DNS NCACHE)
  • RFC 2181: Clarifications to the DNS Specification
  • RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE)
  • RFC 1996: A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
  • RFC 1995: Incremental Zone Transfer in DNS
  • RFC 1982: Serial Number Arithmetic
  • RFC 1876: A Means for Expressing Location Information in the Domain Name System
  • RFC 1706: DNS NSAP Resource Records
  • RFC 1183: New DNS RR Definitions
  • RFC 1101: DNS Encoding of Network Names and Other Types
  • RFC 1035: Domain Names - Implementation and Specification
  • RFC 1034: Domain Names - Concepts and Facilities

ICMP

  • RFC 6918: Formally Deprecating Some ICMPv4 Message Types
  • RFC 6633: Deprecation of ICMP Source Quench Messages
  • RFC 4884: Extended ICMP to Support Multi-Part Messages
  • RFC 4443: Internet Control Message Protocol (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification
  • RFC 1191: Path MTU Discovery
  • RFC 792: Internet Control Message Protocol

IP

  • RFC 5798: Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6
  • RFC 4301: Security Architecture for the Internet Protocol
  • RFC 3272: Overview and Principles of Internet Traffic Engineering
  • RFC 3168: The Addition of Explicit Congestion Notification (ECN) to IP
  • RFC 2072: Router Renumbering Guide
  • RFC 2071: Network Renumbering Overview: Why would I want it and what is it anyway?
  • RFC 1918: Address Allocation for Private Internets
  • RFC 1123: Requirements for Internet Hosts -- Application and Support
  • RFC 1122: Requirements for Internet Hosts -- Communication Layers
  • RFC 791: Internet Protocol

IP multicast

  • RFC 4604: Using Internet Group Management Protocol Version 3 (IGMPv3) and Multicast Listener Discovery Protocol Version 2 (MLDv2) for Source-Specific Multicast
  • RFC 3973: Protocol Independent Multicast - Dense Mode (PIM-DM): Protocol Specification (Revised)
  • RFC 3956: Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast Address
  • RFC 3306: Unicast-Prefix-based IPv6 Multicast Addresses
  • RFC 2365: Administratively Scoped IP Multicast
  • RFC 1112: Host Extensions for IP Multicasting

IPsec

  • RFC 4304: Extended Sequence Number (ESN) Addendum to IPsec Domain of Interpretation (DOI) for Internet Security Association and Key Management Protocol (ISAKMP)
  • RFC 4303: IP Encapsulating Security Payload (ESP)
  • RFC 3706: A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers

IPv4

  • RFC 6864: Updated Specification of the IPv4 ID Field
  • RFC 5177: Network Mobility (NEMO) Extensions for Mobile IPv4
  • RFC 4632: Classless Inter-domain Routing (CIDR): The Internet Address Assignment and Aggregation Plan
  • RFC 3927: Dynamic Configuration of IPv4 Link-Local Addresses
  • RFC 3021: Using 31-Bit Prefixes on IPv4 Point-to-Point Links
  • RFC 1812: Requirements for IP Version 4 Routers

IPv6

  • RFC 6343: Advisory Guidelines for 6to4 Deployment
  • RFC 5175: IPv6 Router Advertisement Flags Option
  • RFC 5095: Deprecation of Type 0 Routing Headers in IPv6
  • RFC 4941: Privacy Extensions for Stateless Address Autoconfiguration in IPv6
  • RFC 4862: IPv6 Stateless Address Autoconfiguration
  • RFC 4861: Neighbor Discovery for IP version 6 (IPv6)
  • RFC 4389: Neighbor Discovery Proxies (ND Proxy)
  • RFC 4213: Basic Transition Mechanisms for IPv6 Hosts and Routers
  • RFC 4193: Unique Local IPv6 Unicast Addresses
  • RFC 4007: IPv6 Scoped Address Architecture
  • RFC 3971: SEcure Neighbor Discovery (SEND)
  • RFC 3596: DNS Extensions to Support IP Version 6
  • RFC 3587: IPv6 Global Unicast Address Format
  • RFC 3493: Basic Socket Interface Extensions for IPv6
  • RFC 3056: Connection of IPv6 Domains via IPv4 Clouds
  • RFC 3053: IPv6 Tunnel Broker
  • RFC 2894: Router Renumbering for IPv6
  • RFC 2675: IPv6 Jumbograms
  • RFC 2464: Transmission of IPv6 Packets over Ethernet Networks
  • RFC 2185: Routing Aspects Of IPv6 Transition
  • RFC 1752: The Recommendation for the IP Next Generation Protocol

IS-IS

  • RFC 5310: IS-IS Generic Cryptographic Authentication
  • RFC 5308: Routing IPv6 with IS-IS
  • RFC 3359: Reserved Type, Length and Value (TLV) Codepoints in Intermediate System to Intermediate System
  • RFC 1195: Use of OSI IS-IS for Routing in TCP/IP and Dual Environments

LDAP

  • RFC 4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms
  • RFC 4512: Lightweight Directory Access Protocol (LDAP): Directory Information Models
  • RFC 4511: Lightweight Directory Access Protocol (LDAP): The Protocol
  • RFC 3494: Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic Status

NAT

  • RFC 7857: Updates to Network Address Translation (NAT) Behavioral Requirements
  • RFC 6888: Common Requirements for Carrier-Grade NATs (CGNs)
  • RFC 6146: Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers
  • RFC 5508: NAT Behavioral Requirements for ICMP
  • RFC 5382: NAT Behavioral Requirements for TCP
  • RFC 4966: Reasons to Move the Network Address Translator - Protocol Translator (NAT-PT) to Historic Status
  • RFC 4787: Network Address Translation (NAT) Behavioral Requirements for Unicast UDP
  • RFC 4380: Teredo: Tunneling IPv6 over UDP through Network Address Translations (NATs)
  • RFC 3948: UDP Encapsulation of IPsec ESP Packets
  • RFC 3022: Traditional IP Network Address Translator (Traditional NAT)

OSPF

  • RFC 6860: Hiding Transit-Only Networks in OSPF
  • RFC 6845: OSPF Hybrid Broadcast and Point-to-Multipoint Interface Type
  • RFC 5340: OSPF for IPv6
  • RFC 4812: OSPF Restart Signaling
  • RFC 4811: OSPF Out-of-Band Link State Database (LSDB) Resynchronization
  • RFC 4203: OSPF Extensions in Support of Generalized Multi-Protocol Label Switching (GMPLS)
  • RFC 3630: Traffic Engineering (TE) Extensions to OSPF Version 2
  • RFC 3623: Graceful OSPF Restart
  • RFC 3509: Alternative Implementations of OSPF Area Border Routers
  • RFC 3101: The OSPF Not-So-Stubby Area (NSSA) Option
  • RFC 2328: OSPF Version 2
  • RFC 1765: OSPF Database Overflow
  • RFC 1370: Applicability Statement for OSPF

PPP

  • RFC 2516: A Method for Transmitting PPP Over Ethernet (PPPoE)
  • RFC 2364: PPP Over AAL5
  • RFC 1661: The Point-to-Point Protocol (PPP)

RADIUS

  • RFC 5176: Dynamic Authorization Extensions to Remote Authentication Dial In User Service (RADIUS)
  • RFC 2866: RADIUS Accounting
  • RFC 2548: Microsoft Vendor-specific RADIUS Attributes

RIP

SIP

  • RFC 3960: Early Media and Ringing Tone Generation in the Session Initiation Protocol (SIP)
  • RFC 3325: Private Extensions to the Session Initiation Protocol (SIP) for Asserted Identity within Trusted Networks
  • RFC 3262: Reliability of Provisional Responses in the Session Initiation Protocol (SIP)
  • RFC 3261: SIP: Session Initiation Protocol

SNMP

  • RFC 4293: Management Information Base for the Internet Protocol (IP)
  • RFC 4273: Definitions of Managed Objects for BGP-4
  • RFC 4113: Management Information Base for the User Datagram Protocol (UDP)
  • RFC 4022: Management Information Base for the Transmission Control Protocol (TCP)
  • RFC 3635: Definitions of Managed Objects for the Ethernet-like Interface Types
  • RFC 3417: Transport Mappings for the Simple Network Management Protocol (SNMP)
  • RFC 3416: Version 2 of the Protocol Operations for the Simple Network Management Protocol (SNMP)
  • RFC 3414: User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3)
  • RFC 3413: Simple Network Management Protocol (SNMP) Applications
  • RFC 3412: Message Processing and Dispatching for the Simple Network Management Protocol (SNMP)
  • RFC 3411: An Architecture for Describing Simple Network Management Protocol (SNMP) Management Frameworks
  • RFC 3410: Introduction and Applicability Statements for Internet Standard Management Framework
  • RFC 2863: The Interfaces Group MIB
  • RFC 2578: Structure of Management Information Version 2 (SMIv2)
  • RFC 1238: CLNS MIB for use with Connectionless Network Protocol (ISO 8473) and End System to Intermediate System (ISO 9542)
  • RFC 1215: A Convention for Defining Traps for use with the SNMP
  • RFC 1213: Management Information Base for Network Management of TCP/IP-based internets: MIB-II
  • RFC 1212: Concise MIB Definitions
  • RFC 1157: A Simple Network Management Protocol (SNMP)
  • RFC 1156: Management Information Base for Network Management of TCP/IP-based internets
  • RFC 1155: Structure and Identification of Management Information for TCP/IP-based Internets

SSL

  • RFC 6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0
  • RFC 6101:The Secure Sockets Layer (SSL) Protocol Version 3.0

TCP

  • RFC 6691: TCP Options and Maximum Segment Size (MSS)
  • RFC 6298: Computing TCP's Retransmission Timer
  • RFC 6093: On the Implementation of the TCP Urgent Mechanism
  • RFC 793: Transmission Control Protocol

TLS

  • RFC 6347: Datagram Transport Layer Security Version 1.2
  • RFC 6066:Transport Layer Security (TLS) Extensions: Extension Definitions
  • RFC 5746: Transport Layer Security (TLS) Renegotiation Indication Extension
  • RFC 5425: Transport Layer Security (TLS) Transport Mapping for Syslog
  • RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2
  • RFC 4681: TLS User Mapping Extension
  • RFC 4680: TLS Handshake Message for Supplemental Data

VPN

  • RFC 4761: Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery and Signaling
  • RFC 4684: Constrained Route Distribution for Border Gateway Protocol/MultiProtocol Label Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks (VPNs)
  • RFC 4577: OSPF as the Provider/Customer Edge Protocol for BGP/MPLS IP Virtual Private Networks (VPNs)
  • RFC 4364: BGP/MPLS IP Virtual Private Networks (VPNs)
  • RFC 3715: IPsec-Network Address Translation (NAT) Compatibility Requirements

Other protocols

  • RFC 5424: The Syslog Protocol
  • RFC 5357: A Two-Way Active Measurement Protocol (TWAMP)
  • RFC 5214: Intra-Site Automatic Tunnel Addressing Protocol (ISATAP)
  • RFC 4960: Stream Control Transmission Protocol
  • RFC 4254: The Secure Shell (SSH) Connection Protocol
  • RFC 4253: The Secure Shell (SSH) Transport Layer Protocol
  • RFC 4252: The Secure Shell (SSH) Authentication Protocol
  • RFC 4251: The Secure Shell (SSH) Protocol Architecture
  • RFC 4250: The Secure Shell (SSH) Protocol Assigned Numbers
  • RFC 3435: Media Gateway Control Protocol (MGCP) Version 1.0
  • RFC 3376 : Internet Group Management Protocol, Version 3
  • RFC 2890: Key and Sequence Number Extensions to GRE
  • RFC 2784: Generic Routing Encapsulation (GRE)
  • RFC 2661: Layer Two Tunneling Protocol "L2TP"
  • RFC 2637: Point-to-Point Tunneling Protocol (PPTP)
  • RFC 2412: The OAKLEY Key Determination Protocol
  • RFC 2225: Classical IP and ARP over ATM
  • RFC 2033: Local Mail Transfer Protocol
  • RFC 1413: Identification Protocol
  • RFC 1305: Network Time Protocol (Version 3) Specification, Implementation and Analysis
  • RFC 1011: Official Internet Protocols
  • RFC 959: File Transfer Protocol (FTP)
  • RFC 862: Echo Protocol
  • RFC 783: The TFTP Protocol (Revision 2)
  • RFC 768: User Datagram Protocol
  • The TACACS+ Protocol

Miscellaneous

  • RFC 7348: Virtual eXtensible Local Area Network (VXLAN): A Framework for Overlaying Virtualized Layer 2 Networks over Layer 3 Networks
  • RFC 4784: Verizon Wireless Dynamic Mobile IP Key Update for cdma2000(R) Networks for cdma2000(R) Networks
  • RFC 4470: Minimally Covering NSEC Records and DNSSEC On-line Signing
  • RFC 3985: Pseudo Wire Emulation Edge-to-Edge (PWE3) Architecture
  • RFC 2979: Behavior of and Requirements for Internet Firewalls
  • RFC 2827: Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing
  • RFC 2780: IANA Allocation Guidelines For Values In the Internet Protocol and Related Headers
  • RFC 2647: Benchmarking Terminology for Firewall Performance
  • RFC 2644: Changing the Default for Directed Broadcasts in Routers
  • RFC 2231: MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations
  • RFC 1945: Hypertext Transfer Protocol -- HTTP/1.0
  • RFC 950: Internet Standard Subnetting Procedure
  • RFC 894: A Standard for the Transmission of IP Datagrams over Ethernet Networks