Transcription
DATA SHEETFortiOS Wireless LAN ControllerToday’s organizations are facing numerous challenges from thecampus to the branch as the network environment evolves withthe rapid rise of IoT devices, demanding mobile and remoteworkforce, and evolving security threats. Fortinet’s SecureWireless LAN Controllers are integrated into the FortiOS, apurpose-built network security operating system, which formsthe foundation of the FortiGate Network Security Platform. Thissolution leads to security-driven networking for wireless LANs.HighlightsnSupport for Wi-Fi 6 FortiAPsnScale from 1 to 10,000 APsnnnSecurity Fabric IntegrationFortinet’s Security Fabric extends to our Secure Wireless solutionproviding coordinated security policies to the very edge of thewired/wireless network where there are the most vulnerabilities.nnSuperior PerformanceThe latest wireless standards, integrated security at the edge viaFortiLink, client steering to 5 GHz radios and Application controlservices all combine to deliver the highest level of performanceand user experience.nnFlexible deployment modelsfor SD-Branch, Education,Healthcare, and HospitalityIntegrated securityand managementPCI compliance capabilities forretail storesIntegrated guest accessmanagement with captiveportalBYOD device finger printingand controlIntegrated WIDS and rogueAP managementSpectrum analysisEnd-to-End Wireless LAN SecurityIntegrated security services from the controller to the AP securesfor the network, the clients and the applications.1
DATA SHEET FortiOS Wireless LAN ControllerHIGHLIGHTSKey Features and BenefitsScalable and ResilientHighly scalable and centrally managed enterprise WLAN, with integrated radio resourcemanagement to reduce co-channel interference and provide consistent WLAN performance.Integrated Security Features Extends wired security features to WLAN, unifying both wired and wireless management into asingle console, providing a “Single Pane of Glass” management interface to the network.Layer-7 Application Visibility Leverage market leading features with the power of SPU-based deep packet inspectiontechnology to deliver granular application level visibility and control.The need for secure wireless networks with intra-SSIDprivacy, robust third-party certified security and advancednetworking capabilities, is now more important than ever.Delivering the industry’s most comprehensive suite ofsecurity, wireless and networking services, the FortiOSenterprise-class Wireless LAN Controller is purpose-built toleverage hardware acceleration provided by custom FortinetSecurity Processing Units (SPUs) while providing an easy touse enterprise wireless solution, in a single unified platform.Unbeatable Flexibility to Meet allDeployment NeedsA wireless infrastructure must be flexible and scalable. Byconsolidating security and wireless network capabilities,Fortinet Secure Wireless LAN Controllers significantly reducenetwork complexity and ultimately TCO. Fortinet’s no-VLANs approach reduces complex Layer-2 requirements, eliminatingthe need to propagate VLAN information across the networkto simplify and accelerate large, scalable deployments. With awide range of FortiGate models to choose from, no matter thesize of your network, there’s a FortiGate solution right for you.Single Pane-of-Glass ManagementIntegrating wired and wireless security into a single paneof-glass lowers operating costs and reduces IT staffworkloads by eliminating the complexities of troubleshootinga multivendor network and the need for costly training andcertification across multiple vendor products. In addition toreducing operating costs, a single pane of glass providescomplete visibility of clients, access points, switches and,security services, ensuring consistent security and controlpolicies are applied across the enterprise.Sophisticated Application ControlWireless bandwidth is a precious shared medium and it iscritical that business applications receive priority on thewireless LAN. FortiOS Application Control is built-in to theWireless LAN controller and uses deep Layer-7 inspectionwith over 4,000 application signatures to provide bandwidthguarantees and prioritization of critical applications. Thisindustry-leading Application Control capability providesthe fine-grained application control required to ensure theWireless LAN is performing at its best and is being utilized forthe intended applications.Industry-Leading SecurityFortiOS has its pedigree in Unified Threat Management andFortinet holds more industry certifications than any othervendor, providing the best-in-class unified protection withan integrated set of security services. From antivirus, webcontent filtering, application control, network IPS, emailfiltering and DLP, the same security that is applied to thewired network can now be applied to the wireless LAN. Builtin Wireless Intrusion Detection System capabilities furtherprotect the wireless LAN by detecting a vast array of RFintrusion techniques including:§ Association/ Authentication/ EAPOL Flooding§ Broadcast deauthentication§ Spoofed MAC§ Ad-hoc Network Detection and Containment§ Wireless Bridge Detection§ Misconfigured AP Detection§ MAC OUI CheckingAutomated Rogue AP Detectionand SuppressionRogue access points pose a serious network security threatby creating a leakage point where sensitive data such ascredit card information can be siphoned off the network. Forthis reason, the PCI DSS and other data security standardsoften mandate proactive monitoring and suppression ofrogue APs. The FortiGate Rogue AP on-wire detection engineuses various correlation techniques to determine if a RogueAP is connected to the network. This automated processcontinuously monitors for unknown APs and automaticallysuppresses any found to be unauthorized.22
DATA SHEET FortiOS Wireless LAN ControllerFEATURE HIGHLIGHTSBand SteeringCaptive PortalBand steering makes more efficient use of your availablewireless network by sending clients to the bands wherethey are most efficiently served. FortiOS allows the user toassign bands to clients based on their capabilities. Withoutband steering, a dual-band client could associate on eitherthe 2.4 GHz or the 5 GHz channels, leading to overcrowdingon one band or the other depending on device preferences.With band steering, you can direct some of this traffic to yourband of choice. Another example of using band steering is toseparate devices by their importance (or the importance ofthe types of traffic they will be passing on your network). Youcan leave all clients with low priority profiles on the 2.4 GHzchannels (where bandwidth is not a concern) and moveclients to the 5 GHz band to achieve higher data rates.Browser-based authentication for guest users is alsosupported via SSL enabled captive portal. This built-incaptive portal allows for HTML login page customization aswell as guest account provisioning and management via anintegrated guest management portal. FortiOS also supportsthe universal access method (UAM) for integrating with thirdparty external captive portal servers as well as two-factorauthentication with the FortiToken One Time Password (OTP)solution.Automatic Radio Resource ProvisioningFortiOS DARRP (Distributed Automatic Radio ResourceProvisioning) technology ensures the wireless infrastructureis always optimized to deliver maximum performance. FortinetAPs enabled with this advanced feature continuously monitorthe RF environment for interference, noise, and signals fromneighboring APs, enabling the FortiGate WLAN Controller todetermine the optimal RF power levels for each AP on thenetwork. When a new AP is provisioned, DARRP also ensuresthat it chooses the optimal channel, without administratorintervention.Device FingerprintingDevice fingerprinting allows the collection of variousattributes about a device connecting to the network. Thecollected attributes can fully or partially identify individualdevices, including the client’s OS, device type, and browserbeing used. Device Fingerprinting can provide moreinformation for the station and allows system administratorsto be more aware of the types of devices in use and takeactions if necessary.Spectrum AnalysisGet detailed RF information to understand what interferingdevices are in your area by using an existing AP radio forspectrum analysis. Several graphical depictions are availableincluding Signal Inteferencce, Spectragram, and Interferer list.AuthenticationRole DerivationPolicy EnforcementWireless & Network SecurityTraffic ShapingVisibility & Audit TrailCorporateNetwork3Complete Secure Wireless LAN ArchitecturenCaptive Portal, 802.1x, Temporary Guest AccessnUser and Device Identification, AuthorizationnUser and Device based policies, Application ControlnRogue AP Mitigation, Wireless Intrusion DetectionnUser and Application Based Wireless QOSnDetailed Network and Threat Visibility, Compliance Reporting
DATA SHEET FortiOS Wireless LAN ControllerSPECIFICATIONSWIRELESS CONTROLLERNetworkingWIRELESS CONTROLLERWireless Access and AuthenticationBonjour GatewayAbility to monitor and control Apple’s Bonjour ProtocolDHCPIntegrated DHCP serverVLANsInterface and trunkAccess – AuthenticationMethodsRFC 2716 PPP EAP-TLSRFC 2865 RADIUS authenticationSSID to VLAN mappingRFC 3579 RADIUS support for EAPDynamic VLAN SupportRoutingRFC 3580 IEEE 802.1x RADIUS GuidelinesStatic, dynamic and policy routingRFC 3748 Extensible Authentication ProtocolRIP, OSPF and BGP supportMulticastWEP64 – 64-bit Web Equivalent PrivacyPIM ModeWEP128 – 128-bit WEPMulticast to unicast conversionData ForwardingWPA (Wi-Fi Protected Access) Personal and Enterprise,including support for Multiple PreShared Keys (M-PSKs)Centralized – Tunneled to FortiGate, no VLANsDistributed – Bridged locallyWPA2 (Personal and Enterprise) – 802.11i standardSplit Policy Based – Selective forwarding based on resources,policyMAC address authenticationMAC address authentication via RADIUSProvisioning and ManagementManagement AccessHTTPS via web browserSSH, Telnet and consoleCertificate based authentication for BYODAuthentication Servers1 1 Support for High Availability (HA)Hitless failover in HA modeMonitoringEncryption ProtocolsTKIP AESClient monitoring – Signal strength, SNR, username, IP, devicetype, firewall policy, bandwidth usage, application visibilityDTLSRogue APL2TP/IPSec (RFC 3193)Mesh connectivity hierarchyLocation information available via APICentralizedManagementSingle pane of glass management for wired, wireless andsecurity configuration and monitoringXAUTH/IPSecVPNAuthentication against internal or external authenticationserverFully customizable look and feel including branding, graphicsand languageDisclaimer pageCentralized reporting, network analytics and trends ofthousands of locations via FortiAnalyzerMultiple-captive portal pagesForward to external captive portalRemote wireless packet captureRedirect to website after authenticationRemote APRemote AP (teleworker)SupportSSLIPSecCaptive PortalCentralized management of thousands of locations viaFortiManagerTroubleshootingCCMP/AESTKIPAccess Point (radio, channel) – Status, usage, utilizationWireless health monitoring, client trends, overloaded APs,excessive RF errorsInternal Database, RADIUS, LDAP, TACACS External Authentication Servers – Microsoft Active Directory,Microsoft IAS RADIUS server, Cisco ACS Server, FreeRADIUS ,Interlink RADIUS server, Steel Belted RadiusSNMP (V1 and V2)Management AvailabilityIEEE 802.1x (EAP, Cisco-LEAP, PEAP, EAP-TLS, EAP-TTLS,EAP-SIM, EAP-AKA)Supported on all FAP modelsEnables FAPs to be deployed remotely (over WAN link) to theFortiGate Wireless LAN ControllerGuest UserManagementIntegrated receptionist guest user management portalConfigurable expiration timeConfigurable start timesOptions to encrypt data trafficBulk account creationSplit routing – Selective forwarding based on policy(FortiOS 5.2)Integration with FortiAuthenticator for self-service captiveportal with e-mail loginWAN SurvivabilityWireless client connectivity is maintained when the wirelesscontroller is unreachable for open and PSK type SSIDsTroubleshootingLocal FAP diagnostic web portalMesh and BridgingTopologyMulti-hop meshSupport for multiple mesh instancesMesh HopsConfigurable maximum hop countBridgingPoint-to-Point bridgingPoint-to-Multipoint bridging for wireless ISP applicationsManagementVia FortiGate web interface44
DATA SHEET FortiOS Wireless LAN ControllerSPECIFICATIONSWIRELESS CONTROLLERWIRELESS CONTROLLERRF and Performance ManagementIPv6 SupportDAARP(Distributed AutomaticRadio ResourceProvisioning)DAARP SchedulingAutomated selection of RF channel to achieve consistentoptimal performanceClient SupportSupport for IPv6 clientsManagementManagement over IPv6 — Support for FortiGate to act asIPv6 nodeEnable with the option to exclude time slotsTrafficRouting protocols, firewall and UTM supportBand SteeringIntelligently balances stations across radios, steering stationsto 5 GHz RF bands for optimal performance and reducinginterferenceFirewallICSA firewall enterprise certificationAP Load BalancingDistribute clients evenly across APs on available channelsSelf HealingAutomatically adjust TX power levels to extend coverage tocompensate failed APsSpectrum AnalysisGet insight into the interferers in the environmentConfigurable (enable/disable)ICSA IPv6 certified firewallUSGv6 certified firewallIndustry StandardsWi-Fi AllianceWPA Personal, WPA Enterprise, WPA2 Personal, WPA2 Enterprise, WPA3 -Enterprise, WPA3 -Personal, WMM ,WMM Power Save, Wi-Fi Agile Multiband , Wi-Fi CERTIFIED6 , Wi-Fi CERTIFIED ac, Wi-Fi CERTIFIED a/b/g/n, Wi-FiEnhanced Open IEEE StandardCompliance802.11ax, 802.11a, 802.11b, 802.11d, 802.11g, 802.11k, 802.11n,802.11r, 802.11v, 802.11w, 802.11ac, 802.1Q, 802.3ad, 802.3af,802.3at, 802.3az, 802.11ax, 802.3bzRogue AP ManagementBackground ScanningBackground and full-time scanning for rogue APsOn-Wire CorrelationOn-Wire correlation to identify malicious APs that areconnected to the local networkRogue SuppressionConfigurable options for automatic and/or manualsuppression optionsOver-the-air suppression of offending APs and countermeasures to prevent clients attempting to connect to anidentified rogue APWireless IDSDetects and logs multiple RF intrusion methodsEvent LoggingSyslog of all Rogue AP eventsAuditingPre-built reported for PCI-DSS compliance generated viaFortiAnalyzerBYOD and MobilityDevice IdentityDistinguish between corporate assets and employee owneddevicesIdentify and classify device types, vendor information, OStypes and OS versionsApplication VisibilityLayer-7 application detection with support for over 3,000signaturesAbility to detect, prioritize or suppress applicationsQuality of ServiceEnd-to-end QoSPolicy based retagging of applicationsPreserve QoS tags across the wired and wireless networkPrioritize transmission of business critical applications overwirelessPolicy ManagementManage and enforce firewall and traffic shaping policiesbased on device and user identity802.11kvr SupportEnables more intelligent roaming decisions for faster roaming802.11i fast-roam back802.11i fast-associate in advancePMK cachingPresence Detection5Presence detection for presence analyticsAdditional RF TechnologiesBluetooth beacon enabledElectronic Shelf Label (ESL) system support for Hanshow &SES-IMagotag
DATA SHEET FortiOS Wireless LAN ControllerSPECIFICATIONSADDITIONAL RFCSBGPADDITIONAL RFCSCryptographyRFC 7911Advertisement of Multiple Paths in BGPRFC 4724Graceful Restart Mechanism for BGPRFC 4456BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)RFC 4360BGP Extended Communities AttributeRFC 4271A Border Gateway Protocol 4 (BGP-4)RFC 2918Route Refresh Capability for BGP-4RFC 2545Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain RoutingRFC 2439BGP Route Flap DampingRFC 1997BGP Communities AttributeRFC 1930Guidelines for creation, selection, and registration of an AutonomousSystem (AS)RFC 1772Application of the Border Gateway Protocol in the InternetADDITIONAL RFCSRFC 6954Using the Elliptic Curve Cryptography (ECC) Brainpool Curves for theInternet Key Exchange Protocol Version 2 (IKEv2)RFC 8031Curve25519 and Curve448 for the Internet Key Exchange ProtocolVersion 2 (IKEv2) Key AgreementRFC 7634ChaCha20, Poly1305, and Their Use in the Internet Key ExchangeProtocol (IKE) and IPsecRFC 7627Transport Layer Security (TLS) Session Hash and Extended MasterSecret ExtensionRFC 7539ChaCha20 and Poly1305 for IETF ProtocolsRFC 7427Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)RFC 7383Internet Key Exchange Protocol Version 2 (IKEv2) MessageFragmentationRFC 7296Internet Key Exchange Protocol Version 2 (IKEv2)RFC 7027Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport LayerSecurity (TLS)RFC 6989Additional Diffie-Hellman Tests for the Internet Key Exchange ProtocolVersion 2 (IKEv2)DHCPRFC 4361Node-specific Client Identifiers for Dynamic Host Configuration ProtocolVersion Four (DHCPv4)RFC 6290A Quick Crash Detection Method for the Internet Key Exchange Protocol(IKE)RFC 3736Stateless Dynamic Host Configuration Protocol (DHCP) Service for IPv6RFC 6023RFC 3633IPv6 Prefix Options for Dynamic Host Configuration Protocol (DHCP)version 6A Childless Initiation of the Internet Key Exchange Version 2 (IKEv2)Security Association (SA)RFC 5723Internet Key Exchange Protocol Version 2 (IKEv2) Session ResumptionRFC 3456Dynamic Host Configuration Protocol (DHCPv4) Configuration of IPsecTunnel ModeRFC 5282Using Authenticated Encryption Algorithms with the Encrypted Payloadof the Internet Key Exchange version 2 (IKEv2) ProtocolRFC 3315Dynamic Host Configuration Protocol for IPv6 (DHCPv6)RFC 5280RFC 2132DHCP Options and BOOTP Vendor ExtensionsInternet X.509 Public Key Infrastructure Certificate and CertificateRevocation List (CRL) ProfileRFC 2131Dynamic Host Configuration ProtocolRFC 4754IKE and IKEv2 Authentication Using the Elliptic Curve Digital SignatureAlgorithm (ECDSA)RFC 4635HMAC SHA TSIG Algorithm IdentifiersRFC 4492Elliptic Curve Cryptography (ECC) Cipher Suites for Transport LayerSecurity (TLS)RFC 4478Repeated Authentication in Internet Key Exchange (IKEv2) ProtocolRFC 4106The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating SecurityPayload (ESP)RFC 3947Negotiation of NAT-Traversal in the IKERFC 3602The AES-CBC Cipher Algorithm and Its Use with IPsecRFC 3526More Modular Exponential (MODP) Diffie-Hellman groups for Internet KeyExchange (IKE)RFC 2986PKCS #10: Certification Request Syntax Specification Version 1.7RFC 2845Secret Key Transaction Authentication for DNS (TSIG)RFC 2631Diffie-Hellman Key Agreement MethodRFC 2451The ESP CBC-Mode Cipher AlgorithmsRFC 2410The NULL Encryption Algorithm and Its Use With IPsecRFC 2405The ESP DES-CBC Cipher Algorithm With Explicit IVRFC 2404The Use of HMAC-SHA-1-96 within ESP and AHRFC 2403The Use of HMAC-MD5-96 within ESP and AHRFC 2315PKCS #7: Cryptographic Message Syntax Version 1.5RFC 2104HMAC: Keyed-Hashing for Message AuthenticationRFC 2085HMAC-MD5 IP Authentication with Replay PreventionRFC 1422Privacy Enhancement for Internet Electronic Mail: Part II: CertificateBased Key ManagementRFC 1321The MD5 Message-Digest AlgorithmPKCS #12PKCS 12 v1: Personal Information Exchange SyntaxDiffservRFC 3260New Terminology and Clarifications for DiffservRFC 2597Assured Forwarding PHB GroupRFC 2475An Architecture for Differentiated ServicesRFC 2474Definition of the Differentiated Services Field (DS Field) in the IPv4 andIPv6 Headers66
DATA SHEET FortiOS Wireless LAN ControllerSPECIFICATIONSADDITIONAL RFCSDNSRFC 6895Domain Name System (DNS) IANA ConsiderationsRFC 6864RFC 6604xNAME RCODE and Status Bits ClarificationRFC 5177Network Mobility (NEMO) Extensions for Mobile IPv4RFC 6147DNS64: DNS Extensions for Network Address Translation from IPv6 Clientsto IPv4 ServersRFC 4632Classless Inter-domain Routing (CIDR): The Internet Address Assignmentand Aggregation PlanRFC 4592The Role of Wildcards in the Domain Name SystemRFC 3927Dynamic Configuration of IPv4 Link-Local AddressesRFC 4035Protocol Modifications for the DNS Security ExtensionsRFC 3021Using 31-Bit Prefixes on IPv4 Point-to-Point LinksRFC 4034Resource Records for the DNS Security ExtensionsRFC 1812Requirements for IP Version 4 RoutersRFC 4033DNS Security Introduction and RequirementsIPv6RFC 3597Handling of Unknown DNS Resource Record (RR) TypesRFC 6343Advisory Guidelines for 6to4 DeploymentRFC 3226DNSSEC and IPv6 A6 aware server/resolver message size requirementsRFC 5175IPv6 Router Advertisement Flags OptionRFC 3007Secure Domain Name System (DNS) Dynamic UpdateRFC 5095Deprecation of Type 0 Routing Headers in IPv6RFC 2308Negative Caching of DNS Queries (DNS NCACHE)RFC 4941Privacy Extensions for Stateless Address Autoconfiguration in IPv6RFC 2181Clarifications to the DNS SpecificationRFC 4862IPv6 Stateless Address AutoconfigurationRFC 2136Dynamic Updates in the Domain Name System (DNS UPDATE)RFC 4861Neighbor Discovery for IP version 6 (IPv6)RFC 1996A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)RFC 4193Unique Local IPv6 Unicast AddressesRFC 1995Incremental Zone Transfer in DNSRFC 4007IPv6 Scoped Address ArchitectureRFC 1982Serial Number ArithmeticRFC 3971SEcure Neighbor Discovery (SEND)RFC 1876A Means for Expressing Location Information in the Domain Name SystemRFC 3596DNS Extensions to Support IP Version 6RFC 1706DNS NSAP Resource RecordsRFC 3587IPv6 Global Unicast Address FormatRFC 1183New DNS RR DefinitionsRFC 3493Basic Socket Interface Extensions for IPv6RFC 1101DNS Encoding of Network Names and Other TypesRFC 3056Connection of IPv6 Domains via IPv4 CloudsRFC 1035Domain Names - Implementation and SpecificationRFC 3053IPv6 Tunnel BrokerRFC 1034Domain Names - Concepts and FacilitiesRFC 2894Router Renumbering for IPv6RFC 2675IPv6 JumbogramsICMPUpdated Specification of the IPv4 ID FieldRFC 6918Formally Deprecating Some ICMPv4 Message TypesRFC 2464Transmission of IPv6 Packets over Ethernet NetworksRFC 6633Deprecation of ICMP Source Quench MessagesRFC 2185Routing Aspects Of IPv6 TransitionRFC 4884Extended ICMP to Support Multi-Part MessagesRFC 1752The Recommendation for the IP Next Generation Protocol IS-ISRFC 4443Internet Control Message Protocol (ICMPv6) for the Internet ProtocolVersion 6 (IPv6) SpecificationRFC 5310IS-IS Generic Cryptographic AuthenticationRFC 5308Routing IPv6 with IS-ISRFC 3359Reserved Type, Length and Value (TLV) Codepoints in Intermediate Systemto Intermediate SystemUse of OSI IS-IS for Routing in TCP/IP and Dual EnvironmentsRFC 1191Path MTU DiscoveryRFC 792Internet Control Message Protocol IPRFC 5798Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6RFC 1195RFC 4301Security Architecture for the Internet ProtocolLDAPRFC 3272Overview and Principles of Internet Traffic EngineeringRFC 4513RFC 3168The Addition of Explicit Congestion Notification (ECN) to IPLightweight Directory Access Protocol (LDAP): Authentication Methods andSecurity MechanismsRFC 2072Router Renumbering GuideRFC 4512Lightweight Directory Access Protocol (LDAP): Directory Information ModelsRFC 2071Network Renumbering Overview: Why would I want it and what is it anyway?RFC 4511Lightweight Directory Access Protocol (LDAP): The ProtocolRFC 1918Address Allocation for Private InternetsRFC 3494Lightweight Directory Access Protocol version 2 (LDAPv2) to Historic StatusRFC 1123Requirements for Internet Hosts -- Application and SupportRFC 1122Requirements for Internet Hosts -- Communication LayersRFC 791Internet ProtocolNATRFC 7857Updates to Network Address Translation (NAT) Behavioral RequirementsRFC 6888Common Requirements for Carrier-Grade NATs (CGNs)RFC 6146Stateful NAT64: Network Address and Protocol Translation from IPv6 Clientsto IPv4 ServersUsing Internet Group Management Protocol Version 3 (IGMPv3 andMulticast Listener Discovery Protocol Version 2 (MLDv2) for Source-SpecificMulticastRFC 5508NAT Behavioral Requirements for ICMPRFC 5382NAT Behavioral Requirements for TCPRFC 3973Protocol Independent Multicast - Dense Mode (PIM-DM): ProtocolSpecification (Revised)RFC 4966Reasons to Move the Network Address Translator - Protocol Translator(NAT-PT) to Historic StatusRFC 3956Embedding the Rendezvous Point (RP) Address in an IPv6 Multicast AddressRFC 4787RFC 3306Unicast-Prefix-based IPv6 Multicast AddressesNetwork Address Translation (NAT) Behavioral Requirements for UnicastUDPRFC 2365Administratively Scoped IP MulticastRFC 4380Teredo: Tunneling IPv6 over UDP through Network Address Translations(NATs)RFC 1112Host Extensions for IP MulticastingRFC 3948UDP Encapsulation of IPsec ESP PacketsRFC 3022Traditional IP Network Address Translator (Traditional NAT)IP MulticastRFC 4604IPSec7ADDITIONAL RFCSIPv4RFC 4304Extended Sequence Number (ESN) Addendum to IPsec Domain ofInterpretation (DOI) for Internet Security Association and Key ManagementProtocol (ISAKMP)RFC 4303IP Encapsulating Security Payload (ESP)RFC 3706A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE)Peers
DATA SHEET FortiOS Wireless LAN ControllerSPECIFICATIONSADDITIONAL RFCSOSPFADDITIONAL RFCSSNMPRFC 6860Hiding Transit-Only Networks in OSPFRFC 6845OSPF Hybrid Broadcast and Point-to-Multipoint Interface TypeRFC 5340OSPF for IPv6RFC 4812OSPF Restart SignalingRFC 4811OSPF Out-of-Band Link State Database (LSDB) ResynchronizationRFC 4203OSPF Extensions in Support of Generalized Multi-Protocol Label Switching(GMPLS)RFC 1238CLNS MIB for use with Connectionless Network Protocol (ISO 8473) andEnd System to Intermediate System (ISO 9542)RFC 1215A Convention for Defining Traps for use with the SNMPRFC 1213Management Information Base for Network Management of TCP/IP-basedinternets: MIB-IIRFC 1212Concise MIB DefinitionsRFC 1157A Simple Network Management Protocol (SNMP)RFC 1156Management Information Base for Network Management of TCP/IP-basedinternetsRFC 1155Structure and Identification of Management Information for TCP/IP-basedInternets SSHRFC 3630Traffic Engineering (TE) Extensions to OSPF Version 2RFC 3623Graceful OSPF RestartRFC 3509Alternative Implementations of OSPF Area Border RoutersRFC 3101The OSPF Not-So-Stubby Area (NSSA) OptionRFC 4254The Secure Shell (SSH) Connection ProtocolRFC 2328OSPF Version 2RFC 4253The Secure Shell (SSH) Transport Layer ProtocolRFC 1765OSPF Database OverflowRFC 4252The Secure Shell (SSH) Authentication ProtocolRFC 1370Applicability Statement for OSPFRFC 4251The Secure Shell (SSH) Protocol ArchitectureRFC 4250The Secure Shell (SSH) Protocol Assigned Numbers SSLPPPRFC 2516A Method for Transmitting PPP Over Ethernet (PPPoE)RFC 6176Prohibiting Secure Sockets Layer (SSL) Version 2.0RFC 2364PPP Over AAL5RFC 6101The Secure Sockets Layer (SSL) Protocol Version 3.0 TCPRFC 1661The Point-to-Point Protocol (PPP)RFC 6691TCP Options and Maximum Segment Size (MSS)RFC 6298Computing TCP's Retransmission TimerRFC 6093On the Implementation of the TCP Urgent MechanismRFC 793Transmission Control ProtocolRADIUSRFC 5176Dynamic Authorization Extensions to Remote Authentication Dial In UserService (RADIUS)RFC 2866RADIUS AccountingRFC 2548Microsoft Vendor-specific RADIUS AttributesRIPRFC 4822RIPv2 Cryptographic AuthenticationRFC 2453RIP Version 2RFC 2080RIPng for IPv6RFC 1724RIP Version 2 MIB ExtensionRFC 1058Routing Information ProtocolSIPRFC 3960Early Media and Ringing Tone Generation in the Session Initiation Protocol(SIP)RFC 3325Private Extensions to the Session Initiation Protocol (SIP) for AssertedIdentity within Trusted NetworksRFC 3262Reliability of Provisional Responses in the Session Initiation Protocol (SIP)RFC 3261SIP: Session Initiation ProtocolSNMPTLSRFC 8446The Transport Layer Security (TLS) Protocol Version 1.3RFC 7858Specification for DNS over Transport Layer Security (TLS)RFC 6347Datagram Transport Layer Security Version 1.2RFC 6066Transport Layer Security (TLS) Extensions: Extension DefinitionsRFC 5746Transport Layer Security (TLS) Renegotiation Indication ExtensionRFC 5425Transport Layer Security (TLS) Transport Mapping for SyslogRFC 5246The Transport Layer Security (TLS) Protocol Version 1.2RFC 4681TLS User Mapping ExtensionRFC 4680TLS Handshake Message for Supplemental Data VPNRFC 4761Virtual Private LAN Service (VPLS) Using BGP for Auto-Discovery andSignalingRFC 4684Constrained Route Distribution for Border Gateway Protocol/MultiProtocolLabel Switching (BGP/MPLS) Internet Protocol (IP) Virtual Private Networks(VPNs)RFC 4577SPF as the Provider/Customer Edge Protocol for BGP/MPLS IP VirtualPrivate Networks (VPNs)RFC 4364BGP/MPLS IP Virtual Private Networks (VPNs)RFC 3715IPsec-Network Address Translation (NAT) Compatibility RequirementsWirelessRFC 4293Management Information Base for the Internet Protocol (IP)RFC 4273Definitions of Managed Objects for BGP-4RFC 4113Management Information Base for the User Datagram Protocol (UDP)RFC 4022Management Information Base for the Transmission Control Protocol (TCP)RFC 5415Control and Provisioning of Wireless Access Points (CAPWAP)RFC 3635Definitions of Managed Objects for the Ethernet-like Interface TypesRFC 5416RFC 3417Transport Mappings for the Simple Network Management Protocol (SNMP)Control and Provisioning of Wireless Access Points (CAPWAP) ProtocolBinding for IEEE 802.11RFC 3416Version 2 of the Protocol Operations for the Simple Network ManagementProtocol (SNMP)RFC 5417CAPWAP Access Controller DHCP OptionRFC 8110Opportunistic Wireless Encryption (OWE)RFC 3414User-based Security Model (USM) for version 3 of the Simple NetworkManagement Protocol (SNMPv3)RFC 3413Simple Network Management Protocol (SNMP) ApplicationsRFC 3412Message Processing and Dispatching for the Simple Network ManagementProtocol (SNMP)RFC 3411An Architecture for Describing Simple Network Management Protocol(SNMP) Management FrameworksRFC 3410Introduction and Applicability Statements for Internet StandardManagement FrameworkRFC 2863The Interfaces Group MIBRFC 2578Structure of Management Information Version 2 (SMIv2)88 pag
Fortinet Secure Wireless LAN Controllers significantly reduce network complexity and ultimately TCO. Fortinet's no-VLANs . Microsoft IAS RADIUS server, Cisco ACS Server, FreeRADIUS , Interlink RADIUS server, Steel Belted Radius Encryption Protocols CCMP/AES TKIP TKIP AES DTLS L2TP/IPSec (RFC 3193) XAUTH/IPSec VPN SSL
