Technical Tip: Using IANA Protocol Numbers in FortiGate Configurations

markdr_FTNT · ‎08-24-2025

Description

This article provides the common Protocol Numbers used in FortiGate configurations how to use IANA-assigned protocol numbers in FortiGate configurations.

Scope

FortiGate.

Solution

When configuring a FortiGate, it may be necessary to refer to protocols by their IANA protocol number, rather than by name. These numbers are standardized by the 'Internet Assigned Numbers Authority' (IANA) and used in the IP header 'Protocol' field.

Below are some of the most commonly used protocol numbers in FortiGate deployments:

Protocol	Number	Typical Use Case
ICMP	1	Ping, network troubleshooting
TCP	6	Most applications (HTTP, HTTPS, etc.)
UDP	17	DNS, VoIP, streaming, VPN
GRE	47	GRE tunnels (common with Cisco routers, VPNs)
ESP	50	IPsec VPN (Encapsulating Security Payload)

Note:

The full list of assigned numbers is maintained by IANA and can be found here: IANA Protocol Numbers Registry

Here is an example:

Here is a protocol number used in an IPv4 Rule (Access Control List):

Here is the CLI equivalent:

config wireless-controller access-control-list
edit "Block_ICMP"
config layer3-ipv4-rules
edit 1
set dstaddr 192.168.40.42/255.255.255.255
set protocol 1 <----- ICMP.
set action deny
next
end
next
end

Technical Tip: Using IANA Protocol Numbers in FortiGate Configurations

You are leaving our website