By looking at RFC 3768, section 5.3.9 seems to indicate that indeed you should be able to configure more than one virtual IP in a single instance:
5.3.9. IP Address(es)
One or more IP addresses that are associated with the virtual router.
The number of addresses included is specified in the "Count IP Addrs"
field. These fields are used for troubleshooting misconfigured
routers.
What would you call a manufacturer that allows you to define secondary IPs on an interface/VLAN, but not in a VRRP instance on that interface? Instead, they say you should just create another instance. While that would work, interoperability with other gear may be at stake.
We're talking about Fortinet, and all I ever hear from them is "our gear just works that way".
Best Answer
It's hard to say exactly what the question is.
Maybe you should rephrase it, with something like :
"Is fortinet implementation of VRRP RFC-Compliant?"
The fact is the RFC3768 is obsoleted by RFC5798, where it is stated in section 3 :
Following your comment I goes trough the entire RFC and you're right in the fact it always mention "a set of IP address". It even speak about the "primary address" in a set.
So it's quite clear that the author itended the protocol to support multiple IPs per VRID.
However, nowhere in the RFC is mentioned something like "the router MUST support a set of X IP address for a given VRID"
So I would say, despite the fact the RFC clearly spoke about a "set" of IP address, unfortunately it lacks a "MUST" statement to force vendors to implement it.
I guess we have to conclude that, regarding this specific point, Fortinet implementation is RFC-compliant (but I would say, really border-line).