Technical Tip: How to disable Reverse Path Forwarding (RPF) per interface

Description

This article describes how to disable Reverse Path Forwarding (RPF) per interface.

Scope

FortiGate.

Solution

RPF is a mechanism that protects FortiGate and the network from IP spoofing attacks.

By default, RPF checking is enabled on all interfaces. Disable RFP checks globally or within a specific VDOM by enabling asymmetric route:

config system settings
   set asymroute enable
end

If the requirement is to disable RPF checks only for a specific interface, use the commands below to achieve it:

config system interface
   edit <interface>
      set src-check disable
end

Note:

Disabling RPF checks can make the network more vulnerable to IP spoofing attacks, thus, should be done with caution and primarily for troubleshooting purposes.

Related article:

Technical Tip: Reverse Path Forwarding (RPF) implementation and use of strict-src-check