Description
This article describes how to disable Reverse Path Forwarding (RPF) per interface.
Scope
FortiGate.
Solution
RPF is a mechanism that protects FortiGate and the network from IP spoofing attacks.
By default, RPF checking is enabled on all interfaces. Disable RFP checks globally or within a specific VDOM by enabling asymmetric route:
config system settings
set asymroute enable
end
If the requirement is to disable RPF checks only for a specific interface, use the commands below to achieve it:
config system interface
edit <interface>
set src-check disable
end
Note:
Disabling RPF checks can make the network more vulnerable to IP spoofing attacks, thus, should be done with caution and primarily for troubleshooting purposes.
Related article:
Technical Tip: Reverse Path Forwarding (RPF) implementation and use of strict-src-check
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.