FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pginete
Staff
Staff
Article Id 193338

Description


This article describes how to disable Reverse Path Forwarding (RPF) per interface.

 

Scope

 

FortiGate.

Solution


RPF is a mechanism that protects FortiGate and the network from IP spoofing attacks.

By default, RPF checking is enabled on all interfaces. Disable RFP checks globally or within a specific VDOM by enabling asymmetric route:

 

config system settings
   set asymroute enable
end

 

If the requirement is to disable RPF checks only for a specific interface, use the commands below to achieve it:

 

config system interface
   edit <interface>
      set src-check disable
end

 

Note:

Disabling RPF checks can make the network more vulnerable to IP spoofing attacks, thus, should be done with caution and primarily for troubleshooting purposes.

 

Related article:

Technical Tip: Reverse Path Forwarding (RPF) implementation and use of strict-src-check