Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pginete
Staff
Staff

Created on ‎02-14-2021 10:17 PM Edited on ‎03-05-2025 05:00 PM By Staff

Article Id 193338

Technical Tip: How to disable Reverse Path Forwarding (RPF) per interface

Description


This article describes how to disable Reverse Path Forwarding (RPF) per interface.

 

Scope

 

FortiGate.

Solution


RPF is a mechanism that protects FortiGate and the network from IP spoofing attacks.

By default, RPF checking is enabled on all interfaces. Disable RFP checks globally or within a specific VDOM by enabling asymmetric route:

 

config system settings
   set asymroute enable
end

 

If the requirement is to disable RPF checks only for a specific interface, use the commands below to achieve it:

 

config system interface
   edit <interface>
      set src-check disable
end

 

Note:

Disabling RPF checks can make the network more vulnerable to IP spoofing attacks, thus, should be done with caution and primarily for troubleshooting purposes.

 

Related article:

Technical Tip: Reverse Path Forwarding (RPF) implementation and use of strict-src-check

Labels:
42440
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.