Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Hermine
New Contributor II

Audit

Hello, how to configure anti spoofing and statefull ??

1 Solution
Toshi_Esumi
Esteemed Contributor II

Opposite. If you enabled it, it wouldn't be "anti-spoofing" and most of (stateful) FW features wouldn't work.

View solution in original post

4 REPLIES 4
Toshi_Esumi
Esteemed Contributor II

It's generally considered "anti-spoofing = block asymmetric routing". And statefull is any firewall that inspects the state of connections between a particular set of source and desition, i.e. session in FortiGate case. Layer3 is always state-less.  So unless you disabled this base feature of FortiGate under global config (enabled asymmetric routing), you can check it off from the audit list.

 

Toshi

Hermine
New Contributor II

meaning if "set asymroute enable" then statefull and anti spoofing are active?

Toshi_Esumi
Esteemed Contributor II

Opposite. If you enabled it, it wouldn't be "anti-spoofing" and most of (stateful) FW features wouldn't work.

Hermine
New Contributor II

Ah ok. Thanks