NSE 4 – FortiGate 6.4 — Question 108

In which two ways can RPF checking be disabled? (Choose two.)

Answer options

• A. Enable anti-replay in firewall policy.
• B. Enable asymmetric routing.
• C. Disable strict-src-check under system settings.
• D. Disable the RPF check at the FortiGate interface level for the source check.

Correct answer: B, D

Explanation

The correct answers are B and D. Enabling asymmetric routing allows for packets to be accepted even if they arrive on a different interface than expected, thus bypassing RPF checks. Disabling the RPF check at the FortiGate interface level also directly prevents the RPF checks from being enforced. The other options do not disable RPF checking; rather, they pertain to other security features or configurations.