NSE 4 – FortiGate 7.0 — Question 68

In which two ways can RPF checking be disabled? (Choose two.)

Answer options

• A. Enable anti-replay in firewall policy.
• B. Disable the RPF check at the FortiGate interface level for the source check.
• C. Disable strict-src-check under system settings.
• D. Enable asymmetric routing.

Correct answer: B, D

Explanation

Disabling the RPF check at the FortiGate interface level allows for more flexible routing, which is necessary in certain network configurations. Enabling asymmetric routing also bypasses the need for RPF checks since it allows packets to arrive via different paths. The other options either enhance security or do not pertain to RPF checking directly.