ExamTopics Logo
Mail Us[email protected]
Menu
Fortinet Discussions
exam questions

Exam NSE4_FGT-6.4 All Questions

View all questions & answers for the NSE4_FGT-6.4 exam
Go to Exam

Exam NSE4_FGT-6.4 topic 1 question 119 discussion

Actual exam question from Fortinet's NSE4_FGT-6.4
Question #: 119
Topic #: 1
[All NSE4_FGT-6.4 Questions]

In which two ways can RPF checking be disabled? (Choose two.)

  • A. Enable anti-replay in firewall policy.
  • B. Enable asymmetric routing.
  • C. Disable strict-src-check under system settings.
  • D. Disable the RPF check at the FortiGate interface level for the source check.
Show Suggested Answer Hide Answer
Suggested Answer: BD 🗳️
by Helber at Aug. 20, 2021, 1:24 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
steef1982
Highly Voted 3 years, 8 months ago
B and D Infra page 39
upvoted 20 times
...
Helber
Highly Voted 3 years, 8 months ago
C and D - FG Infra page 39
upvoted 5 times
...
zequel
Most Recent 3 years, 3 months ago
Selected Answer: BD
B & D - as mentioned by a few other good people here :) https://kb.fortinet.com/kb/documentLink.do?externalID=FD51279
upvoted 3 times
...
RatheeshRavindran
3 years, 3 months ago
B and D is Correct
upvoted 1 times
...
franger
3 years, 5 months ago
B&D https://kb.fortinet.com/kb/documentLink.do?externalID=FD51279
upvoted 4 times
...
Alagi
3 years, 7 months ago
As of today, there is no available option to disable RPF at the interface level however there are other possibilities: "asymetric routing enable" : Configuring the vdom in asymetric mode (set asymroute enable) is one of them but also it also disables the packet state inspection which may not be wanted. "strict-src-check disable" + adding a supernet route as "feasible patch" A route with a larger prefix can be added pointing to interface where packet egresses. Since best match applies, the most specific route will be used to route packets. This "non-priority" route is added to provide a "feasible path". 'strict-src-check' should be set to 'disable'. "strict-src-check disable" + adding the same route as the best matching one (same subnet, same prefix, same distance) but having a higher priority value than the best match one. This will force the route to be injected in the routing table as a second choice. Note : the lower priority, the best . If not defined, priority is set to '0' per default
upvoted 1 times
xMarc65
3 years, 7 months ago
in 6.4 it is possible to disable by interface Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD51279
upvoted 5 times
...
...
HdiaOwner
3 years, 8 months ago
B and D Infra page 39
upvoted 5 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago