I'm glad you went with a diagram because I think it lands so much better than I can imagine a demo would. I got a question on the NSE4 on RPF and yours was the first video that made sense.
man... do you have any idea how LOOOOONG!!!!!!! i've been looking for a clear explanation. So many folks on here (youTube) make it difficult to understand....geez. thank you so much.
A few people have asked how it works with a default route. In feasible/loose mode it will be no different for a default route. The default route counts as a valid route. Source: NSE4 study guide.
Chris, i guess there is some misconception as RPF checking is all about checking source IP address in routing table and not Destinaion IP address. Here is the study guide RPF notes.. "The reason behind the RPF check is that if FortiGate receives a packet on an interface, and FortiGate doesn’t have a route to the packet source address through the incoming interface, then the source address of the packet could have been forged, or the packet was routed incorrectly. In either case, you want to drop that unexpected packet, so it doesn’t enter your network."
Hi Chris ,my doubt is when a default route to internet like Destination=0.0.0.0/0 and exit interface wan .How the RPF will work here ,for example the fortigate have a default route to internet like this set status enable set dst 0.0.0.0 0.0.0.0 set gateway 218.208.110.1 set distance 10 set weight 0 set priority 0 set device "wan2"
Ok cool i will use that also. Could you do some basic firewall and maybe some advanced stuff and could you do traffic shaping? I will need to know it for a job im starting next month
I'm glad you went with a diagram because I think it lands so much better than I can imagine a demo would. I got a question on the NSE4 on RPF and yours was the first video that made sense.
man... do you have any idea how LOOOOONG!!!!!!! i've been looking for a clear explanation. So many folks on here (youTube) make it difficult to understand....geez. thank you so much.
Wow. This was good, Chris! Very simple explanation. Thank you.
Thanks Robert, its a remarkably simple concept...just not easy to grasp!
A few people have asked how it works with a default route. In feasible/loose mode it will be no different for a default route. The default route counts as a valid route. Source: NSE4 study guide.
Excellent, also I learned feasible ignores the distance metric but checks priority.
The most easy explanation on RPF ever, thank you very much sir!
This helps with refreshing nse4 knowlegde for NSE7 cert :)
Thank you for sharing the content, it was very easy to understand after your explanation.
Fantastic Vid! A clear and concise explanation... this really helped me understand RPF. Thanks Chris.
Hey Anthony, glad it helped! RPF had me running in circles when I first ran into it. I had to make a video about this :)
Another great video. Thank you, Chris!
Thanks for the easy and clear explanation!
Very easy to understand .. Great explanation.
Thanks for the video !
Great explanation. Just what I was hunting around for. I wonder though, what impact does a default route have route matching?
Chris, i guess there is some misconception as RPF checking is all about checking source IP address in routing table and not Destinaion IP address. Here is the study guide RPF notes.. "The reason behind the RPF check is that if FortiGate receives a packet on an interface, and FortiGate doesn’t have a route to the packet source address through the incoming interface, then the source address of the packet could have been forged, or the packet was routed incorrectly. In either case, you want to drop that unexpected packet, so it doesn’t enter your network."
Got if!
Thank you 😊
Hi Chris ,my doubt is when a default route to internet like Destination=0.0.0.0/0 and exit interface wan .How the RPF will work here ,for example the fortigate have a default route to internet like this
set status enable
set dst 0.0.0.0 0.0.0.0
set gateway 218.208.110.1
set distance 10
set weight 0
set priority 0
set device "wan2"
good video. pls make more for the lab setup used in previous video's. also are there books you used to pass the exam?
I used the free training that you can get from the NSE Institute. I don't think there are any books on this cert yet, but I could be wrong.
Ok cool i will use that also. Could you do some basic firewall and maybe some advanced stuff and could you do traffic shaping? I will need to know it for a job im starting next month
@@shom3rshabbos Hell yeah man! Lets see what we can do...
so in this case, those 3 address at the top act as source or destination?
It was so usefull thank you so much.
If you need, I am selling a voucher for the fortinet NSE4 exam
But always there is a default route, so feasible will never stop no spoof, ???
nice video I get it now
Can you recommend a good book for the ns4?
Global objects
Not clear or helpful and wastes too much time at the beginning .
If you need, I am selling a voucher for the fortinet NSE4 exam