View all questions & answers for the NSE 6 - Network Security 7.6 Support Engineer Materials exam


Question 39 Discussion

Refer to the exhibit. Network topology and a partial routing table is shown. FortiGate has already been configured with a firewall policy that allows all ICMP traffic to flow from port1 to port3. Which two changes can the administrator perform to ensure the server at 10.4.0.1/24 receives the echo reply from the laptop at 10.1.0.1/24? (Choose two answers)

  • A. Change the FortiGate configuration from strict RPF check mode to feasible RPF check mode.
  • B. Modify the default gateway on the laptop from 10.1.0.2 to 10.1.0.254.
  • C. Add a default static route on FortiGate to forward all traffic to port3.
  • D. Enable asymmetric routing under config system settings.
Correct Answer: B,D

Brave-Dump Clients Votes

AD 100%

Comments



Fatma Salih 2026-01-14 23:30:09

Selected Answers: A, D


no need to change PC GW
  • Adam 2026-01-15 07:43:02
    Feasible RPF won't help if first packet of the session didn't pass by FortiGate. Solution is option B so we bypass FortiGate completely OR option D. From Study Guide: When you enable FortiOS to allow asymmetric routing, FortiGate essentially acts as a router and performs no security inspection. It routes the echo replies as follows: 1. The server ICMP request bypasses FortiGate to reach the PC. 2. The PC sends an echo reply that passes through FortiGate. 3. After the packet passes through the FortiGate CPU, FortiGate forwards the packet using the FIB, even though there are no session matches. 4. FortiGate forwards all subsequent echo replies using the FIB.