Podcast
Questions and Answers
Which mode is the default mode for RPF check?
Which mode is the default mode for RPF check?
In feasible path mode, the packet is accepted as long as there is one active route to the source IP through the incoming interface.
In feasible path mode, the packet is accepted as long as there is one active route to the source IP through the incoming interface.
Does the packet from 10.4.0.1 to 10.1.0.1 get accepted?
Does the packet from 10.4.0.1 to 10.1.0.1 get accepted?
Does the packet from 172.16.1.1 to 10.1.0.1 get accepted?
Does the packet from 172.16.1.1 to 10.1.0.1 get accepted?
Signup and view all the answers
What was feasible path mode formerly known as?
What was feasible path mode formerly known as?
Signup and view all the answers
Does the packet need to take the best route in feasible path mode?
Does the packet need to take the best route in feasible path mode?
Signup and view all the answers
Is there an active route to the IP-address 172.16.1.1 through port3?
Is there an active route to the IP-address 172.16.1.1 through port3?
Signup and view all the answers
What is the destination IP of the packet that is accepted?
What is the destination IP of the packet that is accepted?
Signup and view all the answers
What is the destination IP of the packet that is not accepted?
What is the destination IP of the packet that is not accepted?
Signup and view all the answers
What is the default route used for?
What is the default route used for?
Signup and view all the answers
Which table does FortiGate go to if the action in a policy route is Stop Policy Routing?
Which table does FortiGate go to if the action in a policy route is Stop Policy Routing?
Signup and view all the answers
What is the purpose of the Forwarding Information Base (FIB)?
What is the purpose of the Forwarding Information Base (FIB)?
Signup and view all the answers
In a FortiGate high availability (H-A) cluster, which table exists only on the secondary FortiGate?
In a FortiGate high availability (H-A) cluster, which table exists only on the secondary FortiGate?
Signup and view all the answers
What happens if there is no match in any of the routing tables?
What happens if there is no match in any of the routing tables?
Signup and view all the answers
What is the first criteria used by FortiGate to select a route when there are multiple routes to a destination?
What is the first criteria used by FortiGate to select a route when there are multiple routes to a destination?
Signup and view all the answers
When does FortiGate use the lowest metric as the tiebreaker for dynamic routes?
When does FortiGate use the lowest metric as the tiebreaker for dynamic routes?
Signup and view all the answers
Which type of routes does FortiGate use the lowest priority as the tiebreaker?
Which type of routes does FortiGate use the lowest priority as the tiebreaker?
Signup and view all the answers
What is equal cost multipath (ECMP) used for?
What is equal cost multipath (ECMP) used for?
Signup and view all the answers
Under what conditions does FortiGate add a static route to the routing table?
Under what conditions does FortiGate add a static route to the routing table?
Signup and view all the answers
What does the reverse path forwarding (RPF) check protect against?
What does the reverse path forwarding (RPF) check protect against?
Signup and view all the answers
FortiGate performs routing table lookup how many times for any session?
FortiGate performs routing table lookup how many times for any session?
Signup and view all the answers
What happens to the route information in the session table after a routing change?
What happens to the route information in the session table after a routing change?
Signup and view all the answers
How many routing lookups does FortiGate usually perform for a traffic session?
How many routing lookups does FortiGate usually perform for a traffic session?
Signup and view all the answers
When would FortiGate perform additional routing table lookups?
When would FortiGate perform additional routing table lookups?
Signup and view all the answers
How does FortiGate decide routes?
How does FortiGate decide routes?
Signup and view all the answers
Which command can be used to view FortiGate's policy routes?
Which command can be used to view FortiGate's policy routes?
Signup and view all the answers
How many routing modules does FortiGate have?
How many routing modules does FortiGate have?
Signup and view all the answers
What does FortiGate do with the routing information after performing routing lookups for a session?
What does FortiGate do with the routing information after performing routing lookups for a session?
Signup and view all the answers
What happens to the route information in the session table after a routing change?
What happens to the route information in the session table after a routing change?
Signup and view all the answers
Is FortiGate a stateful or stateless device?
Is FortiGate a stateful or stateless device?
Signup and view all the answers
Study Notes
RPF Check
- The default mode for RPF check is feasible path mode.
Feasible Path Mode
- In feasible path mode, a packet is accepted as long as there is one active route to the source IP through the incoming interface.
- Feasible path mode was formerly known as "asymmetric routing".
- The packet does not need to take the best route in feasible path mode.
Packet Acceptance
- The packet from 10.4.0.1 to 10.1.0.1 gets accepted.
- The packet from 172.16.1.1 to 10.1.0.1 gets accepted.
Route Information
- There is no active route to the IP address 172.16.1.1 through port3.
- The destination IP of the packet that is accepted is 10.1.0.1.
- The destination IP of the packet that is not accepted is not specified.
Routing
- The default route is used for routing packets when there is no specific route.
- When the action in a policy route is Stop Policy Routing, FortiGate goes to the Kernel routing table.
- The purpose of the Forwarding Information Base (FIB) is to facilitate routing decisions.
- In a FortiGate high availability (H-A) cluster, the secondary FortiGate has a dedicated routing table.
- If there is no match in any of the routing tables, FortiGate uses the default route.
- The first criteria used by FortiGate to select a route when there are multiple routes to a destination is the longest prefix match.
- FortiGate uses the lowest metric as the tiebreaker for dynamic routes when there are multiple routes with the same prefix length.
- FortiGate uses the lowest priority as the tiebreaker for static routes.
- Equal cost multipath (ECMP) is used for load balancing and redundancy.
Route Addition
- FortiGate adds a static route to the routing table when the route is configured manually.
RPF Protection
- The reverse path forwarding (RPF) check protects against spoofing attacks.
Routing Table Lookup
- FortiGate performs routing table lookup only once for any session.
- The route information in the session table is updated after a routing change.
- FortiGate usually performs one routing lookup for a traffic session.
- FortiGate performs additional routing table lookups when the routing table changes or the session is re-established.
Route Decision
- FortiGate decides routes based on the routing table and policy routes.
Policy Routes
- The command to view FortiGate's policy routes is "diag debug appl cs-route".
Routing Modules
- FortiGate has two routing modules: the kernel routing table and the FIB.
Routing Information
- After performing routing lookups for a session, FortiGate stores the routing information in the session table.
- The route information in the session table is updated after a routing change.
- FortiGate is a stateful device.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Test your knowledge on routing concepts and troubleshooting with this quiz. Learn about route lookup in FortiGate and how routing information is stored in session tables and route cache. Find out what happens to route information after a routing change.
