commit a2cad1

Commit `a2cad1`

2026-04-03 16:40:45 Peter: e

0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9

`fortinet.md` ..
@@ 1,77 1,2 @@
	# Fortinet
	Knowledge about all things fortinet
-
-	# Certifications
-	## NSE4 - Basics
-	What to know for NSE4 - Basics of fortinet
-
-	### Routing
-	#### RPF
-	--- Reverse Path Forwarding ---
-
-	Anti IP Spoofing.
-
-	✅ Strict RPF (uRPF strict)
-	A packet is allowed only if the best (longest‑match / preferred) route back to the source IP would exit the same interface the packet arrived on.
-
-	Think: “Would I send the reply back out the same interface?”
-	If no → drop.
-
-	✅ Loose RPF (uRPF loose)
-	A packet is allowed if the firewall/router has any route at all to the source IP (regardless of interface). It’s basically a route existence check.
-
-	Think: “Do I have some route to that source?”
-	If yes → allow.
-
-	##### RPF Example
-
-	Topology (classic multi-homed/asymmetric routing)
-	ISP-A (WAN1) -----------------
-	\| \
-	\| (best route to source) \ Internet
-	+---+---+ \
-	\| Forti \| \
-	\| Gate \| \
-	+---+---+ \
-	\| \
-	ISP-B (WAN2) ------------------------(packet arrives here)
-
-	Routing table on FortiGate (simplified)
-	203.0.113.0/24 via WAN1 ← best/preferred route
-	default route(s), etc.
-
-	Traffic event
-	A packet arrives on WAN2:
-
-	Src = 203.0.113.5
-	Dst = your public VIP / service
-	Ingress interface = WAN2
-
-	RPF decision
-	Strict RPF:
-
-	Look up route to 203.0.113.5
-	Best route says: send to WAN1
-	But packet came in WAN2
-	Mismatch → DROP
-
-	Loose RPF:
-
-	Look up route to 203.0.113.5
-	A route exists (via WAN1)
-	Loose mode does not care that it arrived on WAN2
-	Route exists → ALLOW
-
-	### FSSO
-
-	### Security Profiles
-
-	#### Anti Virus
-
-	#### Web Filter
-
-	#### IPS
-
-	#### Application Control
-
-	### Certificates

Commit a2cad1

Commit `a2cad1`