Refer to the exhibit, which shows a partial routing table.
Assuming all the appropriate firewall policies are configured, what two changes would an administrator need to make if they wanted to send traffic from a client directly connected to port3, to a server directly connected to port4? (Choose two.)
To enable communication between a client directly connected to port3 and a server directly connected to port4, the administrator needs to configure route leaking between VRF 12 and VRF 21 to ensure that routes are shared across the VRFs. Additionally, SNAT should be enabled on the relevant firewall policies to prevent Reverse Path Forwarding (RPF) check drops. This is essential to ensure that packets are not dropped when the source and destination are in different VRFs.
RIP doesn't support VRF
A & E seems correct: A - is correct - you need to configure VRF route leaking B - didn`t find anything to confirm this. C - Rip is not supported D - route leaking configuration is not on interfaces. E - sounds right.
A -> you need to configure route leaking E -> net 10.1.0.0/24 overlaps, so SNAT can bypass the RPF check
Hi mau_80, could you please provide a more detailed explanation of why there is an overlap with subnet 10.1.0.0/24? This subnet is directly connected in VRF=12 and is reachable via a static route in the VRF=21 route table. It has not been duplicated in the locally connected networks of both VRFs. Thank you in advance.
I think the answers are A and E because RIP is not supported in VRF.
learn it in udemy
C is not correct: https://docs.fortinet.com/document/fortigate/7.0.9/administration-guide/509828/vrf-routing-support
Enterprise_Firewall_7.0_Study_Guide-Online.pdf p 148, 159
A and E