How does strict RPF check function in a FortiGate device?

Strict Reverse Path Forwarding (RPF) check is an important feature used in FortiGate devices to enhance security and ensure proper routing of packets. The primary function of strict RPF is to validate the incoming traffic source against the routing table.

When strict RPF is enabled, the device examines the routing table to find out the best route back to the source IP address of the incoming packet. Specifically, it checks if the packet arrived on the interface that is identified as the best path for returning traffic to that source. This verification helps prevent IP spoofing attacks, where malicious actors might attempt to send packets with forged source addresses.

If the incoming packet does not match the established route in the routing table, the FortiGate device will discard that packet. This process not only helps secure the network by ensuring packets originate from legitimate sources but also optimizes routing efficiency by confirming that the traffic follows the proper pathways.

In summary, option B is accurate because it describes the core functionality of strict RPF checks in a FortiGate device, focusing on validating the incoming interface against the route back to the source.