Popular
Latest Articles
- Checkpoint Web Visualization only provides part of the policy
- Running a packet capture on a SourceFire Sensor
- File download fails through Netscreen when using IE6 with Passive FTP
- I am unable to clear the VPN SA`s using the vpn tu command
- encryption failure: According to the policy the packet should not have been decrypted
Invalid MD5 digest - BGP Traffic Through Checkpoint
Issue
When allowing eBGP traffic through a Checkpoint Firewall you may receive the following error message on your BGP peered routers. (This error may occur at the point of pushing a policy to your Checkpoint Firewall),
TCP-6-BADAUTH: Invalid MD5 digest from [Source IP]:[Source Port] to [Dest IP]:179
Solution
This is down to the Checkpoint State Table and the TCP sequence number of the BGP Traffic changing at the point of policy push.
To prevent this occurring you will need to change the following settings,
- Checkpoint Gateway Object > Advanced > Connection Persistence > (Tick) Keep all connections
- Services > TCP > BGP Service > (Tick) Keep connections open after Policy has been installed
We have 13 guests online