Invalid MD5 digest - BGP Traffic Through Check Point


When allowing eBGP traffic through a Check Point Firewall you may receive the following error message on your BGP peered routers. (This error may occur at the point of pushing a policy to your Check Point Firewall),

TCP-6-BADAUTH: Invalid MD5 digest from [Source IP]:[Source Port] to [Dest IP]:179


This is down to the Check Point State Table and the TCP sequence number of the BGP Traffic changing at the point of policy push.

To prevent this occurring you will need to change the following settings,

  • Check Point Gateway Object > Advanced > Connection Persistence > (Tick) Keep all connections
    • Services > TCP > BGP Service > (Tick) Keep connections open after Policy has been installed


About the Author


R Donato

Rick Donato is the Founder and Chief Editor of He currently works as an SDN/NFV Solutions Architect and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001