Skip to main content
subramanis
Staff
subramanis
Staff
November 5, 2025

Troubleshooting Tip: BGP Error logs 'OPEN Message Error/Bad Peer AS'

  • November 5, 2025
  • 0 replies
  • 1380 views
Description This article provides the solution for the error 'OPEN Message Error/Bad Peer AS' when performing BGP debugging.
Scope FortiGate.
Solution

When enabling BGP debugging on the FortiGate devices, the following log messages are observed:

 

2025-11-04 01:53:22 [root] BGP: %BGP-3-NOTIFICATION: received from 192.168.1.2 2/2 (OPEN Message Error/Bad Peer AS.) 4 data-bytes [fd e8 00 00]
2025-11-04 01:53:22 [root] BGP: 192.168.1.2-Outgoing [FSM] State: OpenConfirm Event: 25
2025-11-04 01:53:22 [root] BGP: 192.168.1.2-Outgoing [FSM] BGP Notification received

 

This indicates that the BGP OPEN message exchange failed due to a mismatch in the expected and received peer AS numbers.
The BGP 'OPEN Message Error/Bad Peer AS' occurs when the local device’s configured remote-as value does not match the AS number that the remote peer advertises in its BGP OPEN message.
 
In this example, the Spoke1 device is configured with an incorrect remote-as value (65002 instead of 65000), causing the session to fail:
 
Hub(Port4)< --- >(port4)spoke1
 
Hub Configuration:
 
Hub # show system inte
rface port4 
config system interface
    edit "port4"
        set vdom "root"
        set ip 192.168.1.1 255.255.255.0
        set allowaccess ping
        set type physical
        set snmp-index 4
    next
end
Hub # show router bgp 
config router bgp
    set as 65000
    set router-id 1.1.1.1
    set network-import-check disable
    config neighbor
        edit "192.168.1.2"
            set soft-reconfiguration enable
            set remote-as 65001
        next
    end
 
Spoke1 Configuration:
 
spoke1 # show  system interface port4 
config system interface
    edit "port4"
        set vdom "root"
        set ip 192.168.1.2 255.255.255.0
        set allowaccess ping
        set type physical
        set snmp-index 4
    next
end
spoke1 # show  router bgp 
config router bgp
    set as 65001
    set router-id 2.2.2.2
    set network-import-check disable
    config neighbor
        edit "192.168.1.1"
            set soft-reconfiguration enable
            set remote-as 65002 <----- Remote as configured incorrectly instead of 65000.
        next
    end
 
Hub # get router info bgp  summary 
VRF 0 BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 1
1 BGP AS-PATH entries
0 BGP community entries
 
Neighbor    V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
192.168.1.2 4      65001     193     237        0    0    0    never Idle       
Total number of neighbors 1
 
BGP Debug Commands:
 
diagnose ip router bgp level info
diagnose ip router bgp all enable
diagnose debug  console timestamp  enable 
diagnose debug enable
 
To disable BGP debugging:
 
diagnose ip router bgp all disable
diagnose ip router bgp level none
diagnose debug reset
 

Resolution:

 

Ensure that each peer’s remote-as matches the local as of its neighbor:

  • The Hub has been set as 65000 -> Spoke1 must have set remote-as 65000.
  • The Spoke1 has been set as 65001 -> Hub must have set remote-as 65001.

 

Correct the Spoke1 BGP configuration:

 

config router bgp
    config neighbor
        edit "192.168.1.1"
            set remote-as 65000
        end

Verification:

 

Hub # get router info bgp summary

VRF 0 BGP router identifier 1.1.1.1, local AS number 65000
BGP table version is 1
2 BGP AS-PATH entries
0 BGP community entries

Neighbor    V    AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
192.168.1.2 4  65001  214   263       0     0   0    00:00:26      2

Total number of neighbors 1
    Terms & ConditionsAccessibility statement