Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)" (SmartDashboard - Threat Prevention tab - Advanced - Engine Settings).
VMCORE dump (sk44186) file contains the following stack:
crash> bt
PID: ... TASK: ... CPU: ... COMMAND: "fw_worker_N"
#0 [...] crash_kexec at ...
#1 [...] kdb_main_loop at ...
#2 [...] kdb_save_running at ...
#3 [...] kdba_main_loop at ...
#4 [...] kdb at ...
#5 [...] die at ...
#6 [...] do_page_fault at ...
#7 [...] error_code (via page_fault) at ...
#8 [...] [fw_N] fw_mal_send_failure_log(_chain=0x..., fail_close=1) at cpconn_types_api.h
#9 [...] [fw_N] fw_handle_first_packet(...) at fwdrv.c
#10 [...] [fw_N] fw_filter_chain(...) at fwdrv.c
#11 [...] [fw_N] fwchain_do_ex(...) at fwchain.c
#12 [...] [fw_N] fw_filter_ip(...) at fwdrvplat.c
#13 [...] [fw_N] fw_filter_locked(...) at fwdrvplat.c
#14 [...] [fw_N] fwmultik_process_packet_kernel(...) at fwmultik.c
#15 [...] [fw_N] fwmultik_process_entry(...) at fwmultik.c
#16 [...] [fw_N] fwmultik_queue_async_dequeue_cb(...) at fwmultik.c
#17 [...] [fw_N] kernel_thread_run(...) at kiss_kqueue_async.c
Cause
When a serious error occurs during Anti-Malware policy enforcement with "Fail Mode" set to "Block all connections (Fail-close)", a log "Rule base match failure" is generated.
Security Gateway may crash while creating this log.