Support Center > Search Results > SecureKnowledge Details
Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)"
Symptoms
  • Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)" (SmartDashboard - Threat Prevention tab - Advanced - Engine Settings).

  • VMCORE dump (sk44186) file contains the following stack:

    crash> bt 
    PID: ...   TASK: ...  CPU: ...   COMMAND: "fw_worker_N" 
     #0 [...] crash_kexec at ...
     #1 [...] kdb_main_loop at ...
     #2 [...] kdb_save_running at ... 
     #3 [...] kdba_main_loop at ... 
     #4 [...] kdb at ... 
     #5 [...] die at ... 
     #6 [...] do_page_fault at ... 
     #7 [...] error_code (via page_fault) at ... 
     #8 [...] [fw_N] fw_mal_send_failure_log(_chain=0x..., fail_close=1) at cpconn_types_api.h
     #9 [...] [fw_N] fw_handle_first_packet(...) at fwdrv.c
    #10 [...] [fw_N] fw_filter_chain(...) at fwdrv.c
    #11 [...] [fw_N] fwchain_do_ex(...) at fwchain.c
    #12 [...] [fw_N] fw_filter_ip(...) at fwdrvplat.c
    #13 [...] [fw_N] fw_filter_locked(...) at fwdrvplat.c
    #14 [...] [fw_N] fwmultik_process_packet_kernel(...) at fwmultik.c
    #15 [...] [fw_N] fwmultik_process_entry(...) at fwmultik.c
    #16 [...] [fw_N] fwmultik_queue_async_dequeue_cb(...) at fwmultik.c
    #17 [...] [fw_N] kernel_thread_run(...) at kiss_kqueue_async.c
    
Cause

When a serious error occurs during Anti-Malware policy enforcement with "Fail Mode" set to "Block all connections (Fail-close)", a log "Rule base match failure" is generated.

Security Gateway may crash while creating this log.


Solution
Note: To view this solution you need to Sign In .