Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)"

Support Center > Search Results > SecureKnowledge Details

Technical Level

Solution ID	sk104866
Technical Level
Product	Anti-Virus, Anti-Bot, Threat Emulation
Version	R76 (EOL), R76SP (EOL), R76SP.10 (EOL), R76SP.10_VSLS (EOL), R76SP.20 (EOL), R76SP.30 (EOL), R77 (EOL), R77.10 (EOL), R77.20
Platform / Model	All
Date Created	22-Feb-2015
Last Modified	11-Nov-2015

Symptoms

Security Gateway might crash when Threat Prevention "Fail Mode" is set to "Block all connections (Fail-close)" (SmartDashboard - Threat Prevention tab - Advanced - Engine Settings).

VMCORE dump (sk44186) file contains the following stack:

crash> bt 
PID: ...   TASK: ...  CPU: ...   COMMAND: "fw_worker_N" 
 #0 [...] crash_kexec at ...
 #1 [...] kdb_main_loop at ...
 #2 [...] kdb_save_running at ... 
 #3 [...] kdba_main_loop at ... 
 #4 [...] kdb at ... 
 #5 [...] die at ... 
 #6 [...] do_page_fault at ... 
 #7 [...] error_code (via page_fault) at ... 
 #8 [...] [fw_N] fw_mal_send_failure_log(_chain=0x..., fail_close=1) at cpconn_types_api.h
 #9 [...] [fw_N] fw_handle_first_packet(...) at fwdrv.c
#10 [...] [fw_N] fw_filter_chain(...) at fwdrv.c
#11 [...] [fw_N] fwchain_do_ex(...) at fwchain.c
#12 [...] [fw_N] fw_filter_ip(...) at fwdrvplat.c
#13 [...] [fw_N] fw_filter_locked(...) at fwdrvplat.c
#14 [...] [fw_N] fwmultik_process_packet_kernel(...) at fwmultik.c
#15 [...] [fw_N] fwmultik_process_entry(...) at fwmultik.c
#16 [...] [fw_N] fwmultik_queue_async_dequeue_cb(...) at fwmultik.c
#17 [...] [fw_N] kernel_thread_run(...) at kiss_kqueue_async.c

Cause

When a serious error occurs during Anti-Malware policy enforcement with "Fail Mode" set to "Block all connections (Fail-close)", a log "Rule base match failure" is generated.

Security Gateway may crash while creating this log.

Solution

Note: To view this solution you need to Sign In .