Support Center > Search Results > SecureKnowledge Details
Sudden reboots of Security Gateways when Anti-Bot blade is enabled
Symptoms
  • Sudden reboot/freeze of Security Gateways when Anti-Bot is enabled.

  • In ClusterXL, both members are rebooting at the same time every half hour.
Cause

Problems with Anti-Bot signatures might cause this issue. 


Solution

Note: A new signatures update has been released. Therefore, if the Security Gateway stops rebooting it has fetched the new update and no other action is required.

Otherwise follow the procedure below:

  1. Preferred option:

    1. SmartDashboard - go to 'Anti-Bot & Anti-Virus' tab (in R77 and above, 'Threat Prevention' tab) - click on 'Protections'.
      Disable the following protections on all profiles:

      Malicious Activity

      Malicious Activity

      Unusual Activity

      Unusual Activity



    2. Perform Anti-Bot & Anti-Virus (on R77 - Threat Prevention) policy installation.

      policy installation

    3. After 24 hours, re-enable the protections by using the "Restore All to profiles settings" option.

    4. Install 'Anti-Bot & Anti-Virus' policy (on R77 and above, 'Threat Prevention' policy).




  2. Alternative option: If policy installation is not possible due to frequent reboots, follow the below process:

    • For Security Gateway:

      • If you can connect to Security Gateway over SSH:

        1. Connect to the Security Gateway over SSH.

        2. Log in to Expert mode.

        3. Unload the Anti-Malware policy:

          [Expert@HostName]# fw amw unload

        4. Empty the $FWDIR/amw/update/cur/malware.eng file:

          [Expert@HostName]# echo "" > $FWDIR/amw/update/cur/malware.eng

        5. Reload the Anti-Malware policy:

          [Expert@HostName]# fw amw fetch local


      • If you can connect to Security Gateway only over serial console:

        1. Connect to the Security Gateway over serial console.

        2. Log in to Expert mode.

        3. Reboot the Security Gateway - go into Boot Menu - select "Maintenance mode".

        4. Enter the Expert mode password.

        5. Empty the $FWDIR/amw/update/cur/malware.eng file:

          [Expert@HostName]# echo "" > $FWDIR/amw/update/cur/malware.eng

        6. Reboot the Security Gateway - go into Boot Menu - select "Normal mode".


    • For VSX Gateway:

      Connect to the VSX Gateway over SSH, or serial console and log in to Expert mode.

      For each Virtual System:

      1. Switch to the context of the Virtual System:

        [Expert@HostName:0]# vsenv <VSID>

      2. Unload the Anti-Malware policy:

        [Expert@HostName:<VSID>]# fw amw unload

      3. Empty the $FWDIR/amw/update/cur/malware.eng file:

        [Expert@HostName:<VSID>]# echo "" > $FWDIR/amw/update/cur/malware.eng

      4. Reload the Anti-Malware policy:

        [Expert@HostName:<VSID>]# fw amw fetch local


      5. Reboot.

    No additional action is required. After performing the above procedure, the gateway will fetch the latest package automatically.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment