Back to All Scenarios
PASSEDvendor / sonicwall_dpi_ssl_failure
SonicWall DPI-SSL Inspection Engine Failure
The SonicWall NSA 2700 DPI-SSL engine crashes under load, causing all HTTPS traffic to be dropped instead of bypassed, resulting in complete internet outage for 300 users.
Pattern
MEMORY_EXHAUSTION
Severity
CRITICAL
Confidence
92%
Remediation
Remote Hands
Test Results
| Metric | Expected | Actual | Result |
|---|---|---|---|
| Pattern Recognition | MEMORY_EXHAUSTION | MEMORY_EXHAUSTION | |
| Severity Assessment | CRITICAL | CRITICAL | |
| Incident Correlation | Yes | 18 linked | |
| Cascade Escalation | N/A | No | |
| Remediation | — | Remote Hands — Corax contacts on-site support via call, email, or API |
Scenario Conditions
SonicWall NSA 2700 with DPI-SSL enabled. SSL inspection processing 2000 concurrent sessions. DPI-SSL engine memory leak causes crash. Default action on engine failure: drop. 300 users affected.
Injected Error Messages (2)
sonicwall DPI-SSL engine failure on NSA 2700 — deep packet inspection for HTTPS traffic crashed due to memory exhaustion in decryption engine, sonicwall DPI-SSL inspection halted, default policy on DPI-SSL failure: drop all encrypted traffic, 2000 active HTTPS sessions terminated, all new HTTPS connections blocked
sonicwall NSA 2700 causing complete HTTPS outage — DPI-SSL inspection module unresponsive, sonicwall dropping all port 443 traffic instead of bypassing inspection, 300 users reporting no internet access for HTTPS sites, HTTP-only sites still accessible, sonicwall system log: 'DPI-SSL: engine process terminated unexpectedly'
Neural Engine Root Cause Analysis
The SonicWall NSA 2700's DPI-SSL engine has crashed due to memory exhaustion in the SSL decryption engine while processing HTTPS traffic. This has triggered the firewall's default fail-safe policy to drop all encrypted traffic, terminating 2000 active HTTPS sessions and blocking new connections. The 10 correlated incidents in the same timeframe indicate this is causing a cascading network outage affecting multiple downstream services and applications that depend on HTTPS connectivity through this firewall.
Remediation Plan
1. Immediately restart the SonicWall DPI-SSL service or reboot the NSA 2700 device to clear memory exhaustion. 2. Temporarily disable DPI-SSL inspection to restore HTTPS traffic flow while investigating. 3. Review DPI-SSL memory allocation settings and increase if possible. 4. Analyze recent traffic patterns for unusual SSL/TLS processing loads. 5. Check for firmware updates addressing DPI-SSL memory leaks. 6. Consider implementing DPI-SSL bypass rules for non-critical traffic to reduce memory pressure. 7. Monitor memory usage post-recovery and establish alerting thresholds.
Tested: 2026-03-30Monitors: 2 | Incidents: 2Test ID: cmnck4q6g06owobqesrk5f2k0