NSX Edge may crash when packets not intended for the firewall are mistakenly routed to it for processing. This leads to a crash and a subsequent data path restart.

VMware NSX
VMware Gateway Firewall
Affected Versions: 3.2.x, 4.1.2

When a packet that is going over the vlan switch port accidentally comes to the firewall interface, the packet does not have enough information for firewall to process it. Some fields in the packet structure are missing and dereferencing them will cause a crash. The firewall is only applicable to gateway or bridge ports and the problem occurs when a packet is going over a port that is neither a gateway or bridge port and it's sent to the firewall module to be processed. As such, the necessary fields in the packet structure to be processed by the firewall are missing and dereferencing them will cause a crash.

A check is added before processing a packet on the firewall to see if it is meant for the firewall. Packets from other interfaces will not be processed. This has been fix in NSX 4.2.0 and later.

NSX 4.2.0 Release notes: Fixed Issue 3364256
https://techdocs.broadcom.com/us/en/vmware-cis/nsx/vmware-nsx/4-2/release-notes/vmware-nsx-420-release-notes.html#GUID-0ad0ad9d-97a0-43f2-b30f-ee6073755b4b-en_id-b9c034bf-cb8a-4edc-ab46-65b0e18aadea