@RemoteUser even if fwaccel stat reports "Accept templates: enabled", the "Accelerated conns/Total conns" part of fwaccel stats -s may always report zero, and fwaccel templates -s may perennially report zero as well. This can be diagnosed with the fwaccel templates -R option added in R81.20, which will report a high percentage of "Prevented by Policy rules".
This situation is not the end of the world, and simply means that for the start of every new connection, a full rulebase lookup against the Firewall blade will always be required in the F2F/slowpath, with no accept template formation or matching possible. This is generally caused by at least one of the following situations being present:
1) In your first layer (ordered mode), or top/parent layer (non-sub-rules for inline mode), you have any blade other than Firewall enabled. If you do this the templating rate will always be zero, as enabling any other blades in that top/first layer makes matching against entities other than IP addresses and port numbers possible, which accept templating cannot handle.
2) Use of services in a rule with "Protocol Signature" set in their Advanced Properties; this option is never enabled by default. Utilization of these services in the policy will need to invoke Medium Path streaming to complete that first rulebase lookup for a new connection, which causes dramatically more CPU overhead and is wholly incompatible with the use of accept templates.
Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
