Hi Carlos,

Your drawing must have been hard work. Thanks for that!  But I think we should not confuse the users with too many different flowcharts.

I've been trying for a long time to create a reasonable overview R80.x Security Gateway Architecture (Logical Packet Flow) . Here Valeri Loukine  from Check Point supported me very well in backround and we tried to find an error-free flow. That was hard work and thanks again to Valeri Loukine, Dameon and Moti.

History:

09-27-2017 - Moti. published the original article for R77.x:

Checkmates: Check Point Threat Prevention Packet Flow and Architecture 

07-29-2018 - I tried to write a new article for R80.x and Valeri Loukine supported me.

R80.x Security Gateway Architecture (Logical Packet Flow)

08-06-2018 - Valeri Loukine has reworked the original article for R80.x by Moti.:

Security Gateway Packet Flow and Acceleration - with Diagrams 

And here are the references to the other sources for the flowchart:

SecureKnowledge: Best Practices - Security Gateway Performance 

Download Center: R80.10 Next Generation Threat Prevention Platforms

Download Center: R77 Security Gateway Packet Flow

Download Center: R77 Security Gateway Architecture

Support Center: Check Point Security Gateway Architecture and Packet Flow 

Checkmates: Check Point Threat Prevention Packet Flow and Architecture 

Checkmates: fw monitor inspection point e or E 

Checkmates: Infinity NGTP architecture 

Checkmates: R80.x Security Gateway Architecture (Content Inspection) 

Regards

Heiko

Thank You Helko.

These images removed from some slides that I am preparing for a presentation.  So it is "broken" into several.

I'll take a look at the message history. My intention is to use the numbers to remove some doubts. I've been looking at some documents but I had some doubts. 

For example:

Is the first packet "arriving" in the Firewall accelerated? Or should the first packet go through the Firewall that will perform the filters?
What happens in step 5?

Thank You!

Just a clarification on the following:
>>>08-06-2018 - Valeri has reworked the original article for R80.x by Moti:

Security Gateway Packet Flow and Acceleration - with Diagrams 

Actually, my post is based on SK articles Moti mentioned in his post. Re-work usually means something else.

Thanks for the answer. I've been looking at this document and I had some doubts.  For example: Is the first packet "arriving" in the Firewall accelerated? Or should the first packet go through the Firewall that will perform the filters?  But once, thank you.

Rather than us trying to look through your diagram and explain, it would be better if you just plainly state the questions you have.

This way, we're answering the right questions

However, I do recommend reading through the referenced documents, which does answer many of the questions you are likely to have.

But to answer your specific question here:

In Step 5-6 in your diagram, this is happening in SecureXL.

If the initial packet matches an accept/drop template, then the initial packet (and subsequent ones) will be accelerated.

If the packet does not match an accept or drop template, then the initial connection packet is sent F2F (not accelerated).

It's possible that later we determine the connection is eligible for acceleration, in which case future packets on that connection will be accelerated.

Thanks for the answer. I've been looking at this document and I had some doubts.  For example: Is the first packet "arriving" in the Firewall accelerated? Or should the first packet go through the Firewall that will perform the filters?  But once, thank you.

Please do not use pre-formatted in the comments, it is impossible to read it. I have edited your fond out above.

The answers to your question are already in the documentation. Please look here: ATRG: SecureXL 

Part 4 with diagrams addresses this particular question. 

Hello Heiko Ankenbrand, thank you for your help and response. Big hug.