So it would appear that Layer 4 Distribution is enabled by default but the overall consensus seems to be to disable it unless you need it. Is that still true in R81.10 or is that an outdated recommendation? The issues that lead to that recommendation seemed to involve messing up the availability of SGM-offered web portals like UserChecks and the Captive Portal/Identity Awareness. Looks like at one point L4 would mishandle fragmented traffic but that got fixed recently.
Assuming this recommendation to disable L4 unless needed still holds true, would these scenarios be an accurate and complete representation of why you would need L4 in R81.10:
There is a small amount of diverse source and destination IP addresses traversing the Security Group, but there are large amount of source ports in use by protocols such as HTTP, HTTPS, and possibly DNS. This results in the Security Group’s load becoming heavily unbalanced between the SGMs.
The Security Group is NATting a very high percentage of traffic passing through it which is typical of a perimeter gateway, but not for a gateway inside the internal network or located in a Data Center.
New 2-day Live "Max Power" Series Course Now Available:
"Gateway Performance Optimization R81.20" at maxpowerfirewalls.com