Please understand I am not trying debate but better understand the documentation here and possibly help others. I to want to be able to use domain objects and possible wildcards.
One link you sent represents a "Pre R80.10" best practice on domain objects which I have always agreed to and obeyed by, Domain objects on any version R77.30 or below was NOT a good idea. Everything I have read, starting in R80.10 this was not applicable and fixed.
Below is from sk120633 towards the bottom.
Domain objects Acceleration
Starting from R80.10, Domain objects do not disable SecureXL Accept templates anymore and support Templates Acceleration. Hence, Domain objects can be used in upper rules in the security policy with no performance impact.
The SecureXL link also references where conditions are met to not create an accepted template. Yet references "Rules that contain Domain Object" would not create an accelerated template, but states that its been resolved in R80.10 (bottom bullet)
Snippet from SecureXL Mechanism link:
All subsequent rules below such rules will not be templated as well, regardless of the rule. It is advised that all rules that can be templated, be placed at the top of the rule base (unless of course, this will violate other optimization considerations):
Rule with service '
Any' (resolved in R75.40 and above)
Rule with a service that has a 'handler' (where a specific protocol is chosen in '
Protocol Type' field - instead of '
None' ; go to service object - right-click - click on "
Edit..." - click on "
Advanced..." button - refer to "
Protocol Type:" field).
Note: This setting can be changed only in SmartDashboard R7X and lower.
Rules that contain Port range object (resolved in R75.40 and above).
Rules that contain Time object (resolved in R80.10).
Rules that contain Dynamic object (resolved in R80.10).
Rules that contain Domain object (resolved in R80.10).