Based on the valuable contributions of Tim and Dameon, along with the information provided by sk101226, sk115557 and the 3 Policy Installation videos of the Support Channel on youtube, I have come up with an admin guide which can be found below. The only reason I did that is because every one of the sources above contained snippets of information that, in my opinion, would have to be combined together in order for the entire process to make more sense. I know I'm beating this topic to death a bit but I'd rather consolidate my understanding of this procedure now rather than moving on without actually grasping the steps involved. 

As such, I would really appreciate any feedback I could get about the guide below and please feel free to either add or modify it:

Policy Installation Process Flow

When installing policy either from SmartConsole or the management API, the installation command is sent to the CPM daemon on the management server via Web Service. The CPM daemon listens on port 19009 (while legacy SmartDashboard is still running in the background and connects to FWM using port 18190). The CPM daemon dumps all relevant information from the PostgreSQL and SOLR databases into file format, a process which is known as “database dump”.

The information is then forwarded to the FWM daemon via the CPMI protocol on port 9009. The FWM daemon in turn carries out several tasks:

• Verification - The information in the database is verified to comply with a number of rules specific to the application and package, for which policy installation is requested. If this verification fails, the process ends here and an error message is passed to the initiator.
• Conversion – The database dump is converted into a new file format which is then placed inside the $FWDIR/conf/gw_policies/ACCESS_BLADE/ directory. After conversion, FWM invokes fw_loader to perform code generation and compilation.
• Code generation and compilation - Policy is translated to the INSPECT language and compiled with the INSPECT compiler. The result of the code generation is a long string, containing resulting INSPECT source code. Once the compilation process is complete, a copy of the policy is then created inside the $FWDIR/state/<Gateway_Name> state directory.
• The CPTA command is then invoked in order to send the policy to all applicable gateways. The FWM daemon sends its SIC certificate to the gateway which is received by the latter’s CPD daemon on $CPDIR/conf/sic_cert.p12. SIC is negotiated, and the policy files are then transferred to the Security Gateway which are received by the CPD daemon again that is listening on port 18191 for install policy connections. The CPD daemon receives the policy, verifies its integrity and then stores it into the Gateway’s local.upDBsqlite database. After the transfer from the Security Manager, the policy files are then kept inside the Gateway’s $FWDIR/state/_tmp/FW1/ directory.

The Commit/Atomic Load process is then initiated:

1. After the gateway successfully receives the compiled policy via CPTA, it performs extra sanity checks on the compiled policy to ensure it is not about to push an invalid policy into the kernel which could be disastrous.
2. Once the sanity checks are complete, the atomic load begins and all traffic trying to pass through the gateway begins to queue and cannot pass while the atomic load is in progress.
3. The “Fw fetchlocal -d $FWDIR/state/_tmp/FW1” command is invoked to load the new policy into the INSPECT kernel instance(s) while traffic is still being queued; this process happens very quickly.  Chain sequences which are viewable with fw ctl chain are rebuilt, and may end up adding or removing chain modules from the sequences if blades were enabled/disabled since the last policy push. 
4. If enabled SecureXL is restarted as well and recalculates its various state tables based on the new policy.  All security server daemons running on the gateway are notified of the new policy by fwd and adjust their behavior accordingly, which could include restarting, stopping (if a feature was disabled) or starting (if a new feature was enabled).
5. At this point if "Connection Persistence" is set to "Rematch connections" on the gateway object (the default setting), a CPU-intensive rematch of all open connections against the new policy is performed to ensure that all current connections are still allowed by the new policy.
6. CPD waits for fw_fetchlocal to complete the process and, if run successfully, CPD saves policy in the gateway’s $FWDIR/state/local/FW1/ permanent directory and it informs the Security Management Server of the installation command’s status which then performs a DB Load with the new info. The traffic queue is released and all of the packets are handled by the new security policy. If the policy installation fails, CPD sends an error to the server (Policy Load on module failed, Reason:…) and the event is recorded inside the $FWDIR/log/install_policy.elg file.