Acceleration with templates is also known as "session rate acceleration". This means, the very first packet is accepted by SXL on behalf of FW, based on an acceleration template. Rules below one blocking templates can and in most cases will be accelerated after the first packet going though FWK. That means, throughput acceleration is still available.

Hi @Alex_Gilis,

Accept Template in R80.20 and higher: 

Feature that accelerates the speed, at which a connection is established by matching a new connection to a set of attributes. When a new connection matches the Accept Template, subsequent connections are established without performing a rule match and therefore are accelerated. Accept Templates are generated from active connections according to policy rules. Currently, Accept Template acceleration is performed only on connections with the same destination port (using wildcards for source ports).

In practice, with R80.20 and higher, I can no longer see big differences in performance whether accept templates match or not. Most packages are added to the SecureXL connection table via SecureXL offloading and reinjection if this is possible for the connection. After that, the SecureXL connection table is the selection factor for the next package.

Packet flow:

CPU cores are divided into two groups: SND (SecureXL) and Firewall instances (CoreXL). Each group handles different tasks.

Tasks distribution:

More read here:
- R80.x - Performance Tuning Tip - SND vs. CoreXL 
- R80.x - Security Gateway Architecture (Logical Packet Flow)
- R80.x - Top 25 Gateway Tuning Tips
- Best Practices - Security Gateway Performance
- ATRG: SecureXL for R80.20 and higher
- Performance Tuning R81 Administration Guide -> SecureXL 

Thanks all for the information. Am I then right in supposing the "disabled as of rule X" can mostly be considered as informative and can be addressed whenever possible but not as a priority.