Alright...here comes my explanation, though it will be probably 10 times worse than what @RamGuy239 and @Timothy_Hall provided, but take it for what its worth, as they say : - )
So, in the old days on Check Point, Im talking before R80 came out, you had unified policy, where regardless of what blades were enabled on the firewall, there was no ordered or inline layers, you would simly create one big or small policy and then modify it with time, however you desire.
Personally, I always though that was totally acceptable, but obviously, with layering approach, lots of things changed, for the better, in my opinion.
So, lets say before layering approach, if you had (just as an example) 500 rules, you would have norally had to put rules you knew would get hit the most towards the top, because otherwise, say if one that was hist a lot was say rule 490, it would have to process ALL the rules before that rule, before it gets hit. Now, normally, thats not such a big issue, if you had small office with, I dont know, 20 people working there and you had 10-15 rules, I mean, honestly, who cares, thats totally acceptable, but, if we are talking 100s of rules, you would have noticed the performance issues.
When R80 came along and ordered/inline layers, its totally new "ballgame". You can say have 1 ordered layer with only fw blade enabled, then 2nd ordered layer, with lets say urlf + appc blades on, then lets say 3rd layer with content awareness (as an example), BUT, you have to make sure that traffic is ALLOWED on every ordered layer, otherwise, it will never work. So, what most customers may do is say have 2 ordered layers, one network and other one url filtering and then have any any allow at the botton of 2nd ordered layer and block malicious sites in the rules above any any allow rule in the 2nd layer.
Also, you can have multiple inline layers inside an ordered layer. So say if you have inline layer rule that say src internal zone (tied to internal interface), dst any, and then action you create a new zone, and add child rules below it, as they call them, ONLY traffic that hits that zone will be processed, so there is no "wasting time" to look through all the other rules. There is always by default the explicit cean up rule at the bottom of every inline layer when you create one, but I know clients who change them to any any allow to start with, if its a new segment they simply wish to test for the time being.
Anyway, apologies for long story, but wanted to make sure I cover all it was on my mind.
I attached a doc file with some screenshots I took in my lab. I have an excellent R81.20 https inspeciton lab, as well as Azure, so honestly, if you need help, please message me directly, I can show you.
This community is all about helping people, so dont hesitate if you require additional assistance.
Best,
Andy
Good reference.
https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_SecurityManagement_AdminGuide/Topi...