Actually the instance ID displayed by fwaccel stat does not show the number of cores allocated as SNDs; normally there is just one instance (#0) of SecureXL/sim in the kernel, and the multiple assigned SND cores are just offshoots of that one instance. Usually the only way you'd see a second instance of SecureXL is if there is a Falcon accelerator card present.
Based on how the network interfaces are spread between the two SecureXL instances, I'm wondering if your firewall's hardware architecture consists of two separate CPU sockets each with their own set of cores, and you are seeing a SecureXL instance running on each socket. Example: The 23800 model has two sockets with a Intel Xeon E5-2680v3 (12 physical cores) on each for a total of 24 physical cores. Perhaps there is now a SecureXL instance running on each individual socket? I did mention the presence of multiple sockets on pages 64-65 of the third edition of my book, and advised placing NIC cards on the PCI bus attached to the specific socket that would have a SND core(s) assigned for that specific NIC to avoid excessive traffic on the bridge between sockets.
Either way I haven't seen this before so it must be something new. @Joschua_M what code version are you running and what specific hardware is being utilized on the firewall showing multiple SecureXL instances? If the firewall is open hardware please provide detailed specifications. Also please provide the output of the lsmod command so we can see if there are truly two instances of the sim driver in the kernel. Thanks!
Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com