SecureXL has two separate but related components:
Packet/Throughput Acceleration: Ability to move packets more efficiently through the firewall via the four possible paths; they are in decreasing order of efficiency: SXL, PXL, F2F, and F2F with a process space trip.
Session Rate Acceleration/Templating: Ability to "cache" rulebase lookups in SecureXL and avoid lots of expensive full rulebase lookups, especially useful in environments with a high new connection rate.
My book covers how to optimize SecureXL for best operation, R80.10 is strongly recommended as there were many, many enhancements to firewall efficiency which invalidated some of the recommendations stated in the first edition of my book. Bit too complicated to explain it all in a CheckMates post, but the best place to start are these "Super Seven" commands. Posting the output of these should provide enough detail to make a few general recommendations:
netstat -ni
grep -c ^processor /proc/cpuinfo
fwaccel stat
fwaccel stats -s
fw ctl multik stat
fw ctl affinity -l -r
fw ctl multik get_mode (R77.30) or fw ctl multik dynamic_dispatching get_mode (R80.10+)
--
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com