This is something I notice when I was doing installation on the firewall. As I would like to push changes more regularly, I embarked on doing various speed test and found the results for a policy of size 10000 rules and 15000 objects.
Policy Verification: 2 minutes
Policy Installation (single gateway): 4 minutes
I have been trying to find a way to reduce the overall time taken and after some searching, I realize a few things.
1) Policy verification takes place in Policy installation.
2) Policy installation compiles and sends entire package to gateway instead of the delta changes
Just wondering if it is possible to reduce both timings. Also, if it is possible to do policy installation without verification if the management gateway detects that no new publishes happened after the last verification.
Also, just playing with the thought if the verification can be sped up by looking at delta changes and doing verifications only on those changes (this will likely speed verification process up a lot)