Output of 'top' command on Security Gateway shows high CPU utilization by Soft IRQ, although SecureXL is enabled.
Output of 'fwaccel stats -s' command shows that most of the traffic is "F2Fed".
fwaccel stats -s
CPView utility (sk101878) shows that most Forwarded traffic falls into these categories ('I/S' tab - 'SXL' menu - 'F2F-Reasons' menu):
Output of 'fwaccel stat' command shows that either "Accept Templates" are "enabled", or "disabled" from a very high rule.
Output of 'fwaccel templates' command shows very small number of templates, or none at all.
SecureXL debug ('fwaccel dbg -m general + template') shows:
fwaccel dbg -m general + template
get_conn_template: <dir 1, Source_IP:Source_Port -> Dest_IP:Dest_Port IPP 6> cannot be offloaded as template
... ... ...
cphwd_offload_conn: conn handled by ISP redundancy - cannot offload template!;
Disabling the ISP Redundancy resolves the issue - most of the traffic is accelerated.
By design, SecureXL Accept Templates are not offloaded from Secure Gateway when ISP Redundancy is enabled in Primary/Backup mode.