Session rate acceleration: SecureXL also reduces the overhead in establishing certain kinds of new connections, improving new connection rate(connections per second), connection setup/teardown rate (sessions per second) and throughput in certain high-connection rate traffic environment. From a 5-tuple validation, the source port of a flow may be masked off, effectively providing a global match for source port. These new connection setup packets matching 4 out of 5 tuples avoid a round trip to the firewall application and limit the computing overhead. Security is not impacted because the OS continues to track the state of the new connection using Stateful inspection. "Source Port" is Ignored.

Had this question today in exam.

"C" source port, CCSE studen & Lab manual page 400

C is right, because this uses a 4 tuple match in stead of the 5 tuples, source port will be ignored.

"Session Rate Acceleration" is the name for Secure XL template creation. Once a template ( for acceleration ) has been created , this is the official explanation : "Accept Template - Feature that accelerates the speed, at which a connection is established by matching a new connection to a set of attributes. When a new connection matches the Accept Template, subsequent connections are established without performing a rule match and therefore are accelerated. Accept Templates are generated from active connections according to policy rules. Currently, Accept Template acceleration is performed only on connections with the same destination port (using wildcards for source ports)." That last part solves this question :) Source : https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98722&partition=Advanced&product=SecureXL"#Definitions

One of the factors which prevent templating is source port ranges... so the question asks about session means templates are involved... hence the only answer is C

I think it's "C".. https://community.checkpoint.com/t5/General-Topics/High-Performance-Gateways-and-Tuning/td-p/33076 SecureXL is called "session rate acceleration" or "connection rate acceleration" https://sc1.checkpoint.com/documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/html_frameset.htm?topic=documents/R80.10/WebAdminGuides/EN/CP_R80.10_NexGenSecurityGateway_Guide/161159&anchor=o137396 Connection-rate Acceleration For example, if the source port is masked and only the other 4 tuple attributes require a match. When a connection is processed on the accelerated path, SecureXL creates a template of that connection that does not include the source port tuple. A new connection that matches the other 4 tuples is processed on the accelerated path because it matches the template. The Firewall does not inspect the new connection and the Firewall connection rates are increased.

Can it be "A" ? Why would you have answers "source port ranges" and "source port"....

I think answer is D: from CCSE R80 guide: SecureXL also reduces the overhead in establishing certain kinds of new connections, improving new connection rate (connections per second), connection setup/tear-down rate (sessions per second), and throughput in certain high-connection rate traffic environments. The principle involved is a simple extension of SecureXL’s approach to one-time validation of a Firewall flow. The one-time validation is extended from a particular 5-attributes to a range, or block, of one or more of these attributes. This means that to accelerate the rate of new connections, connections that do not match a specified 5-attributes are still processed by SecureXL.

SecureXL improved non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. Packet acceleration is also referred to as throughput acceleration as it matches on the familiar 5-tuple of source address, destination address, source port, destination port and protocol. while time objects, dynamic objects, domain objects, source port ranges, IPS features not supported in Acceleration, NAT, Encrypted connections. so source port range is the answer..

SecureXL improved non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. Packet acceleration is also referred to as throughput acceleration as it matches on the familiar 5-tuple of source address, destination address, source port, destination port and protocol. SecureXL improved non-encrypted firewall traffic throughput and encrypted VPN traffic throughput. Packet acceleration is also referred to as throughput acceleration as it matches on the familiar 5-tuple of source address, destination address, source port, destination port and protocol. So source port range is answer for this question..