In environments that do not consume the Gateway Firewall or its related services, the best practice for optimum resource usage and performance is to disable the Gateway Firewall.
Note, if NAT rules are configured, there can be a dependency on the Gateway Firewall. Consider the following scenarios before disabling the firewall:

Tier1-A has an SNAT rule configured that translates traffic from its attached to 10.1.1.1.
Scenario #1 - No FW dependency - Traffic initiated by VM-A
- Traffic initiated from VM-A, 192.168.1.1 to VM-B, 20.1.1.1 or any other destination.
- SNAT 192.168.1.1 to 10.1.1.1
- Return traffic will a destination IP of 10.1.1.1
- Tier-1-A will match it up with the existing SNAT flow and translate it
- Traffic delivered back to VM-A
- There is no dependency on Gateway Firewall for NAT to function.
Scenario #2 - Tier-1-A has Stateful firewall rule - Traffic initiated by VM-B
- Traffic initiated from VM-B, 20.1.1.1 to VM-A, 192.168.1.1
- Tier-1-A has a stateful firewall rule allowing this traffic
- Firewall connection tracker is updated with an entry for the TCP SYN packet from VM-B/20.1.1.1 to VM-A/192.168.1.1
- When VM-A replies, Tier-1-A matches the reply packet with the FW stateful connection entry
- SNAT translation is bypassed when traffic matches an existing Firewall connection entry.
Scenario #3 - Tier-1-A has Firewall disabled or stateless rule - Traffic initiated by VM-B -DP impact
- Traffic initiated from VM-B, 20.1.1.1 to VM-A, 192.168.1.1
- Tier-1-A has Firewall disabled (note same behaviour for stateless rules)
- Tier-1-A forwards the TCP SYN packet from VM-B/20.1.1.1 to VM-A/192.168.1.1 without creating a firewall connection entry
- When VM-A/192.168.1.1 replies back to VM-B/20.1.1.1
- Tier-1-A sees that there’s no Firewall connection entry, performs SNAT of source IP 192.168.1.1 to 10.1.1.1
- VM-B drops these packet as it was communicating with 192.168.1.1 and not 10.1.1.1.
- The solution would be to configure a No SNAT rule which excludes the return traffic flow from having NAT applied before disabling the FW.
To disable GW firewall
On the UI navigate to Security -> Gateway Firewall -> Settings -> Gateway Specific Settings
The Gateway Firewall can be disabled individually or via the multi select option if there are multiple Gateways.