Hello Team,

I’m working with Check Point Management APIs to fetch access policy and rule details, and I have a question regarding inline layers and their gateway applicability.

Current API flow:

1. I use web_api/show-packages to identify:

   • Access layers associated with a policy package

   • Install targets (gateways / clusters) for those access layers

2. Based on the access layer information, I call:

   • web_api/show-access-layers

   • web_api/show-access-rulebase to fetch rule details

Issue / Observation:

• Inline layers are returned in the web_api/show-access-layers API response.

• However, these inline layers do not appear in the web_api/show-packages response.

• Because of this, there is no direct way to confirm whether a particular inline layer is applicable to a specific gateway, as install target information is only available at the package / access-layer level.

Questions:

1. Is it expected behavior that inline layers are not listed in show-packages?

2. Is the correct approach to assume that:

   • An inline layer inherits the install targets of its parent access layer?

3. Is there any API-supported or recommended method to explicitly determine gateway applicability for inline layers?

4. Are there any best practices for handling inline layers when building policy analysis or reporting tools using Management APIs?

Any clarification or official guidance on this would be very helpful.

Thanks in advance for your support.

Regards,
Veera