Markus,
Firstly thank you for contacting CheckMates.
Investigating everything you have put above, Firstly if you have the Endpoint Firewall Blade running and deployed to the Endpoint. This, as you have experienced will turn off Windows Firewall. At the present moment, this is the way it is configured.
I have two suggestions for a workout however:
1) You could turn off the firewall blade on Check Point Endpoint using all the other blades you are licensed for & use Windows Firewall for the firewall Element on the Endpoint.
2) You can make a separate virtual group for the users which are using Direct Access. Thus as above then add a rule in the policy and deploy a separate package to these Endpoints excluding Firewall Blade. Allowing Windows Firewall to be turned on, on these specific Endpoints.
Mainly it is about tweaking the policy so it will work for your environment.
* To be aware, when you turn the firewall blade off. You won't be able to use restrictive mode on the Endpoint.
Best Regards,
James Alliband
Check Point UK Security Engineer