Which blades will work on SBA if management is not available some time?

Management is definitely required for initial deployment.

Beyond that the blades can operate more or less independent of the management.

Forensics requires access to the management to generate reports.

Many of the blades require Internet access to leverage ThreatCloud.

Antiransomware will work without Internet at all.

All blades will keep working even when disconnected from the management server:

• Anti Ransomware – will work. No connection needed.
• Forensics – full attack analysis will work. Remediation of the full attack based on this analysis will work. You can view the analysis locally from the EP/SBA client UI.
• Threat Emulation, threat Extraction – will work as long as you have connection to threat cloud or local TE appliance
• Anti Phishing & Anti Bot. – will work as long as you have connection to the threat cloud

What the management server is really needed for is policy management, licensing, central monitoring and update distribution.

Lior,

If we use SandBlast appliance, do we need access from the client machines to the Internet, did they just have access to the appliance? How in the given case will the anti-bot work?

The clients need to access the TE appliance or ThreatCloud.

Anti-Bot needs Internet access to look up threat indicators. 

We do offer a 'Private ThreatCloud' appliance, which I know our security gateways can use in the "no Internet" use case, but not sure on Endpoint... hopefully https://community.checkpoint.com/people/arzile9338099-64b6-3d9b-be29-fc67dc1788f6‌ can clarify. 

As Dameon mentioned, for TE SBA can work either with the cloud or with a TE appliance, you can configure this in the management.

You do need the cloud for AB (we haven't certified yet 'Private Threat Cloud' appliance with SBA).