Pick any of these:

1. Cloud-based management. Expand on the "Demo Mode" with redundancy and dynamic capacity expansion for logging.

2. Objects only UI export/import functionality (with selector option).

3. Parser library for integration of 3rd party logs into SmartEvent.

4. Integration of 3rd party APIs with SmartEvent actions.

5. Implement all of the binary options (i.e. disabled or enabled) that are presently available only via CLI or DBedit into SmartConsole's object properties.

6. Remove maintenance charges for memory modules from the list, they looks ridiculous to anyone paying attention.

7. Make SmartEvent a basic component of the management server in addition to keeping it available as a separate license. Since removal of SmartReporter calling SmartEvent an "option" is not going over well with SMBs. Additionally, almost every security vendor now offering their "Dashboards" comparable with SmartView as standard.

8. Reintroduce Web Management portal functionality covering all policies. 

9. Get your marketing in order: that "X generation" and "Don't believe the hype" are awful and do nothing to attract new customers. absence from most of the categories in Gartner and NSS labs reports is detrimental. I am beginning to hear the question "what is Check Point". Take a look at cloud offerings by PAN and Fortinet: they are listed on top of AWS and Azure 3rd party security vendor solutions (AMIs, VMs).

10. Integrate CPUSE with SmartConsole. 

11. SD-WAN options for normal gateways/clusters, as well as a separate, cheaper licensed limited functionality objects and, possibly, cloud-based configurator but with logging and monitoring by both, cloud and SMS.

12. And this is a big one: please figure out upgrade and update mechanisms that do not look like Rube-Goldberg machine. Yes, CPUSE in a small environments is a step in the right direction, however it does not work for upgrades in the cloud, we are still figuring out the cluster upgrade sequences and in MDS environment it is actually not funny. In ideal scenario, your customers should right-click the object in the SmartConsole, irrespective of what it represents: gateway, cluster, VSX, SMS, SmartEvent server, MDS, Endpoint Management or vSEC and select "upgrade" or "update" and be done with it.

13. Integrate ICA management functionality in SmartConsole, as WebUI for it is a pain to even get to.

14. Permit installation of individual layers of the policy by dedicated administrators.

15. "migrate export" capabilities with scheduling configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

16. Expanded log maintenance capabilities configurable in SmartConsole (retention duration and scheduled transfer to remote repositories via SCP, SFTP).

17. Rule acceleration status indicator in SmartConsole.

18. Add Users, (including those in AD) as a possible choice for source in "Suspicious Activity Rule" in SmartView Monitor.

Any sort of "home lab" license or trial would be nice. I understand the need to protect IP, but a week long license makes it tough to learn new concepts and explore the product in-depth. Maybe even a discounted, somewhat restrictive version for existing customers? Many other vendors do this currently, as it helps grow their customer base and strengthen brand loyalty.

Firewall Cluster with different hardware 

1. GeoProtection ->  Block or redirect  vs just a blank page

   API for GeoProtection rules

   Export/import for GeoProtection objects

   Self-Help portal to see if port/IP is blocked

   Option on URL/Application blade to make specific rules to apply to  : URL, application, or both

CheckPoint Threat Prevention Policy or Profile have IPS AB AV TE TEX blades.

Able to add another Tag to describe or present which Blade log(s) is in APT Cyber Kill Chain which stage ?

Are able to link today AB log to link with IPS log that trigger before that belong the same one Cyber Kill Chain ?

No matter Management or Gateway Gaia memory management optimization.

Access Control Policy Rule Assistant( Both Order and InLine Layer, both Firewall and APCL/URLF Blade)

Check Point Threat Hunting Platform

- Enable Threat Hunting capability for both Sandblast Agent, Mobile & Network.
- Use the SmartEvent to provide the hunting capability across the organization network as it correlates & indexes all the logs in the environment.
- Provide a detailed dashboard view for top similar threats and the machines affected. I know there are some available in the security check-up report but no dynamic view.
- Collect & correlate all the sandblast forensic logs from the agents, mobile centrally on the SmartEvent server and present it on dynamic view for detailed investigation.
- Integrate with Cloud IoCs with the internal threat posture to categorize the risk of the organization.
- Provide some level of automation capability to either enable remediation or isolation process to all/selected machines affected with a threat.

1. Geoprotection rules for specific services/destinations/sources, or the ability to add geoprotection to rules in the firewall rulebase as a drop option/inline rule. (ie. Only allow RDP from this country)
2. Ability for EndPoint Security products to update the rulebase of the perimeter firewall they're behind. (ie. Block a source that's attempting to attack multiple pc's from outside the network)
3. Ability for EndPoint security products to notify you if certain IPS protections or other changes should be made on the perimeter firewall
4. Specify a source, destination or service to send via the fast path easily. (ie. VOIP SIP Traffic)
5. Show hits on NAT rules for optimization
6. Show hits on https policy rules
7. A logo that looks more professional, not like someone's kid's drawing
8. CPMerge for a gateway moving from R77.30 to R80 (Having to manually migrate a policy from a standalone 2200 to a SMS was VERY time consuming even for a small rulebase)
9. Ability to import Smartdashboard objects from R77.30 to R80.10. I exported 70 .ckp network objects in R77.30 but couldn't actually import them into R80.10
10. More consistent documentation or a tool for helping optimize the rulebase for SecureXL. After a reboot my fwaccel stats -s is about 60% for securexl connections, a week or two after it's around about 8%. TAC told me to just start disabling IPS inspections until it's better, but couldn't indicate which ones are actually problematic.

It's possible some of these exist already 

Add the ability to fetch IOCs (IPs, domains, hashes) directly from the Management Server using a URL and push them to the Security Gateways without the requirement of a policy push, similar to how AV and AB signatures get updated.

Move SmartDashboard or (Smart-anything) away from Windows, here is a NON-Windows based security solutions but I need windows to managed it...come on, it is time.

Maybe a simpler solution would be  having all those "Smart-Anything",  running directly from Management servers itself, we need to be able to manage it from anywhere without loading Windows or Java based applications.

-Instead of only having a block on specific countries in Geo IP.  Have a permit rule such as I only want US and Canadian ip's to connect via my VPN service, my OWA, or SFTP service.  This would certainly be useful in the next version of Checkpoint.

-Snort rules import in Checkpoint R80.10 or a way to create new threat rules easily in the interface.  Import a packet and write a rule with specific RegEx detection such as User-Agent.