What is the most solid management deployment in checkpoint?
I would love to use MDPS but I am not comfortable with it, I went through a number of bug and inconsistencies.

So what is the next best?

How about a dedicated private interface (non clustered) which still provides data/management separation and then

in terms of rules:

Firewall mgmt rules

Firewall Stealth rules

and finally using a zone (eth0_MGMT) just for the a dedicated management interface (eth0 for example)   

and DENY ANY to  eth0_MGMT 

and DENY ANY from eth0_MGMT


I don't know well what the zone object means.
Does it depend ton the interface configuration (network define by interface IP and MASK, network defined by routes, or by network objects? 

I guess that a zone configured in a policy rule applies not only to the ip/mask but also to the interface. So it means that the ip/mask doesn't apply to any of the other interfaces that route traffic in the firewall, right?