A "bad policy" in the means of not being able to access neither management nor gateway almost never happens when admins follow Check Point's Firewall Policy Management Best Practices (sk102812) and create leading firewall management rules that are followed by a stealth rule in order to secure the firewall infrastructure.
A stealth rule is a rule that should be located as early in your policy as possible, typically immediately after any Management rules. The purpose of this is to drop any traffic destined for the Firewall that is not otherwise explicitly allowed."
The firewall management section remains almost untouched at the top of the rulebase so admin access to the firewall infrastructure is granted even in "bad policy" situations. If something goes wrong so badly that access to the management and gateway is lost at the same time, then of course it's time to plug in to the network to fix it (only required if access to LOM interfaces and serial console interfaces is lost as well).
Therefore also we secure all our customers' firewall environments (Regular, VSX and Maestro) by segmenting the security management directly on the primary firewall gateways via the management interface. This way the firewall gateways are able to control and secure all connections to their SIC-trusted leader, the security management. This always worked well for us and our customers throughout all the 25+ years of using Check Point.
Zero trust, that is.