In very simple terms:
- Security Gateway is responsible for performing Access Control and Threat Prevention
- Security Management is responsible for defining the policy enforced by one or more Security Gateways as well as logs/reports. Note that log servers and reporting (SmartEvent) functions can be installed on separate servers.
Both of these things can be on the same host (a so called "standalone" gateway).
In fact, most of the Enterprise Appliances come with a local management license to enable this.
Of course, just because you CAN do this doesn't mean you SHOULD.
Outside of lab and fairly small production deployments, it's recommended to deploy these on separate systems.
Smart-1 Cloud is something to consider for smaller deployments as you can purchase management for 1-2 gateways versus on-premise management where the minimum is 5.