Have you considered that the amount of hidden rules might be an indication of making the policy too specific?
I tend to go to the situation where you need less rules and don't be go with rules like:
Src: Server-A, Dst: Server-B, Service: Port-C
Specifically with R80.10 I would considere to scratch such a polciy and rebuild your policy from the ground up.
Layered approach as a starting point. and try to keep away from micro management. Most certainly if you have to do it by hand.
Let IPS and such take care of part of the management.
I would like to see examples of how you can automate this with the API in a large network. It may still rresult in micro management but don't do this by hand.
Having worked with Telco solutions where no-one even actually configures every device by hand to define a Path from A to B for a service has shown me that we have a long way to go befor we see this in computer networks for most companies.
<< We make miracles happen while you wait. The impossible jobs take just a wee bit longer. >>