Hi PhoneBoy,
yes I know about the Machine Identity but as you wrote it can be used for domain computers kerberos authenticated machines, whilst I need another type of ID, not related to any domain I manage.
I tried to work with the Identity Tags, but I didn't understand well which sources are compatible.
When I connect with a personal computer I can see a specific ID for the machine, the best would be use this ID in an Access Role so that external partners could connect with their specific machines only, or in the case of a credential theft a hacker won't be able to just install the CheckPoint client and use them to connect:
Any other option would be ok, but it must allow to connect a specific device only; I was trying to configure compliant rules as well, but if, for example, it checks for a registry key or file in the device, these could be replicated to any other.