A customer asked if MAC address filtering would be possible with a 1600 appliance. A quick search returned this configuration guide. So I confirmed that it would be possible to filter MAC addresses with 1600 appliances and the customer ordered a couple of those.
It turns out that there is even an option to configure MAC filtering, but it's simply not working:
Check Point TAC tells that it's a known limitation and we need to wait for some newer firmware to get it to work. For 1500 appliances running on firmware R80.20.25 or later it's already working. Well, I didn't imagine a newer appliance would have less functionality than a previous one.
Maybe there is a workaround to filter MAC addresses directly on CLI? Any kind of iptables/netfilter kind of way? Customer is waiting for a working solution.