As mentioned above, the implied rules handle any so-called "control traffic" between the different Check Point components so you don't need to explicitly allow those services.
Typically the only explicitly-created rules in front of the stealth rule are:
1) Management Access - SSH and HTTPS and perhaps port 4434 to the firewall object itself from a trusted internal IT workstation or subnet
2) Ping/traceroute - Are internal/DMZ networks allowed to ping the firewall and get a response, or when running a traceroute outbound have the firewall show up as a valid hop instead of displaying * * *
3) Monitoring - Ping and/or SNMP get access to firewall from internal NMS
4) Client Authentication Rules - Not used much any more
5) SecureRemote/SecureClient Remote Access VPN rules - Not used much any more
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com