- the extension can't be hosted locally on the firewall management itself, it must be hosted on a separate webserver, that one has to harden, maintain, support and buy an SSL certificate for and everything
Regarding this. I believe that running a dedicated host for open-source security automation clients is a better practice than touching the Check Point machine. It is safer than shell scripts running with root access, does not share memory with the Check Point box, and allows changes of versions without fear of interfering the Check Point Security Management Server. Some of our customers already use dedicated servers to host their home-made self-service web portals that interact with the Security Management Server, allowing them to spend their limited time on other tasks.
You can use the SSL Certificate that you got from Check Point when you enabled HTTPS Inspection.
I believe that this is a nice example of showcasing how you can make custom panels with the context of the selected object. For example, you can use this code as basis to Security Policies bottom pane that shows a table of specific fields for the selected rule. Making Extensions for bottom panes of Security Policies is supported with R80.20.