There are a few standard rules CheckPoint recommends you include in your rule base for both security and management reasons. They are as follows :
Stealth Rule : Stealth is the first recommended rule to include in your rule base. Using this rule, we can prevent direct access to the Security Gateway, thereby providing protection against attacks. Normally, the stealth rule should be placed near the top of the rule base, with only rules that allow or require access to the firewall above it.
Cleanup Rule : Cleanup rules are placed at the end of the security Rulebase. Furthermore, Check Point suggests adding a cleanup rule, which drops and logs every packet that isn't matched by other rules. Logging dropped packets is extremely useful for security and troubleshooting.
