Checkpoint technology implements something called SMART. It states for Security Mgmt. Architecture. This architecture implements different elements:

• Console or smart console PC – its the admin pc with all the smart dashboard and other applications to manage checkpoint
• Management Server – admin access first the management server, which is centralized management for all checkpoint FWs
• Gateway – this is the fw itself.

Checkpoint has various traffic control methods like packet filtering via ACLs. It is stateful FW so you dont need to check both sides. Also it implements something called application awareness. This is application inspection. It looks into the application layer so when someone encapsulate for example ssh via http and http is allowed but ssh not, the checkpoint knows that is ssh and drops the traffic.

You may find running on some old deployments on management server or checkpoint firewall an IPSO operating system. Its BSD linux based firewall. This is very old so checkpoint came with new OS called SecurePlatform (SPLAT). SPLAT is redhat based and optimized for checkpoint. In 2012 they upgrade again the OS. They took the best of IPSO and SPLAT and created something called GAiA. You can install gaia on any server. Physical / Virtual or you can buy appliance from checkpoint.

When you are using FW with the management server it is called distributed deployment. Thats what most companies runs. However if you have very small environment you may run management software and firewall on one device. But mostly it is splitted.