Authenticating against rule sets

[JoeShmoe]

We are new to Checkpoint and want to set it up so we integrate our data centre firewall with AD via SmartCentre. From there we want to allow external users to authenticate to applications behind the firewall but have some questions on how we can most efficiently set this up

Ostensibly we would like to know if it is possible to

-Set up 'groups' of rules such that you can effectively have application level rulesets. That is we can create one rule set (say Oracle HR) that would contain a series of allowable protocol/port pairs

-Assign users or groups of users to these rule sets such that when a user authenticates against the Smart Centre cache (and their current IP address is cached in the state table) the Firewall will allow traffic on the protocol/ports as allowed by the application rule sets they are matched to