I'm replacing an ASF cluster with SPLAT, and the ASF has some VLANs configured on two ports. I am working on the assumption that this is a misconfiguration but need to verify this assumption.

The VLAN has l2fw configured, so this means all non-IP and non-arp is blocked, right?

There are no filters configured, so I believe this means that all IP and arp traffic will be bridged without Checkpoint inspection - is that correct? From what i understand from the docs you need a filter with the INSPECT action to send it to Checkpoint.