I thought Id put down what I ask up front when I do a firewall setup. This is pretty much standard for me to ask on any firewall, but Im putting it in the Ciscofun blog because I tend to do more Cisco ASAs than Check Points.
outside address/subnet mask?
inside address/subnet mask?
next hop address (default route)?
is there a DMZ? if so, what address/subnet mask?
internal routing?
email server on the inside? web server? special nat translations? (static nats)
access-lists on the outside? or inside?
does this do dhcp for the internal network?
vpn remote-access? if so, what dhcp scope to use for clients?
integrate remote-access with AD?
domain name?
site to site vpns? if so, what remote peer, phase I sa, phase II sa, key, nat/nonat?, interesting traffic?
any special routing other than inside network?
local username/passwords on ASA? integrated login to ASA with AD?
