Dear CheckMates,

Requesting for suggestions on below:
I have CheckPoint VMSS in Azure and below the topology setup:

Internet == AzureApplication GW (as Layer-7 LB) === Checkpoint VMSS === Internalserver

I hosted my company website "www.abc.mycompany.com" in Internal server and need to access from Outside via AzAppGW IP
I have Wildcard certificate (*.mycompany.com) issued by GeoTrustRSA and using in Internalserver.

1) In CheckPoint Object HTTPS tab - Which Certificate can I use?
    (a) (Shall I import Company Wildcard certificate or Self-signed created by CheckPoint VMSS)

2) In Azure Portal of AzureApplicationGateway - in 2 places HTTPS certificate needs to be used.
    b) HTTP Settings Tab = in .cer format
    c) Listeners Tab = in .pfx format

3) I also want CheckPoint VMSS to do Outbound Inspection with this Wildcard Certificate
    (as per sk113125 Wildcard should not be used for Outbound Inspection by CheckPoint)
    (I cannot use this CheckPoint self-signed certificate onto Internal server due to some limitation)

Please correct me if I'm wrong on below:
   a) Create & use Self Signed certificate on CheckPoint VMSS Object HTTPS Tab
   b) In Azure AppGW - HTTP Settings Tab = in .cer format = Create Self-signed Certificate of CheckPoint VMSS and use here.                 (Because For AzureApplicationGW - The backend pool is VMSS and it needs VMSS self-signed certificate to identify)
   c) In Azure AppGW - Listeners Tab = in .pfx format (Use Company Wildcard certificate)
       (Since AppGW will be listening on HTTPS port it needs Wildcard or Server Certificate)

Regards, Prabu