Pretty sure Check Point does not support Transport Mode (which is essentially AH only) and never has. Transport Mode only provides the Integrity (SHA1/MD5/SHA256) and Authenticity (digital signatures) elements of the CIA model, while ESP adds in the Confidentiality piece (3DES/AES-XXX) along with the tunneling/encapsulation functionality. All modern VPNs use ESP, but VPNs with Verizon corporate still call for the use of Transport Mode for some reason.
In the old days on other vendors it was possible to use just AH in transport mode without ESP. This provided Integrity & Authenticity for the payload/data portion of an IP packet only with no encryption; the packet headers would be left intact and the entire packet would not be tunneled. This would save on encryption overhead when CPUs were much slower than they are today however good ol' Moore's Law has rendered this concern mostly moot.
Inevitably I would be asked for an example during a Check Point class about why in the heck you wouldn't want to encrypt the packet with ESP and achieve confidentiality; the best example I could come up with were real-time stock quotes. You sure as heck don't want someone to spoof them or tamper with them and as a result have your computer-based trading go awry, but you don't especially care if a man in the middle can see the quotes since they are more or less public information. Read the Wikipedia article about Knight Capital for a graphic description of how a prominent high frequency trading firm was essentially bankrupted in the space of 45 minutes by automated trading errors.
My book "Max Power: Check Point Firewall Performance Optimization"
now available via http://maxpowerfirewalls.com.
Updated 2023 IPS/AV/ABOT R81.20 Course now
available at maxpowerfirewalls.com