Other than a few private groups, most of the posts on CheckMates are in English.

That said, Google Translate does a decent enough job in this case that I get your basic question.

The main problem is that your public addresses are not on the Check Point, but rather on the Cisco 887.

How the traffic is redirected from the Cisco will determine what rule you should have.

If you can control the routing table on the Cisco 887 so it knows how to reach the 192.168.1.x and you can redirect the traffic on the Cisco 887 to 192.168.1.123, then all you need is a rule like this:

If you cannot make the Cisco 887 aware of the 192.168.1.x network and can only work with IP addresses on the same subnet (e.g. 172.16.10.x), then you can add an Automatic NAT rule by simply editing the NAT tab of the object.

For example, to make the webserver accessible via 172.16.20.3:

Your redirection rule on the Cisco would point to this IP address instead.