Hello @idants,
Use case: CheckPoint gateway "FW01" working as Internet Perimter fw, has two or more external interfaces. This gateway has s2s vpn's with many different third party gateways through all its ISP connections. FW01 can send only one IP address as its IKE Main Mode ID. Let's say we use external IP of ISP1 as our IKE Main Mode ID, all the remote peers that connect to ISP2 or ISP3 will receive a "wrong" IP address as IKE Main Mode ID. In these cases it brings additional complexity to the vpn, because in my experience this parameter is almost never configured manully, it is left as default, so we have to explain to third party admins what this parameter is, why we send a different IP address and ask to fix this on their end, because we can not do it on our side. In case this gateway has a WAN (different interface/IP) connection which also builds s2s vpn's with third parties it becomes more complex even.
It becomes more restrictive in case the same FW01 builds vpn's with other centrally managed gateways, where we normally would use Link Selection to have redundancy, but if we use HA or LS, it makes FW01 send the main ip adress as Main Mode ID mandatory.
Regards