I understand your point, about mobile access using port 443, and we did that and it worked as expected. However, what about remote access? I don't know why when I change the NAT in peplink device to "Public IP:8443 -> Check Point:443", the remote access doesn't work anymore.

The VPN client expects to use the Visitor Mode port, which is locked to port 443 because you are using Mobile Access Blade.

Currently I have tried, without enable on mobile access, but still configuring NAT according to "Public IP:8443 -> Check Point:443", remote access also does not work.

I see that only when we config NAT with "Public IP:8443 -> Check Point:8443 or Public IP:443 -> Check Point:443" does it work. Just need the port mapping to be the same and it will work.

But I'm not clear because Remote Access on window is IPsec, what does it have to do with 443 or 8443? 

Even with an IPsec client, HTTPS is used on initial connection to the Visitor Mode port.
This is by design.

Dear PhoneBoy,

I mean as image below

That is precisely how I understood the situation.
Doesn't change the answer, unfortunately.
You can try just deleting and recreating the VPN site with the port number 8443: https://support.checkpoint.com/results/sk/sk103107 
However, unless you change the Visitor Mode port to match, this may not work.

How exactly did you solve it?
By deleting/readding the site using port 8443?

Dear PhoneBoy,

Not sure what the error is, I tried adding 1 Nat rule and Firewall Rules as below and it worked. 

No screenshot?

Considering the gateway shouldn't even see the public IP here (if I'm understanding your topology correctly), I'm surprised it works.
Can you confirm how the gateway sees the traffic with a tcpdump/fw monitor?

I think cause in the link selection, I have choosen option Nat-t and enter public IP into it. because I'm using s2s and c2s the same public IP