NAT-T is normal for a Tunnel if the Gateway is hidden behind a Device that controls the Public IP address.
With Check Point, there is a Hash Value for NAT-T detection, and if this Hash returns different, then this is a indication that the Tunnel has been NATed behind some other device, thus causing the Tunnel to be made with NAT-T.
Thus if NAT-T is needed, then NAT-T should not be modified.
Also, make sure that the Interface you are using for a VPN Tunnel is defined as External interface.
If you are experiencing Outages,
Please enable VPN debugs and open a TAC case for further investigation.