I agree with all Phoneboy said. Now, having said that, personally, I think it would be little risky to make change like this, unless you are in long maintenance window and here is why I say this. Most people may assume, and quite frankly, logically so, that IF you change external IP, say VPN tunnels dont work, you flip it back, all works again.
Weeeeell, NOT exactly...sometimes, even reverting back to original state may not work right away. You may need to reset the tunnel(s) few times to get things going. Now, if they are route based ones, usually single reset works fine.
Again, link selection is probably your answer here. As long as thats configured right and routing is in place, you SHOULD be fine.
Here is an example I will give you for route based tunnel and I also included post I made recently about it. Say you have VTI (virtual tunnel interface) and its unnumbered one. Usually, for unnumbered vti, people may use it if you are "pimping" BGP through the tunnel. Idea of such interface is that it will have SAME ip as say external interface, as it "hangs" off it and you use it to route traffic to the other side. However, if its unnumbered, for example, say member 1, if its cluster, can have vti10 as 169.254.0.50, other member as.51.then vip as .52 and you can use .53 as DG for subnet on the other side of the tunnel. So say Azure side is 10.10.10.0/24, on CP end you can use route to 10.10.10.0/24 with DG as .53 IP address.
Anyway, sorry for the long rambling, but thats the idea and all I wanted to point out.
Below is the post I was referring to.
Best,
Andy
https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...