Hi,

This depends on a few factors. Most common:

What blades are enabled on the gateways. 

What encryption methods are used? (for example 3DES is not only very unsafe but also very intensive for the load) 

Site-to-Site VPN performance issues generally come down to some combination of these three things:

1) Path Low MTU Issues - From expert mode on your Check Point firewall run tracepath to your Azure VPN peer, this will report the max MTU for that network path.  If it is less than 1500 you may need to allow ICMP Type 3, Code 4 packets into your firewall from anywhere for pmtud to work, or look at TCP MSS Clamping

2) Slow algorithms in use like 3DES (already mentioned in this thread) - remember that the Phase 2/IPSec tunnel transfers the vast majority of data through a VPN so its encryption setting will have a far greater impact than the one for IKE/Phase 1.  You may want to look at using the GCM versions of AES which are even more efficient than standard AES and also capable of being fully offloaded into the AES-NI processor extension, if the Azure peer supports GCM

3) Encryption/Decryption operations for a particular VPN tunnel can only happen on one core, or are stuck in the slowpath - If the first two listed are not the issue (check them first), the traffic may be in the F2F/slowpath due to what blades you have enabled or other unusual conditions being present, or it is being bottlenecked by single-core limitations as in the case of an elephant flow

All this is covered quite extensively in my Gateway Performance Optimization Course.