Below is good reference, but I also pasted some notes I took for myself. I would send you the good doc I have, but it contains private customer info, so cant do that, sorry
Andy
https://support.checkpoint.com/results/sk/sk100726
Some notes I gathered:
Steps for route based azure vpn tunnel:
Star community
Get all the settings from config file on Azure side
Pick any Ips from 169.254.0.0/24 subnet NOT in use with current tunnels for VTIs/remote address
Say:
169.254.0.200, 201 and 202 (master, backup and VIP) and then .203 for remote address (which is also used as DG for subnet on the other side)
Once this is configured, get interfaces without TOPOLOGY
*DO NOT PUSH POLICY YET*
Save changes in dashboard, then add peer external IP to exempt anti spoof group for external interface
Then also add route to external peer IP using actual Internet default DG
MAKE SURE PEER NAME (in VTI settings in web UI) MATCHES WITH INTEROPERABLE OBJECT in dashboard
Create appropriate rule using VPN community (bi-directional match) (internal clear to 3rd party tunnel, 3rd party to 3 rd party, 3rd party to internal clear in vpn column)
Push policy and test