Hello. I already check that SK, but there is no statement that VTI is needed when configuring route based vpn Check Point - Azure. Does it mean even Azure is in route-based mode, the configuration on Check Point side is the domain based/VPN Community with matching vpn settings and there is no need for VTI? 

Yes and no. Yes as in if its domain based on CP side, you dont need VTI, but no as in I highly doubg that would work, if Azure end is route based.

Hello @the_rock. I also check in Azure documentation the configuration if the peer device is Check Point, whether it is Policy Based or Route Based, it redirects me to the same https://support.checkpoint.com/results/sk/sk101275  and based on the SK there is no notes that VTI is needed, the only note is that if the VPN Azure is in route based, the Tunnel Management on CP side should be gateway to gateway. 

I get thats what documentation says, but reality is somewhat different.

I built so many of these tunnels and my experience is that setting you mentioned is not overly relevant without VTI for route based tunnel.

Just my experience, but, you are welcome to do it the way you prefer.

See if this post I created last year helps.

https://community.checkpoint.com/t5/Security-Gateways/Route-based-VPN-tunnel-to-Azure/m-p/206179/emc...

Also, wanted to share this with you, as I spent many hours until we found a solution. This was the first option we checked and though customer told me they tried per subnet setting in vpn community, apparently that was not the case for AWS tunnel issue, though it was domain based with no BGP. We verified everything on other side, even tried permanent tunnel option, 0.0.0.0/0 vpn domain, no luck. Once we reverted all and set per subnet, installed policy, all worked fine. Keep in mind and this can definitely be somewhat deceiving to lots of people, tunnel was always showing as up, both phase 1 and 2 were green, but no traffic flowing.