thank you for your feedback.
I just solved, the missing key point was related to VTI; once created on fortinet side (https://community.fortinet.com/t5/FortiGate/Technical-Tip-VXLAN-over-IPsec-for-multiple-VLANs-using-...I created it also on Check Point side and VXLAN started to work properly.
It is important to remember:
- allow traffic from peer's VTI to the Check Point GW on port 4789.
- Add to the bridge the VXLAN interface and a VLAN interface, not a normal interface (eth1.10 is good, eth1 is not)
- configure L3 for that VLAN on a port outside the bridge.
Hope to help someone in the future 🙂