I have this issue as well (http/https open on external interface gateways). We used to use Mobile Access but I disabled the Mobile Access blade about a year ago and afaik have no use any Multi Portal functions on the external interface.
I found this article sk155512 -
How to determine which portal is causing MultiPortal to respond on external interface
Is this relevant in this case? The article states - "MultiPortal creates an implied rule and accepts traffic on port 443 or port 80 if a portal is set to be accessible from All Interfaces. This setting might persist even if the blade was later disabled. This can be changed in the following manner:"
The article is very vague with instruction such as - 5. Change the setting accordingly. I tried to follow the article along in GuiDBedit but could not work out what to do.
A while back I opened a support ticket with Checkpoint but got nowhere with it.