Hi @56789 , I understand that you want to create VPN connection between Azure VPN Gateway and your Checkpoint Firewall.
Answering your questions:
- When PolicyBasedTrafficSelectors = off/false, custom traffic selector is not looked at. Thus, Azure VPN Gateway will initiate the tunnel with Traffic Selector = 0.0.0.0/0.
- When PolicyBasedTrafficSelectors = on/true, the custom configured traffic selectors will be proposed only when an Azure VPN gateway initiates the connection. A VPN gateway accepts any traffic selectors proposed by a remote gateway (on-premises VPN device). Is it possible to configure CheckPoint Firewall to initiate the connection, so you can set Azure VPN Gateway as Responder? Note that the on-premises networks connecting through policy-based VPN devices with this mechanism can only connect to the Azure virtual network; they cannot transit to other on-premises networks or virtual networks via the same Azure VPN gateway. See other considerations.
Stepping back a bit, why do you need to configure custom traffic selector, which means policy-based VPN connection? I think it would be simpler to use route-based VPN connection, if your Checkpoint Firewall doesn't support BGP, you can use static routing.
More info: About policy-based and route-based VPN