[Lackie]

If you are not putting the CP traffic through the VPN (which you shouldn't) and you are hide natting your host behind your local firewall, the remote firewall will see the traffic from the external IP address of the firewall and not your local IP address. With the rule that you have in place it looks like it would drop that traffic because it's not from an interal network.

My opinion is that the best way to do it would be to static NAT your MS/gui client if you can and then allow that external IP address go to the remote firewall IP's in a separate rule. Make sure that the Check Point traffic doesn't go through the VPN, if it does you will have a problem getting to the remote firewalls if the VPN is ever down.