Strictly speaking, no - it is not possible to populate a variable out from the subsearch into the primary search without Splunk interpreting that variable as a search value. But there are some other ways to go about it.

First Idea
Perform a unified search across both sources and preserve only the events that have a shared dest_ip. Then perform your stats command across the remaining results. It would look something like this:

(index=checkpoint rule=*)  OR (index=sdwfw001 fac=f_http_proxy url=* request_command=CONNECT)
| eventstats dc(index) AS index_count BY dest_ip
| search index_count=2 
|stats count by dest_IP policy_name url  

The disadvantage here is that you aren't pre-filtering the checkpoint logs, so the search might bog down a bit, depending on the volume of data going into your checkpoint index.

Second Idea (not recommended)
The only way I know to pass a value as a variable (but not a search term) from one search into another is to use the map command. However, this command is terribly inefficient, as explained here: https://answers.splunk.com/answers/611129/newbie-map-question.html#answer-612249
But as a teaching exercise, it might be useful to understand how the map command could be used here:

index=sdwfw001 fac=f_http_proxy url=* request_command=CONNECT
|stats count by dest_IP url 
| map maxsearches=0 
[ search index=checkpoint rule=* "$dest_ip$" 
 |  eval url="$url$" 
 | stats count by dest_ip policy_name url ]
| stats sum(count) AS count BY dest_ip policy_name url

Really, really - do not use this search, as it will launch a new search for every dest_ip found in the first part of the search. This is remarkably inefficient.