I discovered a real annoying limitation to the Fortigate firewalls today. And although this limitation wont be encountered on a daily basis, I know this is not a unusual setup, and above that I know that Cisco Pix Firewall support this, as I have done this before.
Suppose the the following scenario:
Suppose traffic from the Big Bad Internet is destined to company BOB’s application server at 170.1.1.1:8081.
On the Fortigate you create a port-nat to the server’s internal address of 192.168.102.1.
Assume BOB.COM has their DMZ-Internal VRF behind the firewall. And assume for financial/latency reasons, that BOB.COM has a third-party VRF used by clients from the same ISP to route their traffic via MPLS, destined to 170.1.1.1. This makes sense right, and provides these client with optimal routing to 170.1.1.1 and optionally a back-up via their Internet connection, in the event that something goes wrong in the MPLS network.
But this is where you will get stuck. You won’t be able to create a nat on the Fortigate MPLS interface for 197.1.1.1, because a Fortigate ties each NAT to ONLY ONE interface. Really silly considering there are a coule scenarios where this would be needed. Obviously there are some work arounds, like doing a double nat or using a different IP via MPLS, but this is non-optimal.
This was reported to Fortigate as a bug, but their reply implied it is a feature, and something they will not be correcting.
Routing-Bits 
Dear sir
i’m stuck in the same problem did you found and solution
in my scenario i have to work in NAT mode with that MPLS Internet Line,
can’t be in transparent mode.
thank you.
I’ve just configured fortigate NAT to two interface, and its working fine.
Well its good to see it possibly fixed 2 years on :)
When you create your Nat instance – You’d Specify the Interface as “Any” that way the Nat can be used from Multiple interfaces; if the Nat was originally created and bound to an Interface and rules applied; the Nat Instance Interface cannot then be changed to “Any” Interface – Unless removes for that Nat temporarily removed – Nat Changed and then Rules re-applied and new Rules added (on Live Device) – with a Fortimanager – the Nat can just be changed to “Any” interface
today that feature is available, but it was not at the time of the article :)
True – was remedially fixed in a patch – just listing current limitations too – live device vs fortimanager and process :-)