Fortigate 100D, Building a new system with 2 internal servers: 1 website and 1 mail server

Hi everybody,

I would like your help in configuring Fortigate 100D. 

My initial configuration was like this.

I put the one public ip address (I have more ip addresses) on my fortigate 100D wan1. Created VIPs with port forwarding.

Server-1: running Exchange server 2013 with virtual directories (HTTPS), so I will need ports 25 and 443 to be used on it. The email works so as OWA when accessed externally.

Server-2: will be running web server: so port 80 and port 443 also will be used.

But I tried to create VIP for 443 again it FAILED, it said you already created one, which is for the mail server.

So I thought since I have another wan port, wan2. I can use the other public ip for wan2. So my current configuration is like this:

Wan1 will be used only for incoming mail traffic (ports 24 and 443)

Wan2 will be used only for incoming web traffic (ports 80 and 443)

x.x.x.x - public ip

y.y.y.y - private ip

Wan1: x.x.x.84

Wan2: x.x.x.83

created 2 VIPs for mail and 2 VIPs for web

mail:

x.x.x.84 --> y.y.y.11  port: 25 (mail server)

x.x.x.84 --> y.y.y.11  port:443 (mail server)

web:

x.x.x.83 --> y.y.y.12  port: 80 (web server)

x.x.x.83 --> y.y.y.12  port:443 (web server)

I put these in 2 different VIPs groups: Mail traffic and web traffic

Created 2 policy:

Mail:

incoming interface : wan1 source address: all

outgoing interface: LAN destination address: Mail traffic (VIP) Schedule: always

services: Https, Smtp

Action: accept

NAT NOT ENABLED

Web:

incoming interface : wan2 source address: all

outgoing interface: LAN destination address: web traffic (VIP) Schedule: always

services: Https, http

Action: accept

NAT NOT ENABLED

There is another policy for internal users to surf the internet:

internet:

incoming interface : LAN source address: all

outgoing interface: wan1 destination address: all Schedule: always

services: all

Action: accept

NAT ENABLED: Use Outgoing Interface Address

And finally static route: 0.0.0.0/0.0.0.0, wan1, gateway x.x.x.x

My questions are:

1. Does this configuration work when someone surf to the company's website or sends mail to us? I mean using our website ti they get x.x.x.83 --> y.y.y.12 and the same goes for the mail x.x.x.84 --> y.y.y.11? Do i need to do something else?

2. I have read that the public ip used for the incoming mail must also be used for outbound mail: (The SMTP server, when initiating traffic towards the Internet , must use the same the same source IP address). 

http://kb.fortinet.com/kb/viewContent.do?externalId=FD31240 

Then what should I do? use policy routes or ip pool? How should I configure it?

3. For me doesn't matter if LAN users use wan1 or wan2 to surf the internet. but does it matter which port should be used?

I appreciate any help. Please advice. :) 

Thank you.