forward WAN to LAN by FQND

Welcome to the forums. What you are asking for is called Virtual IP with Port Forwarding. It' s available to all Fortigate platforms and versions at the current time.

Perhaps DNS translation is what you want, assuming there is no internal DNS server on your network and you want your internal computers remote connecting to those two " servers" by hostname.

Pretty much. Still not exactly sure what you are requesting here -- it seems you are requesting something that is akin to setting up two VIPs, but want some sort of DNS translation in the mix. As Bob pointed out this is not how the fgt works. Ideally, and assuming your company has more than one public IP address, you can set up pc1.company.com and pc2.company.com to resolve to two public IPs (one could be the fgt' s WAN IP) that are routed to the fgt' s WAN interface then set up two VIPs from there to point to the real machines. (Maybe someone has a better solution.)

 remote.company.com:5000 witch forwards the request to 10.0.1.5:3389  remote.company.com:5001 witch forwards the request to 10.0.1.6:3389 

The above is pretty much how we set up remote desktop connections on our fgt boxes.

What you want is referred to is a split DNS configuration, which can be set up on 60C models and higher. See page 576 for 4.0 MR3, page 435 for 5.0 Once setup, you can create/setup DNS records for your remotes. But if your company is running a Windows Active Directory (which requires DNS be set up on it) with DHCP service running on it then the PCs in your company should already be registering themselves in AD and DNS. (The DHCP service should be registering the computer hostnames in DNS when their IP leases are renewed.)

I know exactly what you are trying to do from using a lot of ISA/TMG box' s in the past which support host header inspection where you can have multiple internal services published via one external IP and port via certificates or the like, typically though I have only used this for web services bound to certificates. I have looked into this in the past and found the FG unit cant do it as rwpatterson mentioned.

Just as a side note you can use http host headers for HTTP/SSL connections under the Load Balance Virtual Server section to allow you to setup many my.server.com names and then direct them to different internal servers using the same web port via the HOST HEADER method. I thought I might be able to make it work for your scenario using TCP as the transport but it doesn' t support Host headers in that mode, which i guess makes sense as they are native to HTTP/S requests.

Scott deleted his original post regarding Load Balance Virtual Server, but he is on to something...providing all of the remotes (in the DMZ) are part of a server farm (all identical RDP servers) and it doesn' t matter which remote is used in a connect. Server Load Balancing with Port Forwarding can be set up to map an ext IP to a range (pool) of IP addresses (in the DMZ). Unfortunately (if I read the 5.0 CLI ref manual correctly) you are limited to a pool of something like 8 real servers.