When you allow access to your network from the Internet it may happen that you'll see only external firewall IP address in the logs and not actual remote client IP addresses accessing your published resources.
Fortigate, FortiOS, VIP, Virtual IP, Logs, Traffic
The issue occurs because of mis-configured firewall policy options.
When you allow access to a Virtual IP (VIP) object there is no need to enable NAT checkbox in rule properties. VIP is other word for static NAT and by creating it you already enabled NAT translation. The NAT checkbox in the rule properties is used to configure HIDE NAT and conceal traffic behind firewall IP address. In most cases there is no need to conceal Internet traffic behind the firewall IP.