when you enable NAT in a policy by crossing the checkbox, you apply source NAT. By default, the IP address of the outbound interface is used instead of the original address.
So, your rule 1 sends traffic to the internet with a source address of your WAN interface, which of course is routed back with no problems.
Rule 2 does not really make sense. Assuming that you use RFC1918 private addresses on your LAN, how would anybody on the 'net find your WAN router? Private addresses are not routed over internet routers, to avoid the ambiguity which would arise if 1000 users of an ISP use the range 192.168.1.x, for example.
So enabling NAT on rule 2 will have the effect that the original WAN address of inbound traffic is lost/replaced, but there won't be any inbound traffic in the first place.
And you don't need rule 2 at all. Traffic outbound through rule 1 will be answered and routed back to the WAN interface of your FGT. The FGT then looks up which policy might match, then, if that policy uses NAT, and if it does, it looks up the NAT table to reverse the address translation. So in short, for reply traffic you only need one outbound policy in general.
"Kernel panic: Aiee, killing interrupt handler!"