the supplier brings us a connectivity and a router.

The vendor only gave us the subnet and dns.
This subnet is locked down and only reaches certain addresses.
I wanted to hook this connectivity to our firewall to be able to route the traffic by differentiating the routes but using the client's declared subnet.

Hi,

Not sure I fully understand - but it seems like you need to do this:

Define a port on the FortiGate i.e port1 and connect this to the customer provider router.

On the interface settings for port1, give the FortiGate an IP within that provided range.

Lets say your customer provided you with 192.168.10.0/24 - give the firewall 192.168.10.1 lets say.

After configuring the port, you should be able to route to your customers network. 

If I have misunderstood, please can you show a diagram

I don't know if it's clear

Okay - main things here:

Your client LAN subnet is the same as the subnet provided over the MPLS. This isnt going to work.

If the network over the MPLS is completely separate to your LAN, you need to ideally change your LAN subnet.

Then, you can connect the MPLS network to the firewall on the 192.168 range, and then have a separate network on your LAN

the problem is that the applications respond to that ip class... suggestions?

Applications respond to that IP class? huh?

If anything, just move your client network to 192.168.2.0 then - same class, just different network.

I am not too sure on the applications not responding to IP classes though - that seems odd.