I couldn't really figure out how to do that (HIDE NAT)...but I did finally get it to work. I think the problem was that when I was making changes that I *though* would work...I had to restart the Fortigate or bring the WAN 2 interfact down and back up for the Fortigate to actually take the change. In short...here is how I accomplished the goal of directing end user web traffic through WAN2 while using WAN1 for everything else:
1) Enabled WAN2 with appropriate settings.
2) Added static route to WAN2 default gateway...setting priority higher number (thus lower priority) than WAN1 default gateway.
3) Added firewall policy to allow traffic from internal interface to WAN2 interface...with NAT.
4) Added the following Policy Route: Protocol:6 / Incoming Interface: Internal / Source: 0.0.0.0/0.0.0.0 / Destination: 0.0.0.0/0.0.0.0 / Ports: 80 to 80 / Type of Service 00 and 00 / Outgoing Int: wan2 / Gateway Address: the actual DG of WAN2. Note that the help that I was seeing from Fortigate on this topic seemed pretty inaccurate. For example it said all zeros as the source or destination disabled the feature.
5) Repeated for port 443.
6) Brought WAN2 down, then back up (this seemed to be key...but i may be wrong!).
To test I tried a tracert...and that went through WAN1 (I guess b/c not to port 80 or 443). I then went to
www.speedtest.net since that shows my from IP address (i guess many sites do), and it reflected that I was coming from my WAN2 ISP. I'm sure there are more elegant ways to test...but it is way too technical for me!
