[EDIT:] After reading your other post in the other NAT thread I may have got the wrong end of the stick - however - what I have written is true for the situation I am showing in my diagram. Assuming you have already got a node object created for Int_host and Network objects created for Intranet_User_IP_Net and Internet_User_IP_Net
1) Create a new "Node Host" object for your Ext_IP_1 (NAT) address - do
not set up automatic NAT on this object.
2) Create a new "Node Host" object for your Ext_IP_2 (NAT) address - do
not set up automatic NAT on this object
3) Manually Add 2 new "Address Translation" rules under the "Address Translation" tab of the rulebase:
Intranet_User_IP_Net | Ext_Ip_1 | Any | = | Int_Host | = | Comment as req
_________ANY______| Ext_Ip_2 | Any | = | Int_Host | = | Comment as req
Ensure that there are "Security" rules under the "Security" tab of the rulebase to allow traffic to allow these external groups to the NAT addresses:
Intranet_User_IP_Net | Ext_Ip_1 | Any Traffic | Approriate Services | Accept
_______ANY________| Ext_Ip_2 | Any Traffic | Approriate Services | Accept
Under "Policy Menu > Global Properties > NAT > Manual NAT Rules" check "Translate Destination on the Client Side"
Finally - you will also need either
1) routes on the upstream router to route traffic destined to the NAT addresses onto the FW External NIC. or
2) your FW must respond to arp requests on behalf of the NAT addresses (set up proxy arps).