I have the same problem my mikrotik configuration as follow
mikrotik Lan ip is 10.10.10.10
Wan interface ip 10.10.9.2
then the traffic route form wan to FortiGate (there are no masquerade rule on mikrotik)
The Nat Doing On FortiGate router
i am need to change source Ip of subnet 10.10.4.0/24 to 10.100.20.0/24 when destination network was 10.12.0.0/24 (tunnel)
because the VPN Tunnel On FG allows only subnet 10.100.20.0/24 to pass through
So when I need to access any device with Destination 10.12.0.0/24 , I must do it from devices that have ip subnet 10.100.20.0/24
what is the solution to Subnet 10.10.4.0/24 ?
Please read first Getting the most out of this forum
This is not the same situation and you should create new post.
What is "10.10.4.0/24"? You say your LAN is 10.10.10.10. Please read your post in Preview before submit it.
About your case.
At MikroTik who is after other router like FortiGate must have a directly connected network with it. I understand that "Wan interface ip 10.10.9.2" is on MikroTik and 10.10.9.1 is on FortiGate.
When you not use SNAT/Masq NAT rule then you used a routing itself, this mean your LAN 10.10.10.10 or/and 10.10.4.0/24 is out to FG as original address.
This FortiGate must have do a SNAT rule to hide your 10.10.10.10 or/and 10.10.4.0/24 as 10.100.20.0/24 because this 10.100.20.0/24 is internal network inside FortiGate, this is not MikroTik network.
You cannot do SNAT (hide src address) as not your network. SNAT can change incomming not-your network as one of yours networks. Means you can hide 10.10.10.10 and/or 10.10.4.0/24 as 10.10.9.2. When you do it then still FG must do SNAT to hide your 10.10.9.2 as 10.100.20.0/24.
If I not answer you properly that means you wrongly describe problem, not use a diagram. Please read first Getting the most out of this forum