Hello ,
In this case its pritty simple . I hope that you do not have any Dynamic IP assigned to FW1 or FW3 , only thing here is that FW1 is behind a NAT device . So FW1 will have all the normal configuration plus the following added config of "local identity "
set security ike gateway gw-Test00 local-identity inet <NAT Public IP of FW2 >
You use local identity as hostname when we have dynamic or DHCP IP , if they all are static we can use local identity inet and give public NAT IP of FW2 in FW1 .
FW3 will have the gateway IP as the FW2 NAT IP . So FW3 will have normal configuration .