Hello,
When you talk about Encryption Domains it would be helpfull if you use "local" or "remote" to understand where you need to add the networks. I understand that you added two more networks to the remote Encryption domain. You can have all the networks you want as far as not overlapping exists with other vpn communities.
To clarify, just two encryption domains exists. One local ED (networks behind your local checkpoint firewall) and one remote ED (networks behind fortigate). All what you need to do is adding those two new networks to the remote ED (it should be a network group object).
On checkpoint side, it works the same way you mention about fortigate. When you add more networks the the encryption domain group, the peers will negotiate one phase 2 keys per each one of these new networks.
So one single vpn community is needed. You should set one vpn tunnel per subnet pair on the VPN Tunnel Sharing section.
If you have troubles please upload the logs from smartconsole so we can give better advices. You can filter by "action:"Key Install" and X.X.X.X" where the ip is the remote peer public ip address.
Regards