Rerference

https://community.fortinet.com/t5/FortiGate/Technical-Note-How-FortiOS-selects-unused-NAT-ports/ta-p/196785
https://www.fortinetguru.com/2017/11/how-fortios-differentiates-sessions-when-nating/

Situation

# NAT如果用Source Port來映射Session
Using the Source Port for session mapping in NAT configurations.

# 65536-1024(保留)=64512個session不就會耗盡了嗎?
With 65536 minus 1024 reserved ports, won't the remaining 64512 sessions lead to port exhaustion?

Solution

在建立Session，會使用5個tuple
1. Source Port
2. Source IP
3. Destination Port
4. Destination IP
5. 協定

這五個可以組成更多的Session來避免防火牆無法建立連線