Considerations for designing NAT rules
NAT rules are processed from the top down, and more specific rules must be placed above more general rules that match the same traffic.
The traffic is matched based on the Source, Destination, Service, and Used on cells. The Source and Destination addresses in the cells must be valid for the address translation operation (the Source cell for source address translation and the Destination cell for destination address translation). When the first matching rule is found, the NAT defined for the rule is applied and the rest of the NAT rules are ignored. All NAT operations for the same connection must be defined in the same NAT rule (if you want to apply both source and destination translation to a connection).
If you use element-based NAT, the NAT rules generated from NAT definitions are applied only after the NAT rules that have been added manually to the policy. This means that the NAT rules that are generated from NAT definitions do not override the rules that you have manually added to the Firewall policy. Remember, however, that a more specific NAT rule can prevent traffic from matching the automatically generated NAT rules.