Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?

Refer to the exhibits.

The exhibits contain a network diagram, and virtual IP, IP pool, and firewall policies configuration information.

The WAN (port1) interface has the IP address 10.200.1.1/24.

The LAN (port3) interface has the IP address 10.0.1.254/24.

The first firewall policy has NAT enabled using IP pool.

The second firewall policy is configured with a VIP as the destination address.

Which IP address will be used to source NAT (SNAT) the internet traffic coming from a workstation with the IP address 10.0.1.10?
A . 10.200.1.1
B . 10.0.1.254
C . 10.200.1.10
D . 10.200.1.100

Answer: D

Explanation:

From LAN to WAN, the Source NAT will use the IPPOOL with address configured 10.200.1.100 Destination NAT, from WAN to LAN, will use the VIP

The question says SNAT, so the only correct answer here (looking at the IP Pool) is D.

(Step 2): FortiGate uses as NAT IP the external IP address defined in the VIP when performing SNAT on all egress traffic sourced from the mapped address in the VIP, provided the matching firewall policy has NAT enabled.

Note that you can override the behavior described in step 2 by using an IP pool.

Reference: https://kb.fortinet.com/kb/documentLink.do?externalID=FD44529