Some network configurations do not operate correctly if a NAT policy translates the source port of packets used by the connection. NAT translates source ports to keep track of connections for a particular service. Randomly selects an IP address from the IP pool and assigns it to each connection:
From the CLI, enable fixedport when configuring a security policy for NAT policies to prevent source port translation.
#config firewall policy edit <ID> set fixedport enable end
However, enabling fixedport means that only one connection can be supported through the firewall for this service. To be able to support multiple connections, add an IP pool, and then select Dynamic IP pool in the Firewall policy.