Chapter 18 Troubleshooting : Life of a Packet : Packet flow : Destination NAT (DNAT)
  
Destination NAT (DNAT)
The FortiGate unit checks the NAT table and determines the destination IP address for the traffic. This step determines whether a route to the destination address actually exists.
For example, if a user’s browser on the internal network at IP address 192.168.1.1 visited the web site www.example.com using NAT, after passing through the FortiGate unit the source IP address becomes NATed to the FortiGate unit external interface IP address. The destination address of the reply back from www.example.com is the IP address of the FortiGate unit internal interface. For this reply packet to be returned to the user, the destination IP address must be destination NATed to 192.168.1.1.
DNAT must take place before routing so that the FortiGate unit can route packets to the correct destination.