When CNAT is enabled with NGFW mode Policy-based traffic processing is handled in three policy types 

1. Security Policy: The policy that handles UTM inspections. Policy ID is mentioned as ngfwid=2 in the below session and policy.

2. Central NAT: The policy that handles Source NAT.

3. SSL Inspection and Authentication: The policy that handles SSL inspection and Authentication. Policy ID is mentioned as policy_id=3 in the below session and policy.

Below is an example of a sample session: 

session info: proto=1 proto_state=00 duration=2 expire=57 timeout=0 refresh_dir=both flags=00000000 socktype=0 sockport=0 av_idx=0 use=4
origin-shaper=
reply-shaper=
per_ip_shaper=
class_id=0 ha_id=0 policy_dir=0 tunnel=/ vlan_cos=0/255
state=log may_dirty ndr app_valid
statistic(bytes/packets/allow_err): org=60/1/1 reply=60/1/1 tuples=3
tx speed(Bps/kbps): 25/0 rx speed(Bps/kbps): 25/0
orgin->sink: org pre->post, reply pre->post dev=5->4/4->5 gwy=10.5.63.254/0.0.0.0
hook=post dir=org act=snat 172.31.200.109:1->8.8.4.4:8(10.5.50.244:5118)
hook=pre dir=reply act=dnat 8.8.4.4:5118->10.5.50.244:0(172.31.200.109:1)
hook=post dir=reply act=noop 8.8.4.4:1->172.31.200.109:0(0.0.0.0:0)
misc=0 policy_id=3 pol_uuid_idx=16088 auth_info=0 chk_client_info=0 vd=0
serial=0001790f tos=ff/ff app_list=0 app=24466 url_cat=0
rpdb_link_id=00000000 ngfwid=2
npu_state=0x001108
no_ofld_reason: redir-to-ips denied-by-nturbo
total session: 1

Related article:

Technical Tip: Enabling and Configuring Central SNAT on the FortiGate