There are different settings that impact the criteria on which a new NAT port will be selected:

1. If 'set port-preserve enable' is set up under the firewall policy:

• The original port will be attempted for a re-use. If this clashes with another session, a new NAT port will be selected sequentially.

config firewall policy

    edit 1

        set port-preserve enable

    next

end

2. If 'set port-preserve disable' is configured under the firewall policy:

• The next available port will be directly selected sequentially.

config firewall policy

    edit 1

        set port-preserve disable

    next

end

3. As of FortiOS 7.6.1, there is a new 'set port-random enable' setting added under firewall policy.

• When port-preserve is disabled and port-random is enabled, the new SNAT port will be selected randomly. This feature is available as of FortiOS-7.6.1, making the allocation process less predictable and thereby enhancing security. 
• This feature is available when when 'set port-preserve' is disabled.

config firewall policy

    edit 1

        set port-preserve disable

        set port-random {enable | disable}

    next

end