I believe this is how it works, at least partially. Could not find this information anywhere online, only got partial responses, that don’t actually cover all the cases. Not to mention, all the aspects on where exactly in the FW engines the NAT actually happens:
===========================================================================
Automatic NAT:
- Static NAT
> 2 NAT rules are automatically created:
>> A source translation where translates the source between the original and
the NAT address.
>> A destination translation where translates the destination between the
NAT and the original address.
> creates proxy ARP
-- Translate on Client Side ON
> translates on Inbound, after VM, before routing, on interface I
> don't need anymore routes
-- Translate on Client Side OFF
> translates on Outbound, after routing, after VM, on interface O
> add route from public IP to private IP
- Hide NAT (as this is also "automatic" only works with public IP from FW interface)
> creates proxy ARP
-- Translate on Client Side ON
> translates on Inbound, after VM, before routing, on interface I
> no more routes needed
-- Translate on Client Side OFF
> translates on Outbound, after routing, after VM, on interface O
> no more routes needed
===========================================================================
Manual NAT:
- Static NAT
-- Translate on Client Side ON
> add ARP entries to the FW for all hiding IPs
> no additional routes needed
> translates on Inbound, after VM, before routing, on interface I
-- Translate on Client Side OFF
> add ARP entries to the FW for all hiding IPs
--- Hiding IP in same subnet as FW external Interface
> add route from public IP to private IP
--- Hiding IP in different subnet as FW external Interface
> add route from public IP to private IP: next hop: private IP
- Hide NAT
-- Translate on Client Side ON
--- Hiding IP in same subnet as FW external Interface
> no ARP changes needed
> no additional routes needed
> translates on Inbound, after VM, before routing, on interface I
--- Hiding IP in different subnet as FW external Interface
> add ARP entry to the FW for the hiding IP
> translates on Inbound, after VM, before routing, on interface I
> routes ?
-- Translate on Client Side OFF
--- Hiding IP in same subnet as FW external Interface
> add route from public IP to private IP
> translates on Outbound, after routing, after VM, on interface O
--- Hiding IP in different subnet as FW external Interface
> add route from public IP to private IP: next hop: private IP
> translates on Outbound, after routing, after VM, on interface O
===========================================================================

CopyRight: CheckPoint
===========================================================================
Do Manual NAT when:
- Instances where remote networks only allow specifci IP addresses
- Situations where translation is desired for some services, and not others
- Environments where more granular control of address translation in VPN tunnels is needed
- Enterprises where address translation rule base must be manipulated
- When Port Address Translation is required
- Environments where granular control of address translation between internal networks is required
- When a range of IP addresses, rather than a network, will be translated