topic Dynamic IP Pool utilization - 10.2.9-h1 in Next-Generation Firewall Discussions https://live.paloaltonetworks.com/t5/next-generation-firewall/dynamic-ip-pool-utilization-10-2-9-h1/m-p/597931#M3742 <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak"> Hi Team</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">We have an issue where we use Dynamic IP pool for outbound NAT but 'show running ippool' does not reflect the accurate NAT xlate pool usage.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">For example, we see 9k Available IPs but on checking the global counter we can see the NAT Utilization errors:</SPAN></SPAN></P> <DIV id="tinyMceEditorUtkarshKumar_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="UtkarshKumar_1-1726519436193.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/62263iC8B1B26C205D91FE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="UtkarshKumar_1-1726519436193.png" alt="UtkarshKumar_1-1726519436193.png" /></span></P> <P>&nbsp;</P> <P>show running nat-rule-ippool &lt;rule&gt; also shows the same number stating 9k available IPs.<BR /><BR />Why can't we see the actual number of utilized and Free IPs?<BR /><BR />Is there a more specific command or way to check this on the firewall?<BR /><BR />I see this but not sure if it also applies to Dynamic IP type NAT rule:<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkPCAS" target="_blank" rel="noopener">Packet drop due to source NAT IP/port allocation failed - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">&nbsp;</SPAN></SPAN></P> Mon, 16 Sep 2024 20:51:35 GMT UtkarshKumar 2024-09-16T20:51:35Z Dynamic IP Pool utilization - 10.2.9-h1 https://live.paloaltonetworks.com/t5/next-generation-firewall/dynamic-ip-pool-utilization-10-2-9-h1/m-p/597931#M3742 <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak"> Hi Team</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">We have an issue where we use Dynamic IP pool for outbound NAT but 'show running ippool' does not reflect the accurate NAT xlate pool usage.</SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">For example, we see 9k Available IPs but on checking the global counter we can see the NAT Utilization errors:</SPAN></SPAN></P> <DIV id="tinyMceEditorUtkarshKumar_0" class="mceNonEditable lia-copypaste-placeholder">&nbsp;</DIV> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="UtkarshKumar_1-1726519436193.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/62263iC8B1B26C205D91FE/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="UtkarshKumar_1-1726519436193.png" alt="UtkarshKumar_1-1726519436193.png" /></span></P> <P>&nbsp;</P> <P>show running nat-rule-ippool &lt;rule&gt; also shows the same number stating 9k available IPs.<BR /><BR />Why can't we see the actual number of utilized and Free IPs?<BR /><BR />Is there a more specific command or way to check this on the firewall?<BR /><BR />I see this but not sure if it also applies to Dynamic IP type NAT rule:<BR /><A href="https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClkPCAS" target="_blank" rel="noopener">Packet drop due to source NAT IP/port allocation failed - Knowledge Base - Palo Alto Networks</A></P> <P>&nbsp;</P> <P>&nbsp;</P> <P><SPAN data-teams="true"><SPAN class="ui-provider a b c d e f g h i j k l m n o p q r s t u v w x y z ab ac ae af ag ah ai aj ak">&nbsp;</SPAN></SPAN></P> Mon, 16 Sep 2024 20:51:35 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/dynamic-ip-pool-utilization-10-2-9-h1/m-p/597931#M3742 UtkarshKumar 2024-09-16T20:51:35Z