Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7

Palo Alto NAT IP Address

Hi guys,

We're monitoring our Palo Alto's public internet interface using NTA - however we're running into an issue where the NTA summary for the interface only shows our Public IP - not the private IP address of the internal clients using the internet. This makes it difficult to track down exactly which clients are utilising the link.

Just wondering if it's possible to get this information to show in NTA.

0 Kudos
9 Replies

Is there an update on this at all? We are facing the same issue where the Source Address for all conversations is the NATed IP address rather than the real IP address

0 Kudos

There's a Feature Request under consideration for this idea here:

I would encourage you to upvote this feature request, and add any elaboration to that thread.  We do review and prioritize the feature request threads to help shape the product roadmap - your voice is important!


0 Kudos

Is this limitation/problem addressed yet and if yes what version is is available in ?

0 Kudos

The feature request he linked to is still open and has not been marked as implemented, so this feature still does not exist.

- Marc Netterfield, Github
0 Kudos
Level 7

We have same issue with SW not showing PA NAT ip on Wan interface. Please update the solution.

Product Manager
Product Manager

We're going to report the view of traffic from each interface - there's not currently any ability to stitch together NAT conversations.

I would be very interested in speaking with you about what you would like to see - what would a feature like this present, and what workflows would this capability support? What do you have to do today to put these pieces together, how often are you doing that, and how much effort is involved?

Would you like to set up some time to chat? I can work with your timezone 😉


0 Kudos

Hi there

I am rather surprised if NTA does not have this feature on.

I think you are able to see the full conversation info if it is a Cisco ASA or a different UTM. All we need is to see who is saturating our link. we do this by analysing the netflow of the device and which one are your top 5 conversation endpoints

Below is the example of the ASA we have where you can clearly see which network endpoints are involved in the conversation as I can see it's private IP (10.202.28.x)


We want the same output from our Palo alto UTM netflows as it shows the interface's public ip

This is essential when our internet link gets saturated or is hitting a very high utilisation. Instead of us going on the actual UTM and run captures to determine which endpoint is hogging all the bandwidth,


There has to be a way to embed this info in NTA, I am happy to have a chat in regards to this.

I working hours are 9AM-5:30PM on the Australian Eastern Standard (Sydney) time\.

Kind Regards

Sent you an email with a proposed meeting time!


0 Kudos

We are having the exact same problem with our Palo Altos, while it works fine for Cisco. Submitted a support case for this.