Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
674 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Thank you for reaching out.
I understand you are getting SNAT port exhaustion alert for your Azure Firewall. And you wish to know which Source IP contributed the most in SNAT port exhaustion.
I think Top flows log will be helpful in this scenario. The Top flows log (known in the industry as Fat Flows), shows the top connections that are contributing to the highest throughput through the firewall. This query returns the top flows across Azure Firewall instances and these are the columns available.
Meanwhile as documented here If your firewall is running into SNAT port exhaustion, you should add at least five public IP address. This increases the number of SNAT ports available.
Hope this helps! Please let me know if you have any questions. Thank you!
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.