I wanted to understand the NAT Gateway cost for the current billing month and which service is utilizing it.

Question

I wanted to understand the NAT Gateway cost for the current billing month and which service is utilizing it.

SivaKalyan Yamarthi 20

The NAT Gateway utilization has increased significantly all of a sudden. How can we identify which service is utilizing it?

Suchitra Suregaunkar 13,115 Reputation points Microsoft External Staff Moderator

2026-02-10T06:38:16.6433333+00:00

Hello SivaKalyan Yamarthi

Thank you for Posting your query on Microsoft Q&A platform.

We are looking into your issue and will keep you posted updates.

Thanks,

Suchitra.
SivaKalyan Yamarthi 20 Reputation points

2026-02-10T06:41:47.78+00:00

We are using standard version gateway , The NAT Gateway utilization has increased significantly all of a sudden. How can we identify which service is utilizing it?
Suchitra Suregaunkar 13,115 Reputation points Microsoft External Staff Moderator

2026-02-10T07:11:21.2133333+00:00
Hello SivaKalyan Yamarthi

An increase in Azure NAT Gateway charges in the current billing month is expected behavior when outbound traffic volume increases.

Azure NAT Gateway is charged based on two components only:

Gateway hours – billed for every hour the NAT Gateway resource exists, regardless of traffic.

Data processed – billed per GB for:

Outbound traffic to the internet

Inbound response traffic to outbound connections

There is no pricing difference between Standard and StandardV2 NAT Gateway SKUs.
Reference: https://azure.microsoft.com/en-us/pricing/details/azure-nat-gateway/

NAT Gateway works at the subnet level. If outbound internet traffic from any resource in the associated subnet increases, NAT Gateway data‑processed charges will increase accordingly.

Examples of resources that generate NAT traffic (as per Microsoft design):

Virtual Machines / VM Scale Sets

AKS nodes

App Services with VNET integration

Any workload making outbound internet calls from that subnet

Important: NAT Gateway does not provide per‑service or per‑VM cost attribution by default.

To identify which workload is using the NAT Gateway (supported methods)

Confirm traffic increase (supported):

Use Azure Monitor → Metrics on the NAT Gateway resource and review:

Bytes (Sum)

Packets (Sum)

SNAT Connection Count

These metrics confirm traffic volume but do not identify individual services.

Reference: https://learn.microsoft.com/en-us/azure/nat-gateway/monitor-nat-gateway

Identify affected workloads :

Check which subnet(s) are associated with the NAT Gateway. Only resources deployed in those subnets can generate NAT traffic. This narrows the scope to the exact set of workloads involved.

Attribute traffic to IPs: If detailed attribution is required:

Enable NAT Gateway Flow Logs (supported on StandardV2)

Send logs to Log Analytics

Analyze source private IPs and destinations

Reference: https://learn.microsoft.com/en-us/azure/nat-gateway/monitor-nat-gateway-flow-logs

Cost validation

Use Cost Management + Billing:

Filter by Service name = Azure NAT Gateway

Review Data processed vs Gateway hours

Cost Management reflects billing data.

Thanks,
Suchitra.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Suchitra Suregaunkar 13,115 Reputation points Microsoft External Staff Moderator

2026-02-10T08:03:11.89+00:00

Hello SivaKalyan Yamarthi

Please look into Private message and submit the ticket for further investigation.

Thanks,

Suchitra.
Ravi Varma Mudduluru 10,690 Reputation points Microsoft External Staff Moderator

2026-02-10T17:27:32.3433333+00:00

Hello @SivaKalyan Yamarthi

Could you please check the private message and share us the requested details there?
SivaKalyan Yamarthi 20 Reputation points

2026-02-12T07:50:03.83+00:00

Accepted

Answer accepted by question author

0 additional answers

Your answer

Suchitra Suregaunkar 13,115 Reputation points Microsoft External Staff Moderator

2026-02-10T06:38:16.6433333+00:00

Hello SivaKalyan Yamarthi

Thank you for Posting your query on Microsoft Q&A platform.

We are looking into your issue and will keep you posted updates.

Thanks,

Suchitra.
SivaKalyan Yamarthi 20 Reputation points

2026-02-10T06:41:47.78+00:00

We are using standard version gateway , The NAT Gateway utilization has increased significantly all of a sudden. How can we identify which service is utilizing it?
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Suchitra Suregaunkar 13,115 Reputation points Microsoft External Staff Moderator

2026-02-10T08:03:11.89+00:00

Hello SivaKalyan Yamarthi

Please look into Private message and submit the ticket for further investigation.

Thanks,

Suchitra.
Ravi Varma Mudduluru 10,690 Reputation points Microsoft External Staff Moderator

2026-02-10T17:27:32.3433333+00:00

Hello @SivaKalyan Yamarthi

Could you please check the private message and share us the requested details there?
SivaKalyan Yamarthi 20 Reputation points

2026-02-12T07:50:03.83+00:00

Accepted

Answer 1

Hello @SivaKalyan Yamarthi

NAT Gateway costs increase based on outbound traffic volume and SNAT connection usage from any resource in the associated subnet.

Identifying the consumer must be done indirectly by using VNet Flow Logs to correlate source private IP addresses with the underlying resources (such as VMs, VMSS instances, or Paas apps), and by analyzing destination IPs and ports to infer traffic type.

To check which resources are using the NAT Gateway, follow the steps below:

Step 1: Go to your NAT Gateway → Networking, and check which resources (such as subnets) the NAT Gateway is associated with.
User's image

Step 2: Enable Virtual Network flow logs on the NAT subnet.

Go to the virtual network where the NAT Gateway is assigned → Virtual network flow logs → Create a flow log.

User's image

Under Analytics, make sure to enable Traffic Analytics and select the Log Analytics workspace

User's image

Once you create the Virtual Network flow logs, the logs will appear as JSON files in the Storage account container.
User's image

In this setup, the VM does not have a public IP and the subnet is associated with a NAT Gateway. NSG flow logs show outbound traffic from the VM private IP to public destination IPs allowed by the DefaultRule_AllowInternetOutBound rule.

Since the subnet had a NAT Gateway attached at the time of the traffic, this outbound internet traffic would have been translated and egressed through the NAT Gateway public IP.

User's image

My VM Configuration:

User's image

**

When the NAT Gateway was attached to the subnet, outbound internet traffic from the VM was translated and egressed through the NAT Gateway public IP, which is reflected in NAT Gateway metrics.

After detaching the NAT Gateway, NAT metrics show no inbound, outbound, or SNAT activity, confirming that traffic is no longer flowing through the NAT Gateway.

User's image **

Ref: Virtual network flow logs compared to network security group flow logs

Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Venkatesan S 7,485 Reputation points Microsoft External Staff Moderator

2026-02-12T07:53:39.7633333+00:00

Hi SivaKalyan Yamarthi,

Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Share via

I wanted to understand the NAT Gateway cost for the current billing month and which service is utilizing it.

0 additional answers

Your answer