• Critical alarm "SNAT Port Usage On Gateway Is High" is seen continuously for SNAT IP, even though there are not many active connections
• You see messages similar to the following in the syslog:
  
  2023-04-14T18:05:10.037Z nsxmgr-03 NSX 5281 MONITORING [nsx@6876 alarmId="927cab4a-####-####-####-36f3a55a14b5" alarmState="OPEN" comp="nsx-manager" entId="62a03bb6-####-####-####-a7279c6a0ca6" errorCode="MP701099" eventFeatureName="nat" eventSev="CRITICAL" eventState="On" eventType="snat_port_usage_on_gateway_is_high" level="FATAL" nodeId="62a03bb6-####-####-####-a7279c6a0ca6" subcomp="monitoring"] SNAT ports usage on logical router 42ecb79b-####-####-####-c3e599c41862 for SNAT IP 10.10.10.10 has reached the high threshold value of 80%. New flows will not be SNATed when usage reaches the maximum limit.
• The review the actual usage, use the following commands on the node UUID reported in the alarm, for example above it is: nodeId="62a03bb6-####-####-####-a7279c6a0ca6"
  • Log in as the admin user on Edge node and invoke the NSX CLI command `get firewall <LR_INT_UUID> connection state`. 
  • LR_INT_UUID is the interface to which the SNAT rule is applied.
    • Note: If the SNAT rule is not applied to any specific interface, use any Uplink interface UUID for the logical router.
  • Check the UDP/TCP flows listed out

"NAT Active/Max": "9/4294967295",
"NAT Active/Max": "3/4294967295",
"NAT Active/Max": "0/4294967295",
"NAT Active/Max": "6/4294967295",

Note: The first number before the '/' is the used counter, and the number on the right is the available count.

This issue is resolved in VMware NSX 3.2.4
This issue is resolved in VMware NSX 4.1.1, 4.2.0

Workaround:

Disable the alarm under "Alarm Definitions". This should avoid the alarm from re-appearing.

Make sure to re-enable the alarm after you complete the upgrade successfully.