From the Management plane side, the NAT stats shows zero active sessions and packet count.
NSX manager UI.
NAT rules statistics show Zero Active sessions and packet counts
However from the dataplane side from active EDGE CLI, the NAT rules shows statistics as expected.
Firewall connection table shows the active session for the NAT rule and statistics/hit counts updates.
NAT rule:
edge02> get firewall 24414390-91f2-4059-bc36-4970d794dcc3 ruleset type snat rules
Rule count: 1
Rule ID : 536870912
Rule : out protocol any prenat from ip 10.1.1.0/24 to any snat ip 192.168.10.1 with log
Connection table:
edge02> get firewall 24414390-91f2-4059-bc36-4970d794dcc3 connection
Sun Jun 16 2024 UTC 16:23:25.895
Connection count: 1
0x0000000250001a3b: 10.1.1.12 -> 172.16.10.1 (192.168.10.1) dir out protocol icmp fn 1003:536870912
Statistics/Hits
edge02> get firewall 24414390-91f2-4059-bc36-4970d794dcc3 ruleset type snat stats
Rule count: 1
Rule ID : 536870912
Input bytes : 92933
Output bytes : 92214
Input packets : 1097
Output packets : 1100
Evaluations : 34
Hits : 7
Active connections : 1
In the NSX API logs ( /var/log/proton/nsaxpi.log), we could see the below warning:
2024-06-16T16:11:34.749Z INFO http-nio-127.0.0.1-7440-exec-45 PolicyNATServiceImpl 85878 POLICY [nsx@6876 comp="nsx-manager" level="INFO" reqId="b0f96e54-3de9-4a53-b965-b0495b7fee12" subcomp="manager" username="admin"] The stats for Nat rule /infra/tier-1s/T1-LB-GW/nat/USER/nat-rules/SNAT-Web-server are NatStatisticsPerRule{logicalRouterId='82baff24-4626-414e-bc78-b9c84e5f0aa5', id='536870912', warningMessage='Partial statistics of NAT Rule 536870912 of logical router 82baff24-4626-414e-bc78-b9c84e5f0aa5 from transport node(s) [Ljava.lang.Object;@692dae3d.', lastUpdateTimestamp='1718554294749', super{NatCounters{activeSessions='0', totalPackets='0', totalBytes='0'}}}
Error: Failed to query statistics of logical router 82baff24-4626-414e-bc78-b9c84e5f0aa5 NAT Rule 536870912 : Unable to reach client 228f0128-0c69-11ef-b3c4-0050569d4a26, application AggSvc
2024-06-16T16:11:34.748Z ERROR http-nio-127.0.0.1-7440-exec-55 AggSvcLogicalRouterService 85878 MONITORING [nsx@6876 comp="nsx-manager" errorCode="MP6650" level="ERROR" reqId="5e0414bf-f871-4254-ada3-1a01fb3869c2" subcomp="manager" username="nsx_policy"] Failed to query statistics of logical router 82baff24-4626-414e-bc78-b9c84e5f0aa5 NAT Rule 536870912 : Unable to reach client 228f0128-0c69-11ef-b3c4-0050569d4a26, application AggSvc
The API calls for NAT statistics retrieve aggregate statistics from Edge nodes. If any Edge node associated with NAT rules (Tier-1 or Tier-0 Gateways) is in an unknown, unhealthy, or down state, the NSX UI will not be able to display any NAT statistics.
The API call will result the NAT statistics as zero with error as Failed to query statistics of logical router 82baff24-4626-414e-bc78-b9c84e5f0aa5 NAT Rule 536870912 : Unable to reach client 228f0128-0c69-11ef-b3c4-0050569d4a26(problematic edge), application AggSvc
Verify the reason for the edge node being in unknown/down state and fix it accordingly, once the edge node is healthy, The NAT stats should be visible.