• The CNF/VNF establishes a uni-directional GRE tunnel with external network with SNAT configured on Edge VM. 
• After SNAT is removed or disabled on Edge VM still the packets which traverses out of Edge VM (tier-1/tier-0) appears to be SNAT'd.

4.1.0.2

From the Edge VM logs, the SNAT deletion, recreation and disabled are observed but no firewall logs are as the SNAT or firewall session logs were not enabled on the SNAT rules configured. 

However the assumption is since the scenario had active ongoing GRE sessions the default timeout for inactive UDP sessions of 60 seconds could not be applied to SNAT. 

Once one of the POD was restarted, the GRE tunnel got re-established and it bypassed SNAT.

Restart the CNF/VNF, so that the GRE tunnel gets re-established with external network and bypasses SNAT