How to detect external IP while SNAT is turned on?
When traffic is facing my Firewall, both SNAT and DNAT are enabled.
SNAT converts the external IP into the FWs IP, so my next hop (WAF) sees the traffic as originated by the FW.
For the DNAT, Microsoft supports the following audit:
TCP request from 20.20.20.20:36538 to 21.21.21.21:443 was DNAT'ed to 10.10.10.10:443
Unfortunately not an existing audit for SNAT, once I want to find the external IP - tried to corollate by timing and using the DNAT logs but can't do that since there is heavy traffic and multiple events at the same time.
Would like to hear if anyone faced that challenge and how to solve it.