All Products
Search
Document Center

NAT Gateway:Diagnose an Internet NAT gateway

Last Updated:Apr 24, 2026

Internet NAT Gateway is integrated with Network Intelligence Service (NIS) to provide the instance diagnostics feature. You can use this feature to check the configurations and status of instances and troubleshoot issues based on suggestions provided by NAT. The diagnostics include information about connectivity, configurations, quotas, and fees. You can also view diagnostic records.

Prerequisites

Instance diagnostics

You can use the instance diagnostics feature to diagnose an Internet NAT gateway. Virtual Private Cloud (VPC) NAT gateways do not support instance diagnostics.

  1. Log on to the NAT Gateway console.
  2. On the Internet NAT Gateway page, find the Internet NAT Gateway instance and click Diagnose in the Instance Diagnosis column.

  3. In the Instance Health Diagnostics panel, view the diagnostic progress, results summary, and details of each diagnostic item.

    • If an exception is detected, the diagnostic item is displayed in the Instance Diagnostics panel. You can click the diagnostic item to view its details.

    • In the Diagnostic Items section, select Show All Diagnostic Items to display all supported diagnostic items. You can then expand each item to view its details.

    You can also click Go to the NIS console to view diagnostic records at the top of the Instance Health Diagnostics panel. This action redirects you to the NIS console to view more details about the diagnostic history of your Internet NAT Gateway instance.

Diagnostic items and details

The following table describes the diagnostic items supported by Internet NAT gateways.

Category

Diagnostic item and description

Connectivity Diagnostics

  • Packets Dropped Due to Capacity Limit: Checks whether the Internet NAT Gateway instance drops packets due to rate limiting.

  • SNAT Source Port Allocation: Checks for failures in allocating SNAT source ports for the Internet NAT Gateway instance.

Configuration Diagnostics

  • Route Missing: Checks whether a route to the Internet NAT Gateway instance exists in the Virtual Private Cloud (VPC).

  • Instance Status: Checks the operational status of the instance.

  • NAT Configurations: Checks whether SNAT entries and DNAT rules are configured for the Internet NAT Gateway instance.

  • EIP Status: Checks whether an elastic IP address (EIP) is associated with the Internet NAT Gateway instance.

  • DNAT and Security Group Configuration: Checks the security group configuration of DNAT backend servers for misconfigurations.

  • DNAT Conflicts: Checks for conflicts between DNAT rules and the EIPs of backend servers.

  • IPv4 Gateway Compatibility: Checks for compatibility issues between the IPv4 gateway and NAT configurations.

Quota Limit Diagnostics

  • Rate of NAT Gateway Traffic Processing: Checks whether the instance's traffic processing rate is within the normal range.

  • Usage of Concurrent Connections of NAT Gateway: Checks whether the instance's concurrent connection usage is within the normal range.

Cost Diagnostics

  • Alerts for Expiration: Checks if the instance will expire within 15 days.

  • Alerts for Overdue Payments: Checks whether the Internet NAT Gateway instance has overdue payments.