The following NQE query lists all the IP addresses that are part of a NAT rule on any device in the network.
/**
* @intent List all NAT entries
* @description List all NAT entries, including post NAT IPs
*/
foreach device in network.devices
foreach natEntry in device.natEntries
let headerMatches = natEntry.headerMatches
let ipv4SrcSubnets = natEntry.headerMatches.ipv4Src
let ipv4DstSubnets = natEntry.headerMatches.ipv4Dst
let ipv4NatSrcSubnets = (foreach rewrite in natEntry.rewrites
select rewrite.ipv4Src)
let ipv4NatDstSubnets = (foreach rewrite in natEntry.rewrites
select rewrite.ipv4Dst)
where isPresent(max(ipv4NatSrcSubnets)) || isPresent(max(ipv4NatDstSubnets))
select {
deviceName: device.name,
"NAT type": natEntry.natType,
"Source IP": ipv4SrcSubnets,
"Destination IP": ipv4DstSubnets,
"Source port start": (foreach tpSr in headerMatches.tpSrc
select tpSr.start),
"Source port end": (foreach tpSr in headerMatches.tpSrc
select tpSr.end),
"Dest port start": (foreach tpDt in headerMatches.tpSrc
select tpDt.start),
"Dest port end": (foreach tpDt in headerMatches.tpSrc
select tpDt.end),
"Post NAT Source": max(ipv4NatSrcSubnets),
"Post NAT Destination": max(ipv4NatDstSubnets)
}