You appear to be hitting a source nat rule then. So create a source nat rule that forces this to be off. Adjust the zone names if needed, these need to match the zones used "from zone" is the zone on your client facing interface and "to zone" is your internet facing interface.
set security nat source rule-set tenantA from zone untrust set security nat source rule-set tenantA to zone untrust set security nat source rule-set tenantA rule no_nat match source-address *.*.138.218/30 set security nat source rule-set tenantA rule no_nat then source-nat off
The put this above any other source nat rules
insert security nat source rule-set tenantA before rule-set ? Then select your first nat rule from the list