Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Answers 2 answers
  • Subscribers 34 subscribers
  • Views 145040 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding Xbox Live Services to Xbox One Results 'Strict NAT'.

ChrisLynch

Happy New Year everyone.

I have 2 Business Rules setup on my brand new Sophos XG firewall (Firmware 15.01.0):

 

However, when I do various tests on my Xbox One, it always shows as "NAT Type: Strict".

The UDP Ports are 88, 500, 3074, 3544 and 4500.  TCP Ports are 88 and 3074.

I really wish Sophos would add uPNP support for situations like this.  Yes, I'm fully aware of the security implications of uPNP, but for home users (especially with multiple Xbox's like me), setting up Port Forwarding isn't a fun thing to do.

Am I missing something here?



This thread was automatically locked due to age.
  • 0
    Why are you limiting your xbox so much, why not a general rule for all traffic and let the software open and close ports as it sees fit after that is what stateful packet inspection is all about? You have a strict NAT not a general MASQ because of the ports you are using.
    If you want to use upnp go and buy a cheaper router that has less security becasue all you are doing is compromising your security.
  • 0
    "I really wish Sophos would add uPNP support for situations like this.". I think you misunderstand who the intended target market of XG is Chris. As with UTM, XG is a commercial system, built for business usage, that home users are allowed to use for free for marketing purposes. Features that have no valid business purpose (home only) cannot be added and by your own admission, "I'm fully aware of the security implications of uPNP". Wouldn't be a wise move to add it to a business firewall.
  • 0
    Chris I respectfully disagree with you, Sophos should never add 'UPnP' for reasons you already said. " I'm fully aware of the security implications of uPNP".

    Moving forward you don't need to do any 'port forwarding' for XBox to work in fact this setup would not work if you have multiple XBox consoles in the house. All you need to do is create a IP Host for the gaming boxes then create a new policy at the top and add your gaming IP Host's to it, disable HTTP & HTTPS scanning and set the 'web filter' to none and that's it. I have 3 XBoxes here that work great with this configuration. And yes they have all been on at the same time.

    Hope this helps...
  • 0 in reply to Scott_Klassen
    Scott - Agreed and well said.
  • 0
    Just create a bypass rule for your Xbox and use NAT. I did on mine and not sure why this won't work in your situation. Even if you get port forwarding working the way you like, eventually you are going to run into an issue with Netflix and other streaming services not connecting if you are scanning for malware on your default network policy.
  • 0 in reply to Timothy Stewart
    Ah, I see. 2 Xbox One's on the same network. Yeah, I think your only hope is UPnP. I don't think you solve this with port forwarding, at least according to tons of posts on this issue all over the web.
  • 0 in reply to Timothy Stewart
    You don't need UPnP for more then one gaming console to work. Please read my post above.
  • 0 in reply to Timothy Stewart
    Not sure where the OP stated anything about Netflix but you are correct, All the streaming devices that are not Windows computers or laptops to to be excluded from all the HTTP and HTTPS scanning as well as the 'web filter' set to none and everything works.
  • 0 in reply to Big Ray
    Did you test chat, party, and separate xbox live subscriptions? The problem is that 2 consoles need the same ports to be forwarded. If you aren't using these services NAT works great. If you are, it seems like UPnP is the solve. See this: www.isolation.se/.../ and about a million other posts on the interwebs www.google.com/
  • 0 in reply to Timothy Stewart
    I am not sure if chat, party works or not all I know is my 3 kids have not complained about something not working. Even if something was not working I would not allow any gaming console to dictate how lax my network security has to be, That said I would simply put the consoles on there own separate network so my important network stays secure.