Port Forwarding Xbox Live Services to Xbox One Results 'Strict NAT'.

Question

Happy New Year everyone. 
 
 I have 2 Business Rules setup on my brand new Sophos XG firewall (Firmware 15.01.0):

However, when I do various tests on my Xbox One, it always shows as "NAT Type: Strict". 
 
 The UDP Ports are 88, 500, 3074, 3544 and 4500. TCP Ports are 88 and 3074. 
 
 I really wish Sophos would add uPNP support for situations like this. Yes, I'm fully aware of the security implications of uPNP, but for home users (especially with multiple Xbox's like me), setting up Port Forwarding isn't a fun thing to do. 
 
 Am I missing something here?

SaschaOdenthal · Answer

Hi dma0, 
 what you need is a LAN to WAN policy instead. 
 
 Source Zones

LAN 
 
 Add New Item

Source Networks and Devices

XboxOne

During Scheduled Time

All the Time

Destination & Services

Destination Zones

WAN 
 
 Add New Item

Destination Networks

Any

Services

Any

Br, 
 Sascha

Timothy Stewart · Answer

Just create a bypass rule for your Xbox and use NAT. I did on mine and not sure why this won't work in your situation. Even if you get port forwarding working the way you like, eventually you are going to run into an issue with Netflix and other streaming services not connecting if you are scanning for malware on your default network policy.