Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Answers 2 answers
  • Subscribers 34 subscribers
  • Views 145053 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding Xbox Live Services to Xbox One Results 'Strict NAT'.

ChrisLynch

Happy New Year everyone.

I have 2 Business Rules setup on my brand new Sophos XG firewall (Firmware 15.01.0):

 

However, when I do various tests on my Xbox One, it always shows as "NAT Type: Strict".

The UDP Ports are 88, 500, 3074, 3544 and 4500.  TCP Ports are 88 and 3074.

I really wish Sophos would add uPNP support for situations like this.  Yes, I'm fully aware of the security implications of uPNP, but for home users (especially with multiple Xbox's like me), setting up Port Forwarding isn't a fun thing to do.

Am I missing something here?



This thread was automatically locked due to age.
Parents
  • 0

    Thanks for those that have replied.  However, please know that I have used Sophos (formally Astaro) on and off for the past 13+ years.  I asked a question on the original Astaro Community 13 years ago about adding uPNP support.  Yes, what I'm asking about is a feature for home use only, and would never be used in the Enterprise or for  business use.  I'm well aware of that fact.  I don't really want to use another firewall product, as I love the Sophos UI and features offered for other security features that wouldn't be used for online gaming with consoles (Xbox or even Sony).

    That being said, implementing a single NAT rule for outbound connectivity isn't what I'm asking for.  Connecting to Xbox Live Services is certainly outbound, and the default policy is sufficient enough for 1 or more consoles.  The problem is with Multiplayer and Xbox Live Party (XBL) services.  If you never plan on hosting an XBL (for chat and multiplayer gaming), then nothing further must be done.  However, I game a lot and host a lot of XBL parties and multiplayer games.  If NAT Connection is "Strict", which mine is currently, then I can't host XBL Multiplayer game sessions.  Plus, certain games require non-XBL ports to be forwarded (Destiny and Call of Duty games are on the top of the list currently).  This is why a DANT rule is needed.

    Here is the complete Firewall Policy I have configured:

Reply
  • 0

    Thanks for those that have replied.  However, please know that I have used Sophos (formally Astaro) on and off for the past 13+ years.  I asked a question on the original Astaro Community 13 years ago about adding uPNP support.  Yes, what I'm asking about is a feature for home use only, and would never be used in the Enterprise or for  business use.  I'm well aware of that fact.  I don't really want to use another firewall product, as I love the Sophos UI and features offered for other security features that wouldn't be used for online gaming with consoles (Xbox or even Sony).

    That being said, implementing a single NAT rule for outbound connectivity isn't what I'm asking for.  Connecting to Xbox Live Services is certainly outbound, and the default policy is sufficient enough for 1 or more consoles.  The problem is with Multiplayer and Xbox Live Party (XBL) services.  If you never plan on hosting an XBL (for chat and multiplayer gaming), then nothing further must be done.  However, I game a lot and host a lot of XBL parties and multiplayer games.  If NAT Connection is "Strict", which mine is currently, then I can't host XBL Multiplayer game sessions.  Plus, certain games require non-XBL ports to be forwarded (Destiny and Call of Duty games are on the top of the list currently).  This is why a DANT rule is needed.

    Here is the complete Firewall Policy I have configured:

Children
No Data