Port Forwarding Xbox Live Services to Xbox One Results 'Strict NAT'.

Just create a bypass rule for your Xbox and use NAT. I did on mine and not sure why this won't work in your situation. Even if you get port forwarding working the way you like, eventually you are going to run into an issue with Netflix and other streaming services not connecting if you are scanning for malware on your default network policy.

Ah, I see. 2 Xbox One's on the same network. Yeah, I think your only hope is UPnP. I don't think you solve this with port forwarding, at least according to tons of posts on this issue all over the web.

I am not sure if chat, party works or not all I know is my 3 kids have not complained about something not working. Even if something was not working I would not allow any gaming console to dictate how lax my network security has to be, That said I would simply put the consoles on there own separate network so my important network stays secure.

Correct. uPNP is REQUIRED for multiple Consoles (regardless if Xbox or PlayStation) to support multiplayer gaming and game chat.

I am sorry but I don't understand what your saying here. I have 3 XBox here behind XG and I don't have any port forwarding rules created and they work fine even 'call of duty' The only thing I did was create a policy for gaming and disable http & https scanning and turn off the 'web filter' and everything seems to be working fine.

Go to your Xbox One, All Settings, select Network then Network Settings. What is the NAT Type on your console? If you aren't doing any Port Forwarding, it will be 'Strict', which both of my consoles report. Which means you will have connectivity problems to Multiplayer (especially if YOU are hosting a match, i.e. you are the leader of the Xbox Live Party) and even with XBL Chat with a party. This is a fact on how connectivity works, especially with multiple consoles on the same network, sharing the same Internet Connection.

Chris, Your request is absolute opposite to XG goals. I don't think they will ever add UPNP to XG.

You can do something different. Buy a router which you will be able to reflash to OpenWRT or is advanced enough to support static routing. Connect the router to the ISP and put XBoxes on that network. Then connect XG to the network but don't use NAT, just static routing. You will end up with two network segments. One for gaming and the second secure where you can put your more valuable resources. This will be a little bit more expensive but I think it is reasonable trade-off.

I agree with everything you say. There is no way Sophos would ever add UPnP and for good reason. Just hang one router off a DMZ of the other router and call it a day. This is what I do with FiOs and it works great however I don't do any VPN and I have heard 'double NAT' can cause problems with 'double NAT' but not for all.

Sorry, but DD-WRT is not maintained very well, and I have had challenges with it in my fast experience with firewalls of all sizes (Cisco PIX/AS, Netscreen, Astaro, Watchgaurd, Checckpoint, DD-/Open-WRT, IPCOP, etc.) I also disagree with your assertion that some security vendor should never do something people obviously want. The request for uPNP support on Sophos' UserVoice site has quite a large number of up votes. And no average home user will ever want to buy multiple firewall/UTM devices. That isn't practical, let alone realistic.

It is sad to see the negatively around this feature. Heck, pfSense (which is what I have replaced Sophos AG with BTW), supports uPNP, and is aimed at Commercial AND Home use. Plus, it has two nifty security feature for those of you saying uPNP should never be implemented: 'By default deny access to UPnP & NAT-PMP' and 'User specified permissions'.

So yes, I have moved on from Sophos. I would have really liked to use the product, and would even pay for a home user license that had home user specific features.

Chris - you should read the post carefully. I didn't mention DD-WRT, but OpenWRT and it is maintained quite well. Of course you always will have some challenges so you have with Sophos XG.

And... there is no negative voice about the feature request just cold reasoning. XG is not an OpenSource product like pfSense. It is commercial product targeted at Businesses and Enterprises and they really don't need UPNP. Sophos is not making any money from home XG users so I don't think they will invest time in implementing and testing such a feature.

I agree that there are some folks who would pay for such an advanced home router but I doubt it would be a commercial success. The device which would be powerful enough to support modern home use (100Mbps to 1Gbps Internet link), fast WiFi cost about 2-3 times more than most advanced home routers based on ARM platform. So if you think that no home user will buy multiple firewall devices why do you think he would buy one but at 3x price ?

Sorry that should of said Asus router NOT Ausus

Sorry that should of said Asus router NOT Ausus