Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 31 replies
  • Answers 2 answers
  • Subscribers 34 subscribers
  • Views 145059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port Forwarding Xbox Live Services to Xbox One Results 'Strict NAT'.

ChrisLynch

Happy New Year everyone.

I have 2 Business Rules setup on my brand new Sophos XG firewall (Firmware 15.01.0):

 

However, when I do various tests on my Xbox One, it always shows as "NAT Type: Strict".

The UDP Ports are 88, 500, 3074, 3544 and 4500.  TCP Ports are 88 and 3074.

I really wish Sophos would add uPNP support for situations like this.  Yes, I'm fully aware of the security implications of uPNP, but for home users (especially with multiple Xbox's like me), setting up Port Forwarding isn't a fun thing to do.

Am I missing something here?



This thread was automatically locked due to age.
Parents
  • 0
    Just create a bypass rule for your Xbox and use NAT. I did on mine and not sure why this won't work in your situation. Even if you get port forwarding working the way you like, eventually you are going to run into an issue with Netflix and other streaming services not connecting if you are scanning for malware on your default network policy.
  • 0 in reply to Timothy Stewart

    Hmmm. Was trying to setup a rule along the lines that you and Big Ray had mentioned, but don't seem to be having much luck. I've included a screenshot of the policy I created. Would it be possible to trouble you for your thoughts as to what I might be doing wrong?

     

    Just create a bypass rule for your Xbox and use NAT. I did on mine and not sure why this won't work in your situation. Even if you get port forwarding working the way you like, eventually you are going to run into an issue with Netflix and other streaming services not connecting if you are scanning for malware on your default network policy.

     

  • +1 in reply to dma0

    Hi dma0,

    what you need is a LAN to WAN policy instead. 

     

    Source Zones

    • LAN
    Add New Item 
    Source Networks and Devices
    • XboxOne
     
    During Scheduled Time
    All the Time 
     
    Destination & Services
    Destination Zones
    • WAN
    Add New Item 
    Destination Networks
    • Any
     
    Services
    • Any
     
    Br, 
    Sascha
  • 0 in reply to SaschaOdenthal

    Thanks very much Sascha. As it turns out I found this same solution suggested on another thread. I suppose I still need to get my head around how rules work in XG, as it seems to take a somewhat different approach as compared to UTM9.

    This solution worked perfectly, though my preference would have been to try to limit to the specific ports required (which I tried based on the ports identified on the XBox site, but which didn't seem to work).

Reply
  • 0 in reply to SaschaOdenthal

    Thanks very much Sascha. As it turns out I found this same solution suggested on another thread. I suppose I still need to get my head around how rules work in XG, as it seems to take a somewhat different approach as compared to UTM9.

    This solution worked perfectly, though my preference would have been to try to limit to the specific ports required (which I tried based on the ports identified on the XBox site, but which didn't seem to work).

Children
No Data