XBox 360 open NAT setup Juniper Netscreen / SSG: xbox 360 open NAT netscreen, xbox NAT netscreen, xbox 360 open NAT ssg, xbox NAT ssg

Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment.

natwarning.jpg

30 KB
nat warning

These instructions are based on ScreenOS 6.2, but are easily adaptable to devices running versions 5.4 and above.

Setting up requires you to setup custom services, and then create VIP service entries. You can do that via WebUI or CLI (Command Line Interface - Telnet or SSH).

Using WebUI:
1] Create the custom services
Go To: Policy > Policy Elements > Services > Custom. Create the following three services

Xbox Live 1 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
UDP scr port: 0 – 65535 dst port 88-88
Timeout Never

Xbox Live 2 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
Timeout 30

Xbox Live 3 -
UDP scr port: 0 – 65535 dst port 88-88
timeout 30

Picture-2.png

37 KB
custom services

2] On the Untrust Interface create a VIP and then add the services for Xbox Live 2 and Xbox Live 3 pointing to the Xbox’s Static IP address.
Go To: Network > Interfaces > Edit > VIP/VIP Services > New VIP service

Virtual IP: Untrust IP address
Virtual Port: 3074
Map to Service: Xbox Live 2 (3074)
Map to IP: <Xbox-ip>
Server Auto: False
Click OK

Repeat for 'Xbox Live 3'

Picture-1.png

24 KB
Vip/Vip Service

Note that you do not do this for Live 1, since all services are already covered by the other two definitions.

3] Create Security Policy
Go To: Policy > Policies (From Untrust To Trust) & create a New Policy with the following settings

Name: Xbox_OpenNAT
Source Address: Any
Destination Address: VIP(untrust)
Service XBOX Live 1
Action: Permit
Logging: True

Picture-3.png

18 KB
Policy

4] Enable multiple virtual port creation
From the console run the following command. You can get to the console by telnet to the trust interface ip or using a console cable.

set vip multi-port 
save
restart

1:
2:
3:

Select all Open in new window

From the Command Line:

set service "XBOX Live 3" protocol udp src-port 0-65535 dst-port 88-88 timeout 30 
set service "XBOX Live 2" protocol udp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 2" + tcp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 2" timeout 30
set service "XBOX Live 1" protocol udp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 1" + tcp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 1" + udp src-port 0-65535 dst-port 88-88 
set service "XBOX Live 1" timeout never
set interface untrust vip interface-ip 3074 "XBOX Live 2" 10.160.60.25 manual
set interface untrust vip interface-ip 88 "XBOX Live 3" 10.160.60.25 manual
set address "Trust" "xbox360" 10.160.60.25 255.255.255.255
set policy id 11 from "Untrust" to "Trust"  "Any" "VIP(untrust)" "XBOX Live 1" permit log 
set policy id 11
exit
set vip multi-port
save
restart

1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:

Select all Open in new window

credits: http://www.gameskb.com/Uwe/Forum.aspx/xbox-live/1038/Getting-Open-Nat-with-a-Netscreen-5GT-ADSL
credits: http://sangacollins.wordpress.com/networking/xbox-360-open-nat-netscreen/

photo.JPG

90 KB
Succes --- Halo Reach

Gain Access to all our Tech Resources

Get personalized answers

Ask unlimited questions

Access Proven Solutions

Search 3.2 million solutions

Read In-Depth How-To Guides

1000+ articles, demos, & tips

Watch Step by Step Tutorials

Learn direct from top tech pros

And Much More!

Your complete tech resource

30-day free trial. Register in 60 seconds.

XBox 360 open NAT setup Juniper Netscreen / SSG

xbox 360 open NAT netscreen

xbox NAT netscreen

xbox 360 open NAT ssg

xbox NAT ssg

Networking Hardware Firewalls

About The Author

Comments

Add your Comment

Join Experts Exchange Today