Xbox Live Frequently Disconnects on Watchguard Firewall

I've finally joined the ranks of Xbox 360 owners.  I got my 360 just before the New Xbox Experience launched in November '08.  I have a Watchguard Firebox III 700 installed on my network at home.  (The 360's network test shows my firewall to be 'Strict'.  I believe the firewall also uses Stateful Packet Inspection (SPI) technology.)  When I connect to Xbox Live (either before or after the NXE) I get disconnected within a few minutes usually.  Sometimes I can stay connected for an hour or so, but eventually I will get disconnected.  Doesn't matter what I'm doing.  I can be actively downloading from the Xbox Marketplace, sitting at the Dashboard, watching a Netflix video, or playing a game.  I hardly use it because it's so frustrating.  It seems like I spend more time re-connecting that I do actually using the console.  I know this is not a new problem and that several other people have the same problem.  I've already done the Google searches.  My original Xbox never had this problem (but... I wasn't using this model of a Watchguard firewall.  I was using a Watchguard SOHO firewall.)  So, I've been to Microsoft's support pages and learned what ports I need to forward.  I've done that.  I can see that the firewall is passing these ports to my Xbox 360 on the inside of my network.  Then, for no apparent reason... Disconnected.  When my 360 is on the inside of the network, it can see my PCs and stream media from them.  I really like being able to do that because I have about 1TB of videos and music that I can access from my 360.  Microsoft says to use an Xbox Live compatible router/firewall.  I think this is an unacceptable answer/solution.  Why can't they just tell me how to configure my device or fix their protocol issues?  Other people suggest making the 360 a DMZ host.  If I use a Linksys router, I see how to easily do that.  It looks like the router/firewall is just making an 'Any' rule from the outside to the IP of the 360 on the inside.  This seems great because my 360 would still be using a private IP on my network and therefore still be able to access the media on my PCs.  The Watchguard firewall, has an Optional interface that I guess is used for this purpose.  I've configured the 360 to run on a different subnet on that Optional interface.  Since it's now on a different subnet, it can't see my PCs anymore (I can live with that, I suppose.  I'll just move the cable to the internal network when I want my 360 to access my PCs.)  I've created an 'Any' rule between the 360's new IP (on the Optional interface) and the Internet (at least I think I did it right).  The 360 can still connect to Xbox Live, but I STILL have the same disconnect issues.  WHAT, can I do?  I'm about to get Wire Shark out and start 'sniffing' the wire, inside and outside, and see where the breakdown is.  I've read about alot of people that have this issue, but I haven't heard of anyone actually putting a protocol analyzer onto this problem.  I recently resolve a problem at my office between two phone switches that were talking IP with each other across the country.  The breakdown there was that sometimes the far-end device would answer back using a different destination port than the originating system specified.  Does anyone have any suggestions?  Is it possible to create a Linksys-type of DMZ Host (on the inside of the network) with a Watchguard Firebox?