<

XBox 360 open NAT setup Juniper Netscreen / SSG

Published on
13,405 Points
6,905 Views
Last Modified:
Approved
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment.
natwarning.jpg
These instructions are based on ScreenOS 6.2, but are easily adaptable to devices running versions 5.4 and above.

Setting up requires you to setup custom services, and then create VIP service entries. You can do that via WebUI or CLI (Command Line Interface - Telnet or SSH).

Using WebUI:
1]  Create the custom services
     Go To: Policy > Policy Elements > Services > Custom. Create the following three services

Xbox Live 1 -
    UDP scr port: 0 – 65535 dst port 3074-3074
    TCP scr port: 0 – 65535 dst port 3074-3074
    UDP scr port: 0 – 65535 dst port 88-88
    Timeout Never

Xbox Live 2 -
    UDP scr port: 0 – 65535 dst port 3074-3074
    TCP scr port: 0 – 65535 dst port 3074-3074
    Timeout 30

Xbox Live 3 -
    UDP scr port: 0 – 65535 dst port 88-88
    timeout 30
custom services
2]  On the Untrust Interface create a VIP and then add the services for Xbox Live 2 and Xbox Live 3 pointing to the Xbox’s Static IP address.
     Go To: Network > Interfaces > Edit > VIP/VIP Services > New VIP service

Virtual IP: Untrust IP address
Virtual Port: 3074
Map to Service: Xbox Live 2 (3074)
Map to IP: <Xbox-ip>
Server Auto: False
Click OK
  Repeat for 'Xbox Live 3'
Vip/Vip ServiceNote that you do not do this for Live 1, since all services are already covered by the other two definitions.

3]  Create Security Policy
     Go To: Policy > Policies (From Untrust To Trust) & create a New Policy with the following settings

Name: Xbox_OpenNAT
Source Address: Any
Destination Address: VIP(untrust)
Service XBOX Live 1
Action: Permit
Logging: True
Policy
4]  Enable multiple virtual port creation
     From the console run the following command. You can get to the console by telnet to the trust interface ip or using a console cable.
set vip multi-port 
save
restart

Open in new window


From the Command Line:
set service "XBOX Live 3" protocol udp src-port 0-65535 dst-port 88-88 timeout 30 
set service "XBOX Live 2" protocol udp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 2" + tcp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 2" timeout 30
set service "XBOX Live 1" protocol udp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 1" + tcp src-port 0-65535 dst-port 3074-3074 
set service "XBOX Live 1" + udp src-port 0-65535 dst-port 88-88 
set service "XBOX Live 1" timeout never
set interface untrust vip interface-ip 3074 "XBOX Live 2" 10.160.60.25 manual
set interface untrust vip interface-ip 88 "XBOX Live 3" 10.160.60.25 manual
set address "Trust" "xbox360" 10.160.60.25 255.255.255.255
set policy id 11 from "Untrust" to "Trust"  "Any" "VIP(untrust)" "XBOX Live 1" permit log 
set policy id 11
exit
set vip multi-port
save
restart

Open in new window



credits: http://www.gameskb.com/Uwe/Forum.aspx/xbox-live/1038/Getting-Open-Nat-with-a-Netscreen-5GT-ADSL
credits: http://sangacollins.wordpress.com/networking/xbox-360-open-nat-netscreen/ 

    Succes --- Halo Reach
0
Comment
2 Comments
 
LVL 18

Author Comment

by:Sanga Collins
Thank you, i look forward to your response
0
 

Expert Comment

by:RepublicFinancial
Thanks!!! great directions.
0

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Join & Write a Comment

When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month