Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.
XBox 360 open NAT setup Juniper Netscreen / SSG
Published on
13,405 Points
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment.
natwarning.jpg
These instructions are based on ScreenOS 6.2, but are easily adaptable to devices running versions 5.4 and above.
Setting up requires you to setup custom services, and then create VIP service entries. You can do that via WebUI or CLI (Command Line Interface - Telnet or SSH).
Using WebUI:
1] Create the custom services
Go To: Policy > Policy Elements > Services > Custom. Create the following three services
Xbox Live 1 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
UDP scr port: 0 – 65535 dst port 88-88
Timeout Never
Xbox Live 2 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
Timeout 30
Xbox Live 3 -
UDP scr port: 0 – 65535 dst port 88-88
timeout 30
2] On the Untrust Interface create a VIP and then add the services for Xbox Live 2 and Xbox Live 3 pointing to the Xbox’s Static IP address.
Go To: Network > Interfaces > Edit > VIP/VIP Services > New VIP service
Virtual IP: Untrust IP address
Virtual Port: 3074
Map to Service: Xbox Live 2 (3074)
Map to IP: <Xbox-ip>
Server Auto: False
Click OK
Repeat for 'Xbox Live 3'
Note that you do not do this for Live 1, since all services are already covered by the other two definitions.
3] Create Security Policy
Go To: Policy > Policies (From Untrust To Trust) & create a New Policy with the following settings
Name: Xbox_OpenNAT
Source Address: Any
Destination Address: VIP(untrust)
Service XBOX Live 1
Action: Permit
Logging: True
4] Enable multiple virtual port creation
From the console run the following command. You can get to the console by telnet to the trust interface ip or using a console cable.
From the Command Line:
credits: http://www.gameskb.com/Uwe/Forum.aspx/xbox-live/1038/Getting-Open-Nat-with-a-Netscreen-5GT-ADSL
credits: http://sangacollins.wordpress.com/networking/xbox-360-open-nat-netscreen/
natwarning.jpg
These instructions are based on ScreenOS 6.2, but are easily adaptable to devices running versions 5.4 and above.
Setting up requires you to setup custom services, and then create VIP service entries. You can do that via WebUI or CLI (Command Line Interface - Telnet or SSH).
Using WebUI:
1] Create the custom services
Go To: Policy > Policy Elements > Services > Custom. Create the following three services
Xbox Live 1 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
UDP scr port: 0 – 65535 dst port 88-88
Timeout Never
Xbox Live 2 -
UDP scr port: 0 – 65535 dst port 3074-3074
TCP scr port: 0 – 65535 dst port 3074-3074
Timeout 30
Xbox Live 3 -
UDP scr port: 0 – 65535 dst port 88-88
timeout 30
2] On the Untrust Interface create a VIP and then add the services for Xbox Live 2 and Xbox Live 3 pointing to the Xbox’s Static IP address.
Go To: Network > Interfaces > Edit > VIP/VIP Services > New VIP service
Virtual IP: Untrust IP address
Virtual Port: 3074
Map to Service: Xbox Live 2 (3074)
Map to IP: <Xbox-ip>
Server Auto: False
Click OK
Note that you do not do this for Live 1, since all services are already covered by the other two definitions.3] Create Security Policy
Go To: Policy > Policies (From Untrust To Trust) & create a New Policy with the following settings
Name: Xbox_OpenNAT
Source Address: Any
Destination Address: VIP(untrust)
Service XBOX Live 1
Action: Permit
Logging: True
4] Enable multiple virtual port creation
From the console run the following command. You can get to the console by telnet to the trust interface ip or using a console cable.
set vip multi-port
save
restart
From the Command Line:
set service "XBOX Live 3" protocol udp src-port 0-65535 dst-port 88-88 timeout 30
set service "XBOX Live 2" protocol udp src-port 0-65535 dst-port 3074-3074
set service "XBOX Live 2" + tcp src-port 0-65535 dst-port 3074-3074
set service "XBOX Live 2" timeout 30
set service "XBOX Live 1" protocol udp src-port 0-65535 dst-port 3074-3074
set service "XBOX Live 1" + tcp src-port 0-65535 dst-port 3074-3074
set service "XBOX Live 1" + udp src-port 0-65535 dst-port 88-88
set service "XBOX Live 1" timeout never
set interface untrust vip interface-ip 3074 "XBOX Live 2" 10.160.60.25 manual
set interface untrust vip interface-ip 88 "XBOX Live 3" 10.160.60.25 manual
set address "Trust" "xbox360" 10.160.60.25 255.255.255.255
set policy id 11 from "Untrust" to "Trust" "Any" "VIP(untrust)" "XBOX Live 1" permit log
set policy id 11
exit
set vip multi-port
save
restart
credits: http://www.gameskb.com/Uwe/Forum.aspx/xbox-live/1038/Getting-Open-Nat-with-a-Netscreen-5GT-ADSL
credits: http://sangacollins.wordpress.com/networking/xbox-360-open-nat-netscreen/
Featured Post
Join & Write a Comment Already a member? Login.
Suggested Articles
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Watch this online video tutorial and learn the best way to reduce Outlook mailbox size using Compact Now feature of Outlook. It removes the deletes item's space from Microsoft Outlook 2016, 2013, and 2010 and compresses the PST file size. This will …
Suggested Courses
Next Article:Network Traffic Routing in Sonicwall